Privacy Policy

1. Controller and Contact Details

For data protection purposes, the controller for Podium Prophets is Bence Tóth. Public contact email: bence@podiumprophets.com.

A separate data protection officer has not been appointed for this service at this time.

View the current operator details on the Impressum page

2. Personal Data We Process

Depending on how you use the Service, we process the following categories of personal data:

• Google account data provided at sign-in, such as your name, email address, and avatar.
• Profile and account data, including display name, preferred locale, prophet number, prophet color, and font preference.
• Session predictions, championship predictions, scores, and related historical performance data.
• League memberships, standings, invite activity, and league management actions.
• Email notification preferences, timezone, unsubscribe status, and email delivery records for opt-in notifications.
• Invitee email addresses submitted by league leaders for targeted invitation emails.
• Technical preference data stored through necessary cookies and local browser storage.

3. Where the Data Comes From

• Most data comes directly from you when you sign in, complete onboarding, submit predictions, manage leagues, or change settings.
• Authentication profile data is received from Google through Google OAuth.
• Invite-recipient email addresses are supplied by league leaders when they request a targeted invitation email.
• A limited amount of technical and preference data is collected automatically from your browser to keep the Service working.

4. Purposes and Legal Bases

We process personal data for the following purposes and legal bases:

• Contract / steps at your request: account creation, authentication, predictions, scoring, league participation, and essential account settings.
• Legitimate interests: service security, abuse prevention, invite delivery requested by league leaders, operational logging, and keeping the Service reliable.
• Consent: optional email notifications and any waitlist signup you submitted before registration opened.

5. Recipients and Sharing

We share data only where necessary to run the Service:

• Supabase for database, authentication, and application data storage.
• Google for OAuth authentication.
• Vercel for hosting and edge delivery.
• Resend for targeted league invitations and opt-in notification emails.
• Other members of your leagues can see the account and league information that is meant to be visible inside those leagues, such as display name, standings, and scores.

We do not sell personal data and we do not disclose it to advertisers or data brokers.

6. International Transfers

We aim to use EEA-hosted infrastructure where available, but some providers may process data outside the EEA, including in the United States. Where this happens, we rely on applicable safeguards such as adequacy decisions or standard contractual clauses. You may request more information by email.

7. Cookies and Local Storage

We use a minimal set of necessary cookies and browser storage items:

• Authentication cookies (`sb-*-auth-token`) are used to keep you signed in.
• The `NEXT_LOCALE` cookie stores your language preference.
• Local browser storage is used for preference and convenience items such as font preference, selected league filters, and invite-code resume state.

We do not use advertising cookies, analytics cookies, fingerprinting, or cross-site tracking on the Service.

8. Retention

• Account, prediction, and league data are kept while your account remains active and then deleted or anonymized within a reasonable cleanup period after a valid deletion request.
• Invite-recipient email addresses are kept only for the relevant invitation lifecycle, mismatch handling, and reasonable cleanup after expiry or resolution.
• Notification preference records and delivery logs are retained only as long as needed to operate opt-in emails, handle unsubscribe requests, and manage abuse or delivery disputes.
• Waitlist records are retained until the waitlist is no longer needed or you ask us to delete them.

9. Your Rights

Subject to applicable law, you have the right to:

• access your personal data
• rectify inaccurate or incomplete personal data
• request deletion of your personal data
• receive portable access to personal data you provided to us
• request restriction of processing in certain cases
• object to processing based on legitimate interests
• withdraw consent for optional processing at any time
• lodge a complaint with a supervisory authority

To exercise these rights, contact bence@podiumprophets.com. If you are in Hungary, you may also contact National Authority for Data Protection and Freedom of Information (NAIH); this does not limit your right to complain to another competent EU supervisory authority.

• National Authority for Data Protection and Freedom of Information (NAIH)
• 1055 Budapest, Falk Miksa utca 9-11.
• ugyfelszolgalat@naih.hu
• +36 (1) 391-1400
• https://www.naih.hu/

10. Required and Optional Data

Google sign-in data and basic onboarding data are required to create and use an account. If you do not provide that information, we cannot provide the logged-in parts of the Service. Optional email notifications and waitlist signup are not required.

11. Children

The Service is intended for users who are at least 16 years old. If you believe a child has provided personal data to us without authorization, contact us and we will review and delete the data where appropriate.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page and, where practical, highlighted in the app before they take effect.

13. Contact

For privacy questions or requests, contact bence@podiumprophets.com.