Privacy Policy

This Privacy Policy describes how BetFollow ("we," "us," or "our") collects, uses, stores, and protects your information when you use the BetFollow mobile application ("App"). By using the App, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for account creation)
• Display name (provided by you or imported from Google Sign-In)
• Profile photo URL (if you sign in with Google)
• Nickname (auto-generated at signup, editable by you)

1.2 Authentication Data

Authentication is managed by Firebase Authentication (a Google service). We store your Firebase user identifier to link your authentication to your BetFollow profile. We do NOT store your password — password management is handled entirely by Firebase.

1.3 App Usage Data

When you use the App, we automatically collect:

• Virtual betting session data (BFT balances, ticket details, simulated outcomes)
• Leaderboard statistics derived from your simulated activity
• Social interactions (follow requests, follow approvals)
• AI feature usage counts (to manage rate limits)
• Preferences (followed leagues, UI settings)

1.4 Device and Technical Data

We may collect technical information including:

• Device push notification token (Firebase Cloud Messaging token) for delivering notifications you opt into
• IP address (automatically logged by our cloud infrastructure)
• General device information transmitted in standard HTTP requests

1.5 Information We Do NOT Collect

We want to be clear about what we do NOT collect:

• Financial information (no credit cards, bank accounts, or payment details)
• Precise location data (no GPS tracking)
• Contacts or address book
• Photos, camera, or microphone data
• Browsing history outside the App
• Health or biometric data
• Behavioral analytics or advertising identifiers

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account management: To create and maintain your account, authenticate your identity, and provide customer support
• App functionality: To operate the App's core features including virtual betting sessions, leaderboards, and social features
• Notifications: To send push notifications you have opted into (e.g., ticket results, follow requests)
• Content moderation: To enforce our Terms and Conditions, including automated nickname screening
• Rate limiting: To manage fair usage of AI-powered features
• Service improvement: To diagnose technical issues and improve the App

We do NOT use your information for advertising, targeted marketing, or user profiling for commercial purposes. We do NOT sell your data.

3. Information Visible to Other Users

BetFollow includes social features. Here is what other users can see:

Public (visible to all users):

• Your nickname (searchable by other users)
• Your leaderboard ranking and statistics (PnL, ROI, win rate, streak — all simulated/virtual)

Visible to approved followers only:

• Your display name and profile photo
• Your simulated tickets and session activity
• Your follower and following lists

Private (never visible to other users):

• Your email address
• Your followed leagues and preferences
• Your device token and technical data

The follow system requires approval — other users cannot see your detailed activity unless you approve their follow request.

4. Third-Party Services

We use the following third-party services to operate the App:

Firebase (Google)

Used for authentication (account creation, login) and push notifications. Firebase processes your email, display name, and device token. Firebase's privacy policy: https://firebase.google.com/support/privacy

Google Cloud Platform

Our backend infrastructure runs on Google Cloud. Server logs may contain IP addresses and request metadata. Google Cloud's privacy policy: https://cloud.google.com/terms/cloud-privacy-notice

AI Services

Used to generate match analysis, news summaries, and to moderate user-generated content (nicknames). When you use AI-powered features, sports data and your nickname (for moderation) may be processed by our AI provider. No other personal data is sent to these services.

Sports Data Providers

We use third-party APIs to obtain match fixtures, scores, odds, and statistics. No personal user data is shared with these providers — only anonymous API requests for sports data.

We do NOT use any advertising networks, analytics trackers, or data brokers. We do NOT share your personal data for advertising purposes.

