Privacy Policy

Effective: June 3, 2026

This policy describes how BuddyBet Challenge processes personal data in accordance with Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The data controller is Juan Shulinho Gaucho, contact: info@buddybetchallenge.com.

No Data Protection Officer has been appointed because the processing is not large-scale and does not involve special categories of data.

2. What Data We Process

Registration data: e-mail address, nickname, hashed password.

Profile data: avatar (optional), language and notification preferences.

Game data: predictions, results, group membership, in-app messages, jokers and bonuses.

Technical data for notifications: push subscription tokens (only with explicit browser consent).

Service logs: sign-in timestamps and IP addresses related to authentication, retained by the infrastructure provider.

3. Purpose and Legal Basis

Performance of contract (Art. 6(1)(b) GDPR) — operating the user account and providing game features.

Legitimate interest (Art. 6(1)(f) GDPR) — ensuring security, preventing abuse, and operational communication.

Consent (Art. 6(1)(a) GDPR) — browser push notifications and optional analytics cookies.

4. Recipients (Processors)

Lovable Cloud (infrastructure, database, authentication, powered by Supabase) — EU servers.

Resend (transactional and notification e-mails) — US servers, transfer based on EU Standard Contractual Clauses.

We do not share data with third parties for marketing and do not sell data.

5. Retention

Account data is retained while the account is active.

After account deletion, personal data is erased or anonymised within 30 days at the latest, unless retention is required by law.

Service logs rotate within 90 days at most.

6. Your Rights

You have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, and withdrawal of consent.

Requests can be sent to info@buddybetchallenge.com. We respond within 30 days.

You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (www.uoou.cz).

7. Cookies and Local Storage

The app only stores necessary technical data (sign-in session, language, theme, cookie consent choice). We do not use third-party advertising or tracking cookies.

See the separate Cookies page for details.

8. Security

Data is transmitted encrypted (HTTPS) and protected by Row-Level Security policies. Passwords are never stored in plain text.

9. Policy Changes

We may update this policy. Substantial changes will be communicated in-app or by e-mail.

See Cookies page →