GOTIFO Privacy Policy

1. Introduction

Welcome to GOTIFO ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding your personal data when you use our mobile application and related services (collectively, the "Service").

Contact Information:
• Email: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation)
• Display name and username
• Profile picture (optional)
• Password (stored encrypted)
• Favorite teams and interests
• Language preferences
• Biography and personal information (optional)

User-Generated Content:

• Posts, comments, and messages
• Photos and videos you upload
• Match attendance confirmations
• Social interactions (likes, follows, shares)

Communications:

• Customer support inquiries
• Feedback and survey responses
• Email communications with us

2.2 Information Collected Automatically

Device and Usage Information:

• Device type, operating system, and version
• Unique device identifiers
• IP address and general location (country/city level)
• App usage patterns and feature engagement
• Crash reports and performance data

Location Information:

• Approximate location (city/country) for regional football content
• Precise location only when you explicitly grant permission
• Location is used to discover nearby matches and venues
• You can disable location access in your device settings

Technical Information:

• Log files and server data
• Network connection information
• App performance metrics
• Error reports and debugging information

2.3 Information from Third Parties

Authentication Services:

• Google Sign-In: Name, email, profile picture, and account verification status
• Facebook Login: Name, email, and profile picture (if implemented)

Football Data:

• SportMonks API: Match schedules, team information, and venue data
• This data is not personally identifiable and is used to provide football content

Location Services:

• Google Places API: Venue information and geocoding (used with your consent)

3. How We Use Your Information

3.1 Core Service Functionality

Account Management:

• Create and maintain your user account
• Authenticate your identity and secure your account
• Provide customer support and respond to inquiries

Social Features:

• Enable connections with other users through follows and interactions
• Display your posts, comments, and social activity
• Facilitate match attendance coordination
• Manage privacy settings and content visibility

Content Personalization:

• Show relevant football matches based on your favorite teams
• Customize content based on your location and interests
• Provide personalized recommendations
• Filter content according to your preferences

3.2 Communication

Service Communications:

• Send account verification emails
• Provide important service updates and security notifications
• Deliver customer support responses

Optional Communications:

• Marketing emails about new features (with your consent)
• Push notifications about match updates and social activity
• You can opt out of marketing communications at any time

3.3 Safety and Security

Platform Safety:

• Monitor for spam, abuse, and violations of our Terms of Service
• Investigate suspected fraud or unauthorized access
• Enforce our community guidelines and user policies

Data Security:

• Implement technical and organizational security measures
• Monitor for security vulnerabilities and threats
• Maintain backup systems for data recovery

3.4 Legal Compliance

Regulatory Requirements:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our legal rights and interests
• Investigate and prevent illegal activities

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Consent: When you explicitly agree to data processing (e.g., marketing communications, precise location)

Contract Performance: To provide our services as outlined in our Terms of Service

Legitimate Interest:
• Service improvement and analytics
• Security and fraud prevention
• Customer support and communication

Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Personal Data

We never sell, rent, or trade your personal information to third parties for commercial purposes.

5.2 When We Share Information

Service Providers:

• Firebase (Google): Hosting, authentication, and database services
• Cloud storage providers for media content
• Analytics services for app performance monitoring
• Customer support tools for inquiry management

Legal Requirements:

• Law enforcement agencies (when legally required)
• Court orders and legal proceedings
• Government regulatory requests
• Protection of rights, property, or safety

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

With Your Consent:

We may share information in other circumstances with your explicit consent.

5.3 Public Information

Publicly Visible Content:

• Public posts and comments
• Profile information (display name, profile picture, bio)
• Match attendance (if you choose to make it public)
• Social interactions (likes, follows) may be visible to other users

Privacy Controls:

• You can set your account to private to limit visibility
• You control what information appears in your public profile
• You can delete or edit your posts and comments

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

Account Information: Retained while your account is active and for up to 30 days after deletion
User-Generated Content: Retained according to platform needs and user choices
Technical Data: Log files and analytics data retained for up to 24 months
Legal Requirements: Some data may be retained longer to comply with legal obligations

6.2 Your Right to Delete Data

Account Deletion:

• You can delete your account at any time through the app settings
• Account deletion removes your profile and personal information
• Some content may remain in anonymized form for platform functionality

Content Deletion:

• You can delete individual posts, comments, and media uploads
• Deleted content is removed from public view immediately
• Backup copies may be retained for up to 30 days for recovery purposes

Data Portability:

• You can request a copy of your personal data
• Data will be provided in a structured, machine-readable format
• Request processing may take up to 30 days

7. Your Privacy Rights

7.1 European Union (GDPR) Rights

If you are in the EU, you have the following rights:

Access: Request information about how we process your data
Rectification: Correct inaccurate or incomplete personal data
Erasure: Request deletion of your personal data
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Objection: Object to processing based on legitimate interests
Withdraw Consent: Revoke consent for specific processing activities

7.2 California (CCPA) Rights

If you are a California resident, you have additional rights:

Right to Know: Request information about data collection and sharing
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
Non-Discrimination: Equal service regardless of privacy choices

7.3 Exercising Your Rights

To exercise your privacy rights:

• Email us at [email protected]
• Use the privacy settings in the mobile app
• Contact our Data Protection Officer
• Response time: Up to 30 days for most requests

8. Data Security

8.1 Security Measures

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure Firebase authentication and database rules
• Regular security assessments and updates
• Access controls and user permission systems

Organizational Measures:

• Employee training on data protection
• Regular security policy reviews
• Incident response procedures
• Third-party security audits

8.2 Data Breach Response

In the event of a data breach:

• We will investigate and contain the breach
• Affected users will be notified within 72 hours
• Relevant authorities will be informed as required
• We will provide guidance on protective measures

9. International Data Transfers

Cross-Border Processing:

• Your data may be processed in countries outside your residence
• We ensure appropriate safeguards for international transfers
• Firebase services comply with international data protection standards
• EU-US Data Privacy Framework compliance where applicable

10. Children's Privacy

Age Restrictions:

• Our service is not intended for children under 13 years old
• We do not knowingly collect information from children under 13
• If we discover child data collection, we will delete it immediately
• Parents can contact us regarding child data concerns

11. Cookies and Tracking

Limited Tracking:

• We use minimal tracking technologies for essential functionality
• Firebase Analytics for app performance monitoring
• No third-party advertising cookies
• You can control tracking through device settings

Do Not Track:

• We respect Do Not Track browser signals where applicable
• Mobile app tracking can be controlled through device privacy settings

12. Changes to This Privacy Policy

Policy Updates:

• We may update this Privacy Policy to reflect service changes
• Material changes will be communicated through app notifications
• Continued use constitutes acceptance of updated terms
• Previous versions will be archived and available upon request

13. Contact Information

Privacy Questions:

• Email: [email protected]

Response Time:

• General inquiries: Within 5 business days
• Data subject requests: Within 30 days
• Urgent security concerns: Within 24 hours

Supervisory Authority:

If you are in the EU and believe we have not addressed your privacy concerns, you may contact your local data protection authority.