5. Data Storage and Security

Your data is stored on secure servers hosted by Google Cloud Platform in the European Union (europe-west1 region). We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS for all communications)
• Encrypted database connections
• Authentication via Firebase with industry-standard security
• Secret management via Google Secret Manager
• Access controls limiting who can access production systems

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the App's services. Specifically:

• Account data: Retained until you request account deletion
• Session and ticket data: Retained for the lifetime of your account to maintain leaderboard integrity
• AI usage data: Daily counters that reset automatically each day
• Cached sports data: Automatically pruned on a regular basis
• Server logs: Retained in accordance with Google Cloud's default log retention policies

When you delete your account:

• All personal information (name, email, photo) is anonymized immediately
• A one-way cryptographic hash of your email is stored to enable account reactivation
• Social connections (followers, following) and leaderboard rankings are permanently deleted
• Pending tickets are cancelled with a 50% refund to your session balance
• Non-identifiable data (betting history, session records) is retained in anonymized form

If you sign up again with the same email address, your previous account will be reactivated with your existing session balance and betting history. Social connections and leaderboard rankings are not restored. The cryptographic hash cannot be used to recover your email address.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For All Users:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and personal data
• Withdraw consent: Withdraw consent for push notifications at any time through your device settings

Additional Rights for EU/EEA Residents (GDPR):

• Data portability: Request your data in a structured, commonly used, machine-readable format
• Restriction: Request restriction of processing of your personal data
• Object: Object to the processing of your personal data
• Automated decisions: Request human review of automated content moderation decisions (e.g., nickname rejections)
• Complaint: Lodge a complaint with your local data protection authority

Additional Rights for California Residents (CCPA/CPRA):

• Know: Know what personal information we collect and how it is used
• Delete: Request deletion of your personal information
• Non-discrimination: Not be discriminated against for exercising your privacy rights

Additional Rights for Brazilian Residents (LGPD):

• Confirmation & access: Confirm and access the personal data we process about you
• Correction: Request correction of incomplete or inaccurate data
• Anonymization or deletion: Request anonymization, blocking, or deletion of unnecessary data
• Revoke consent: Revoke consent at any time

Additional Rights for UK Residents (UK GDPR):

You have the same rights as listed under GDPR above. You may lodge a complaint with the Information Commissioner's Office (ICO).

Other Jurisdictions:

If you reside in a jurisdiction with data protection laws (including but not limited to Australia, Canada, South Korea, Japan, South Africa, or any other country with applicable privacy legislation), you may have additional rights under your local laws. We are committed to honoring your data protection rights to the fullest extent required by applicable law. Contact us to exercise any rights provided under your local jurisdiction.

We do NOT sell personal information. We do NOT share personal information for cross-context behavioral advertising. We do NOT engage in profiling for commercial purposes.

To exercise any of these rights, contact us at support@betfollow.app. We will respond to your request within 30 days (or sooner if required by applicable law).

8. Legal Bases for Processing (GDPR)

If you are in the EU/EEA, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to provide the App's services to you (account management, core features)
• Consent: Processing based on your consent (push notifications, optional features)
• Legitimate interest: Processing necessary for our legitimate interests (security, fraud prevention, service improvement) that do not override your fundamental rights

9. International Data Transfers

BetFollow operates globally. Your data is primarily stored in the European Union (Google Cloud, europe-west1 region). However, some third-party services we use (Firebase, Google AI services) may process data in other locations, including the United States.

Where data is transferred across international borders, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission where applicable
• Service provider certifications and data processing agreements

By using the App from outside the EU, you consent to the transfer of your data to the EU and any other locations where our service providers operate, subject to the safeguards described above.

10. Children's Privacy

BetFollow is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18 (or under the applicable minimum age in your jurisdiction — for example, 13 under COPPA in the United States, 16 under GDPR in certain EU member states). If we become aware that we have collected personal data from a minor, we will take steps to delete such data promptly. If you believe we have inadvertently collected data from a child or minor, please contact us immediately at support@betfollow.app.

11. Push Notifications

If you opt in to push notifications, we will send you notifications about:

• Simulated ticket results (won, lost, voided)
• Follow requests and approvals from other users
• Activity from users you follow (new tickets)

You can disable push notifications at any time through your device settings. Disabling notifications will not affect your ability to use the App.

12. Local Device Storage

The App stores some data locally on your device using AsyncStorage for performance and convenience (e.g., draft tickets, UI preferences, cached league data). This data remains on your device, is not transmitted to our servers (except when explicitly synced as part of App functionality), and is cleared when you log out or uninstall the App.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the "Last updated" date at the top of this policy. For material changes, we may provide additional notice through the App. Your continued use of the App after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@betfollow.app

For EU/EEA residents: You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.