PrediBall is a prediction game for football matches — friends form
groups, submit predictions for upcoming fixtures (the FIFA World Cup,
UEFA Champions League, and other competitions), and compete on a
leaderboard. This policy explains what data we collect, why we
collect it, and what your rights are. We aim to collect the minimum
needed to make the app work.
What we collect
-
Account info. Email address and display name when
you sign up, plus a password hash managed by Firebase
Authentication. We never store your raw password. If you sign in
with Google, we receive your Google profile name and email; we do
not access any other Google data.
-
Profile preferences. Optional choices you add to
your profile, such as a favorite World Cup team. These are shown to
other players (see "Public profile and global leaderboards" below).
Providing them is never required, and you can change or remove them
at any time.
-
Group activity. Groups you belong to, your role
in each group, the predictions you submit (match scores, results,
advance picks), your answers to admin-authored questions, and your
leaderboard position within each group's competition. This is the
data the app needs to function.
-
Notification tokens. If you turn on push
notifications, your device or browser provides a notification token
(through Firebase Cloud Messaging) that we store, along with the
platform (web, iOS, or Android), so we can send the alerts you opt
into, such as a reminder that a prediction deadline is approaching.
Turning notifications off or signing out deletes the token.
-
Diagnostic data. Server logs (timestamps, IP
address, error traces) are kept by Firebase for security and
reliability. The app also reports unhandled errors — message,
stack trace, page URL, browser/device, and a short user identifier
— to a private logging endpoint so we can fix bugs that affect
real users. URLs are sanitized (query parameters stripped, long
identifiers redacted) before they reach the log. We also keep
operational logs of key in-app actions, such as saving a
prediction, which include a pseudonymous account identifier and
technical details like which competition and match, the outcome,
and timing. We never log the content of your predictions
themselves (your actual picks are not written to these logs).
-
Usage analytics. We use Google Analytics for
Firebase to measure a small set of events about how the app is
used, such as when an account is created, when you submit a
prediction, and how you interact with in-app messages and
features, together with the basic session and device information
the analytics SDK collects automatically. This helps us understand
how people use PrediBall and whether the people we reach go on to
play. We do not use analytics to track you across other websites
or to build an advertising profile.
Why we collect it
- To provide core app features: authentication, group membership, predictions, leaderboards, and competition scoring.
- To detect and prevent abuse (spam joining, unauthorized data access).
- To keep the service safe: reviewing reports about content or users, and moderating content (such as group names, descriptions, and display names) that may violate our terms.
- To deliver the notifications you choose to turn on, such as a reminder that a prediction deadline is approaching.
- To send you occasional service messages at your account email, such as a reminder that a competition is about to lock or that a new game has started. You can opt out of these at any time using the unsubscribe link in the email.
- To measure whether our marketing reaches people who go on to use the app (the conversion analytics described above).
We do not sell your data, share it with advertisers, or use it to
build a profile of you outside the app. PrediBall does not run
advertising SDKs, and does not track you across other apps or
websites, beyond the in-app usage analytics and diagnostic logging
described above.
Who can see your data
PrediBall groups have three roles, each with progressively more
visibility into the group's data:
-
Members can see your display name, your role
label, and your current leaderboard standing in the group's
competitions.
-
Admins see everything members see plus group
management surfaces: editing the group's competitions, importing
fixtures, authoring questions, configuring point profiles, and
removing members.
-
Owners see everything admins see plus group-level
controls: deleting the group, regenerating the invite code, and
promoting or demoting admins. The owner is the user who created
the group; there is exactly one per group.
Public profile and global leaderboards
Some surfaces reach beyond a single group. Your display name and your
standing appear on the Global PrediBall League leaderboard and the
Daily Trivia leaderboard, both of which any player can join and view.
If you pick a favorite team, its flag appears next to your name
wherever you show up on a leaderboard, including those global ones. A
favorite team is an ordinary, optional preference (not sensitive
personal data) that you can clear at any time from the app drawer.
Predictions visibility
Each competition has a public predictions setting
that group admins control. Your predictions and question answers
stay private until a fixture's deadline has passed; what happens
after the deadline depends on this setting:
-
Public predictions OFF (the default). Other
members can see that you submitted a prediction and how
many points you scored, but not what you picked. Only
you can see your specific prediction for each fixture.
-
Public predictions ON. Once the deadline has
passed, other members of that group can see your specific
predictions for that competition's fixtures (the score, result,
or advance pick you submitted) and your question answers
alongside your leaderboard row.
You will know which mode a competition is in from the group's
competition settings. The setting can be changed by admins at any
time and applies to fixtures whose deadline has already passed as
well as future ones. Predictions submitted before the
deadline are always private until the deadline elapses, regardless
of this setting.
Outside the group, your data is shared with:
-
Service providers. PrediBall is built on Google
Firebase (Authentication, Firestore, Cloud Functions, Hosting,
Cloud Logging). Firebase processes your data on our behalf under
Google's privacy terms. We also use API-Football to fetch fixture
schedules, scores, lineups, and statistics; only the public
identifiers of the fixtures you view are sent to that provider,
not any of your personal information.
-
Legal requirements. We may disclose data when
legally compelled (subpoena, court order). We will tell you when
permitted to.
Content you create and moderation
Some of the information visible to other players is content you
author: your display name and, if you create or help manage a
group, that group's name and description. This content is shown to
other users as described above, so avoid putting anything private
or sensitive (such as your email or phone number) in those fields.
We are not obligated to monitor content, but we may review, remove,
restrict, or rename content that violates our
terms or is harmful to other users. If you
report content or another user, using the in-app Report option where
available or by emailing
support@prediball.app,
we process the information in your report, including the reported
content, so we can review and act on it, and we keep a record of the
report and any action taken.
Your rights
-
Access and export. Email us and we'll send you a
copy of your personal data within 30 days.
-
Correction. You can edit your display name from
the in-app profile screen, and change or clear your favorite team
from the app drawer, at any time.
-
Leaving a group. You can leave any group at any
time from the app drawer. Your predictions, leaderboard position,
and question answers in that group are removed immediately. If you
are the group's owner, leaving transfers ownership to another
member (or, if you are the only member, deletes the group
entirely).
-
Account deletion. This is distinct from leaving a
group. You can delete your account at any time from inside the app:
Profile → Delete account. We remove your
authentication record, email, password hash, and personal profile
immediately; you can no longer log in. Your predictions and answers
in every group you belonged to are removed, and any feedback you
sent through the in-app feedback form is anonymized. If you cannot
access the app, email
support@prediball.app
and we will process the deletion within 30 days as required by
GDPR.
Children
PrediBall is intended for general audiences. We do not knowingly
collect data from children under 13. If you believe a child has
registered, contact us and we will delete the account.
Data retention
We keep your data for as long as your account is active. Closed
accounts are deleted within 30 days of request. Server diagnostic
logs are retained for up to 90 days for operational and security
purposes.
Security
Data in transit is encrypted via HTTPS. Data at rest is encrypted by
Firebase. Access to production data is restricted to the developer
account holder. We patch dependencies regularly. No system is
perfectly secure — if you spot a vulnerability, please report it
responsibly to the email below.
Changes to this policy
We may update this policy as the app evolves. Material changes will
be announced inside the app and the effective date above will be
updated. Continued use of PrediBall after a change constitutes
acceptance of the new policy.
Contact
Questions, requests, or concerns:
support@prediball.app