Privacy Policy

For venue owners: name, email, phone, venue address, billing details and signed reservation agreement.

For guests: a randomly generated session token, display name, predictions and trivia answers. We do not require an account, email or phone number to play.

Technical data: IP address, browser type and minimal request logs needed to operate the service.

• Performance of contract (Art. 6(1)(b) GDPR) — operating the platform, processing reservations, running competitions.
• Legitimate interest (Art. 6(1)(f) GDPR) — security, fraud prevention, service analytics.
• Legal obligation (Art. 6(1)(c) GDPR) — tax & accounting records.

We use the following processors. Data is processed within the EU where possible.

• Supabase / Lovable Cloud — database, authentication, storage, edge compute.
• API-Football — public football fixture & result data (no personal data shared).
• Lovable AI Gateway — optional AI features.

Reservation records and signed PDFs are retained for as long as required by tax law (typically 10 years in Germany). Guest predictions are kept for the duration of the tournament plus 90 days.

You have the right to access, rectify, erase, restrict and port your personal data, as well as to object to processing and to lodge a complaint with a supervisory authority.

We use strictly necessary cookies and browser storage to keep guests signed into a venue session and to remember venue owner authentication. We do not use advertising or third-party tracking cookies.

Where data is processed outside the EU/EEA, we rely on Standard Contractual Clauses or comparable safeguards.