PrediBall is a prediction game for football matches — friends form
groups, submit predictions for upcoming fixtures (the FIFA World Cup,
UEFA Champions League, and other competitions), and compete on a
leaderboard. This policy explains what data we collect, why we
collect it, and what your rights are. We aim to collect the minimum
needed to make the app work.
What we collect
-
Account info. Email address and display name when
you sign up, plus a password hash managed by Firebase
Authentication. We never store your raw password. If you sign in
with Google, we receive your Google profile name and email; we do
not access any other Google data.
-
Group activity. Groups you belong to, your role
in each group, the predictions you submit (match scores, results,
advance picks), your answers to admin-authored questions, and your
leaderboard position within each group's competition. This is the
data the app needs to function.
-
Diagnostic data. Server logs (timestamps, IP
address, error traces) are kept by Firebase for security and
reliability. The app also reports unhandled errors — message,
stack trace, page URL, browser/device, and a short user identifier
— to a private logging endpoint so we can fix bugs that affect
real users. URLs are sanitized (query parameters stripped, long
identifiers redacted) before they reach the log.
Why we collect it
- To provide core app features: authentication, group membership, predictions, leaderboards, and competition scoring.
- To detect and prevent abuse (spam joining, unauthorized data access).
We do not sell your data, share it with advertisers, or use it to
build a profile of you outside the app. PrediBall does not currently
run advertising SDKs or analytics products beyond the diagnostic
logging described above.
Who can see your data
PrediBall groups have three roles, each with progressively more
visibility into the group's data:
-
Members can see your display name, your role
label, and your current leaderboard standing in the group's
competitions.
-
Admins see everything members see plus group
management surfaces: editing the group's competitions, importing
fixtures, authoring questions, configuring point profiles, and
removing members.
-
Owners see everything admins see plus group-level
controls: deleting the group, regenerating the invite code, and
promoting or demoting admins. The owner is the user who created
the group; there is exactly one per group.
Predictions visibility
Each competition has a public predictions setting
that group admins control. Your predictions and question answers
stay private until a fixture's deadline has passed; what happens
after the deadline depends on this setting:
-
Public predictions OFF (the default). Other
members can see that you submitted a prediction and how
many points you scored, but not what you picked. Only
you can see your specific prediction for each fixture.
-
Public predictions ON. Once the deadline has
passed, other members of that group can see your specific
predictions for that competition's fixtures (the score, result,
or advance pick you submitted) and your question answers
alongside your leaderboard row.
You will know which mode a competition is in from the group's
competition settings. The setting can be changed by admins at any
time and applies to fixtures whose deadline has already passed as
well as future ones. Predictions submitted before the
deadline are always private until the deadline elapses, regardless
of this setting.
Outside the group, your data is shared with:
-
Service providers. PrediBall is built on Google
Firebase (Authentication, Firestore, Cloud Functions, Hosting,
Cloud Logging). Firebase processes your data on our behalf under
Google's privacy terms. We also use API-Football to fetch fixture
schedules, scores, lineups, and statistics; only the public
identifiers of the fixtures you view are sent to that provider,
not any of your personal information.
-
Legal requirements. We may disclose data when
legally compelled (subpoena, court order). We will tell you when
permitted to.
Your rights
-
Access and export. Email us and we'll send you a
copy of your personal data within 30 days.
-
Correction. You can edit your display name from
the in-app profile screen at any time.
-
Leaving a group. You can leave any group at any
time from the app drawer. Your predictions, leaderboard position,
and question answers in that group are removed immediately. If you
are the group's owner, leaving transfers ownership to another
member (or, if you are the only member, deletes the group
entirely).
-
Account deletion. This is distinct from leaving a
group. You can delete your account at any time from inside the app:
Profile → Delete account. We remove your
authentication record, email, password hash, and personal profile
immediately; you can no longer log in. Your predictions and answers
in every group you belonged to are removed, and any feedback you
sent through the in-app feedback form is anonymized. If you cannot
access the app, email
support@prediball.app
and we will process the deletion within 30 days as required by
GDPR.
Children
PrediBall is intended for general audiences. We do not knowingly
collect data from children under 13. If you believe a child has
registered, contact us and we will delete the account.
Data retention
We keep your data for as long as your account is active. Closed
accounts are deleted within 30 days of request. Server diagnostic
logs are retained for up to 90 days for operational and security
purposes.
Security
Data in transit is encrypted via HTTPS. Data at rest is encrypted by
Firebase. Access to production data is restricted to the developer
account holder. We patch dependencies regularly. No system is
perfectly secure — if you spot a vulnerability, please report it
responsibly to the email below.
Changes to this policy
We may update this policy as the app evolves. Material changes will
be announced inside the app and the effective date above will be
updated. Continued use of PrediBall after a change constitutes
acceptance of the new policy.
Contact
Questions, requests, or concerns:
support@prediball.app