ScoreSync ScoreSync Privacy Policy

Privacy Policy

Last updated: 14 June 2026

ScoreSync ("we", "us", or "our") operates the ScoreSync web and mobile application. This policy explains what data we collect, why we collect it, how we protect it, and your rights over it.

We collect only what is necessary to run the service. We do not sell your data. We do not advertise to you. We do not share your data with third parties except as described below.

Data we collect

Data Why we collect it Linked to your identity
Email address Account creation, sign-in, password reset Yes
Name / username Display name (provided via Google or Apple sign-in) Yes
Country of residence Age verification — minimum age varies by jurisdiction Yes
Date of birth Age verification required by law in multiple jurisdictions Yes
Subscription & purchase history Manage your plan, unlock Pro features Yes
Push notification token Deliver BTTS alerts you have opted in to Yes
IP address (guest sessions only) Rate-limit unauthenticated usage to prevent abuse Not linked

We do not collect: precise or approximate location (GPS), contacts, camera or microphone data, browsing history across other sites, or any form of behavioural analytics.

Payment data

Payments are processed by Stripe. Your card number, CVC, and billing address are entered directly on Stripe's secure checkout page — they never reach our servers. We store only Stripe's internal identifiers (customer ID, subscription ID) so we can manage your plan.

Stripe's privacy practices are described at stripe.com/privacy.

Third-party sign-in

Google: If you choose to sign in with Google, we receive your email address, display name, and a Google account identifier from Google's OAuth service. We do not receive your Google password or any other Google account data. Google's privacy practices are described at policies.google.com/privacy.

Apple: If you choose to sign in with Apple, we receive your email address (or Apple's private relay address if you choose to hide your email) and a unique Apple user identifier from Apple's Sign In with Apple service. On your first sign-in Apple may share your name; on subsequent sign-ins only the identifier is passed. We do not receive your Apple ID password or any other Apple account data. Apple's privacy practices are described at apple.com/legal/privacy.

How we use your data

We do not use your data for advertising, personalisation unrelated to the service, or any automated decision-making that has a legal or similarly significant effect on you.

Data retention

Third-party services

Service Purpose Their privacy policy
Stripe Payment processing stripe.com/privacy
Google Sign-In Optional sign-in method policies.google.com/privacy
Apple Sign In Optional sign-in method apple.com/legal/privacy
Google Fonts Typography (loaded from fonts.gstatic.com) policies.google.com/privacy
API-Football Live fixture and results data (no user data shared) api-football.com

Your rights

Depending on where you are located, you may have the right to:

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Local storage & cookies

ScoreSync stores data directly on your device using browser localStorage — not HTTP cookies. No tracking or advertising identifiers are stored. All items are strictly necessary for the service to function.

KeyContentsPurposeExpires
ss_token JWT authentication token Keep you signed in between sessions 7 days (token expiry)
ss_user Email, username, subscription tier Display your profile without a server round-trip Cleared on sign-out
ss_tips Your saved fixture tips Persist your saved tips locally Until you clear tips or uninstall
ss_free_since Free trial start timestamp Enforce the free-tier trial window Cleared on subscription activation
ss_match:* Match prediction payload Cache predictions for 48 hours to reduce server load 48 hours (TTL enforced in code)
ss_fixtures:* Fixture list snapshot for a past date Freeze past-day predictions so results stay consistent Until browser storage is cleared
ss_gdpr Flag: privacy notice acknowledged Suppress the one-time privacy notice after dismissal Persistent

Third-party requests made on page load: The app loads fonts from Google Fonts (fonts.gstatic.com), the Google Sign-In library (accounts.google.com), and the Apple Sign In library (appleid.cdn-apple.com). These requests transmit your IP address to the respective provider as part of normal HTTP traffic. They do not set tracking cookies. Google's handling of this data is governed by Google's Privacy Policy; Apple's is governed by Apple's Privacy Policy. If you prefer to avoid these requests entirely, you can use the email/password sign-in method and the app will still function fully.

Legal basis: All storage described above is processed under Article 6(1)(b) GDPR — processing necessary for the performance of the contract (providing the ScoreSync service you signed up for). No consent is required for strictly necessary storage under the ePrivacy Directive.

Security

Passwords are hashed using bcrypt before storage — we cannot read your password. All data is transmitted over HTTPS. Push notification payloads are end-to-end encrypted using the Web Push protocol (VAPID + P-256 ECDH).

Children

ScoreSync is not directed at children. Our minimum age requirement is 18 in most jurisdictions (higher in some). We do not knowingly collect personal data from anyone below the applicable minimum age. Accounts found to belong to underage users are terminated.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notice at least 14 days before taking effect.

Contact

Privacy questions or data requests: privacy@getscoresync.com