This policy describes how AppCreativ ("we", "the app", or "SportTrack") handles personal information collected when you use the SportTrack mobile application (package com.sporttrack.app). By using the app, you accept the practices described here.
1. Information We Collect
1.1 Account information
- Email and password: upon sign up. Passwords are stored hashed by Supabase Auth.
- Username and avatar (optional).
1.2 Device identifiers
- Push notification token (Expo Push Token, backed by Firebase Cloud Messaging on Android and APNs on iOS) — to send you match notifications.
- Google Advertising ID (GAID) — used by Google AdMob for ads and conversion tracking. You can reset it or limit it in your device settings.
- Device platform and model (iOS / Android, e.g. "SM-G991B") — for diagnostics and compatibility.
1.3 Usage preferences
- Teams, leagues and players you follow.
- Language, theme (light/dark), notification preferences.
- In-app interaction history (matches opened, news read) — only to personalize content.
1.4 Advertising data
If you see ads in the app (free tier), Google AdMob may collect:
- Advertising identifiers (GAID or IDFA).
- Ad interaction events (impressions, clicks).
- Approximate location (country level, via IP address).
More information in Google's advertising policy.
1.5 In-app purchases (Premium subscription)
When Premium is active, purchases are processed exclusively through Google Play Billing. We receive a purchase token and subscription status, but never receive your payment information (card details, etc.). That is handled by Google directly.
1.6 What we DO NOT collect
- We do not read your contacts, photos, messages, or device files.
- We do not access microphone or camera.
- We do not request or track precise GPS location.
- We do not sell your data to third parties.
2. How We Use Your Information
- Functionality: authenticate your account, sync your followed teams, send match notifications.
- Personalization: show you results, news, and stats relevant to your teams.
- Service improvement: analyze aggregate usage (crashes, errors) to improve stability.
- Advertising: show relevant ads to free-tier users (via AdMob).
- Legal communication: notify you of important changes in the app or this policy.
3. Sharing Information with Third Parties
We only share data with providers strictly necessary to operate the app:
- Supabase (database + authentication) — stores your account, followed teams, and preferences. Hosted in the U.S. Supabase Policy
- Google Firebase / FCM — push notification delivery. Firebase Policy
- Google AdMob — ads for free tier. AdMob Policy
- Google Play Billing — Premium subscription processing. Play Terms
- Expo (dev platform and push relay) — push notification relay. Expo Policy
- API-Football and TheSportsDB — sports data providers. They do not receive your personal information; we only consume their APIs to display results to you.
We do not sell your personal data to third parties for marketing.
4. Your Rights (GDPR / CCPA)
You have the right to:
- Access the personal data we hold about you.
- Rectify incorrect data.
- Delete your account and all your data (the app includes a "Delete Account" button in Settings → Account).
- Export your data in readable format (email us).
- Object to advertising processing (in device settings: "Limit Ad Tracking" / "Reset Advertising ID").
- Withdraw consent at any time by uninstalling the app.
To exercise any of these rights, write to josephbarquero44@gmail.com. We respond within 30 days.
5. Data Retention
- We keep your data while your account is active.
- If you delete your account, we erase all personal data within 30 days.
- Anonymous and aggregated logs (without personal identifiers) may be retained for analysis up to 12 months.
- Information required by law (e.g. payment receipts) is retained for the legally required time.
6. Security
We apply reasonable measures to protect your data:
- Encryption in transit (HTTPS/TLS).
- Encryption at rest in Supabase.
- Hashed passwords (never plain text).
- Role-restricted access (Row Level Security at the database level).
No system is 100% secure. If you find a vulnerability, report it to josephbarquero44@gmail.com.
7. Children (under 13)
SportTrack is not directed at children under 13 years old. We do not knowingly collect personal information from children under 13. If you discover that a child has sent us information, contact us so we can delete it.
8. International Transfers
Your data is processed primarily on servers in the United States (Supabase, Google). If you reside in the European Union or another jurisdiction with restricted transfer laws, our providers comply with EU Standard Contractual Clauses or other equivalent mechanisms.
9. Changes to This Policy
We may update this policy. If changes are substantial, we will notify you via push notification or email at least 7 days before applying them. The "Last updated" date at the top always reflects the current version.
10. Contact
Data controller: AppCreativ