Privacy Policy

1. Introduction

NotFootball ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect information when you use our website and services.

This policy applies to all users of NotFootball, including visitors, registered users, and administrators.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, password (encrypted)
• Profile Information: Display name, profile preferences
• Content: Articles, comments, and other content you create

2.2 Automatically Collected Information

• Usage Data: Pages viewed, search queries, time spent on site
• Device Information: Browser type, IP address (hashed), device type
• Cookies: See our Cookie Policy

3. How We Use Your Information

• Provide and improve our services
• Authenticate and secure your account
• Send important service notifications
• Analyze usage patterns to improve user experience
• Prevent fraud and abuse
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

• Contract: To provide services you've requested
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications (you can opt out anytime)
• Legal Obligation: To comply with applicable laws

5. Information Sharing

We do not sell your personal information. We share data only in these limited circumstances:

• Service Providers: Hosting (Vercel), database (Supabase), analytics
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or sale

6. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Object: Object to processing based on legitimate interest
• Withdraw Consent: Opt out of marketing communications

To exercise these rights, contact us at criticalmak@gmail.com or use our data & privacy page to download your data or delete your account.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your data within 30 days, except:

• Data required for legal compliance (e.g., financial records for tax purposes)
• Aggregated, anonymized data used for analytics
• Backup copies (deleted within 90 days)

8. Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and monitoring
• Access controls and authentication
• IP address hashing for privacy

9. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant authorities
• Service providers certified under privacy frameworks

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes by email or through a prominent notice on our website. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights: