Privacy Policy.
This Privacy Policy describes how Badini Ibrahim (“we”, “our”, “us”), publisher of the MatchMind mobile application, collects, uses, shares, and protects your personal data when you use our application and services.
By using MatchMind, you agree to the practices described in this policy. If you do not agree, please do not use the application.
GDPR Compliance
This policy complies with the General Data Protection Regulation (GDPR) of the European Union. You have extensive rights over your personal data, detailed in section 05.
01Data We Collect
1.1 Data you provide to us
- Account data: email address, display name, profile photo (if signing in via Google or Apple).
- Preferences: favorite teams, followed leagues, football knowledge level, language preference (FR/EN).
- Community predictions: score and result predictions you voluntarily submit.
1.2 Data collected automatically
- Usage data: number of predictions generated, prediction history, accuracy scores, leaderboard points.
- Technical data: device type, operating system, Firebase unique identifier, push notification token.
- Subscription data: subscription status (Free/Pro), purchase identifier, renewal dates.
1.3 Data we do NOT collect
- We do not collect GPS location data.
- We do not collect financial data (credit card, bank details). Payments are handled exclusively by the App Store or Google Play.
- We do not collect sports betting data. MatchMind is not a betting platform.
02How We Use Your Data
| Purpose | Data involved | Legal basis (GDPR) |
|---|---|---|
| Service delivery | Account, preferences, predictions | Performance of contract |
| AI prediction generation | Match data and statistics (no personal data) | Performance of contract |
| Subscription management | Email, identifier, Pro status | Performance of contract |
| Push notifications | FCM token, team preferences | Consent |
| Anonymous usage statistics | Aggregated usage data | Legitimate interest |
| Security | Technical data | Legitimate interest |
| User support | Email, account data | Performance of contract |
03Sharing Your Data
We never sell your personal data. We share certain data with the following providers, strictly necessary for the operation of the service:
| Provider | Purpose | Hosting |
|---|---|---|
| Google Firebase | Authentication, database, notifications | EU / US (standard contractual clauses) |
| Google Gemini API | AI prediction generation (no personal data transmitted) | US (standard contractual clauses) |
| Apple / Google Play | Payment and in-app subscription management | EU / US |
| API-Football | Football match data (no personal data) | EU |
04Data Retention
- Active account: data retained as long as your account is active.
- Deleted account: data deleted within 30 days of the deletion request.
- Billing data: retained for 10 years in compliance with legal accounting obligations.
- Technical logs: retained for a maximum of 12 months.
05Your GDPR Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your data.
- Right to restriction: restrict processing in certain cases.
- Right to portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing of your data on legitimate grounds.
- Withdrawal of consent: withdraw your consent at any time for consent-based processing.
- CNIL complaint: lodge a complaint with the CNIL (French Data Protection Authority) at www.cnil.fr.
To exercise these rights, contact us at contact@match-mind-ai.com. We will respond within 30 days.
06Data Security
We implement the following measures:
- Encryption in transit: all communications are protected by TLS 1.3.
- Encryption at rest: stored data is encrypted server-side (Firebase / Google Cloud).
- Strong authentication: password hashing, cryptographic nonce for Sign in with Apple.
- Security audits: regular review of Firestore rules and API access.
- Breach notification: in the event of a data breach, notification to the CNIL within 72 hours and affected users informed without undue delay.
07Cookies and Trackers
The MatchMind mobile application does not use cookies in the traditional sense. We only use a Firebase Installation ID, required for the technical operation of authentication and push notifications. We do not use any third-party advertising trackers.
08Children's Data
MatchMind is strictly reserved for persons aged 18 and over. We do not knowingly collect personal data from minors. If we discover that a minor has created an account, we will proceed with the immediate deletion of all associated data.
09International Transfers
Your data may be transferred to and stored on servers located in the United States (Firebase / Google Cloud). These transfers are governed by the European Commission's standard contractual clauses, ensuring an adequate level of protection in accordance with the GDPR.
10Changes to This Policy
We may update this Privacy Policy periodically. In the event of material changes, we will notify you via an in-app notification or email at least 15 days before the changes take effect. Your continued use of the application after this period constitutes acceptance of the updated policy.
11Contact
Data Controller
For any questions regarding your personal data