Privacy Policy
1. Who we are
Holy Pools ("we", "us"), operated by [COMPANY LEGAL NAME], [COMPANY ADDRESS], is the data controller for the sports prediction game at www.holypools.com. Contact: theholypools@gmail.com.
2. What we collect
- Account data: email address, username, password (stored and hashed by our authentication provider — we never see it), preferred language, and — if you sign in with Google — the name and email your Google account shares.
- Consent records: when you accepted these policies and which version, and your 18+ attestation.
- Gameplay data: pools and tournaments you join, predictions, scores, results, balance and balance history (an auditable ledger of every credit and debit), notifications, and chat messages you send.
- Technical data: IP address and request logs (kept briefly by our hosting provider), browser/device information, and error diagnostics when something crashes.
We do not collect payment card details (deposits are not currently available) and we do not run advertising trackers. Local storage in your browser is used only to keep your session and your in-progress picks.
3. What we use it for
- Operating the game: joining pools, computing scores and settlements, maintaining your balance (contract).
- Security and fair play: preventing multi-accounting, collusion, and abuse (legitimate interest).
- Fixing problems: error tracking and performance diagnostics (legitimate interest).
- Communications about your entries and results in-app (contract).
- Legal compliance and record-keeping, including the money-movement audit ledger (legal obligation / legitimate interest).
4. Who processes it
We use a small set of processors, each receiving only what their function needs:
- Supabase — authentication, database, and file storage (hosts account and gameplay data).
- Vercel — application hosting and request logs.
- Sentry — error tracking (receives technical crash context; configured not to receive personal data by default).
- Google — only if you choose Google sign-in.
We do not sell your data, and we do not share it with advertisers. Sports fixtures and results come from third-party data providers, but no personal data of yours is sent to them.
5. Retention
Account and gameplay data are kept while your account exists. The balance ledger and settlement records are retained after account closure for as long as required for audit and legal purposes. Technical logs rotate on short cycles set by our hosting providers. Error reports expire automatically on our error-tracking plan's retention window (90 days).
6. Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Until self-service tools ship, contact theholypools@gmail.com and we will action requests within 30 days. Account deletion removes your personal identifiers; anonymized settlement records may be retained as described in Retention.
7. Security
Data is encrypted in transit (TLS) and at rest by our providers. Database access is protected by row-level security; wallet mutations require locks and leave an audit trail. No system is perfectly secure — if we learn of a breach affecting your data we will notify you as required by law.
8. Children
Holy Pools is for adults 18+. We do not knowingly collect data from anyone under 18; if we learn we have, we will delete the account.
9. Changes and contact
We may update this policy; material changes will be announced in the app. Questions or requests: theholypools@gmail.com.