PRIDYX

Privacy Policy

Effective 2026-04-24

This Privacy Policy explains how Pridyx (“we”, “us”) collects, uses, and shares information when you use the Pridyx web app, mobile app, or any related services (the “Service”). By using the Service you agree to this policy. If you do not agree, do not use the Service.

1. Eligibility

Pridyx is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has given us information, contact us at the address below and we will delete it.

2. Information We Collect

Information you provide

  • Account: email address, password (stored only as a salted hash), username, and optional avatar image.
  • Google sign-in (optional): if you sign in with Google, we receive your email, name, and Google account identifier from Google.
  • Profile: display name, avatar, country (optional), favorite teams/competitions (optional), bio (optional).
  • Predictions & activity: match predictions you submit, reactions, comments on matches, friend and follow relationships, quiz answers, Ultimate squad selections.

Information we collect automatically

  • Device & log data: IP address, approximate location derived from IP, user-agent string, operating system, app version, crash and diagnostic logs, and timestamps of requests. This data is collected by our hosting and infrastructure providers and used to operate and secure the Service.
  • Push tokens: if you enable notifications, we store an Expo push token (mobile) or web-push endpoint (browser) so we can deliver match reminders, prediction results, and social notifications. Tokens do not identify you outside our systems.
  • Cookies & similar: we use necessary cookies for authentication sessions (via Supabase) and remember-me preferences. We do not use third-party tracking cookies for advertising inside the authenticated app.

What we do not collect

  • We do not collect precise location (GPS).
  • We do not collect contacts, SMS, call history, health data, or biometric data. On-device Face ID or Touch ID (when you opt in) is handled entirely by your device’s secure enclave — Pridyx only receives a pass/fail result.
  • We do not sell personal data.

3. How We Use Information

  • Provide and operate the Service: create your account, score your predictions, rank leaderboards, deliver notifications you requested, enable social features.
  • Security & fraud prevention: detect abusive or automated activity, rate-limit, enforce our Terms.
  • Service improvement: aggregate, de-identified analytics to understand feature usage and fix bugs.
  • Legal compliance: respond to lawful requests, enforce our rights.

4. Sharing With Third Parties

We share personal data only with service providers who help us run the Service, and only as needed for them to provide that service to us:

  • Supabase, Inc. — database, authentication, storage (US).
  • Vercel Inc. — web app hosting, edge functions, logs (US).
  • Expo (650 Industries, Inc.) — mobile push notification delivery (US).
  • Google LLC — optional “Sign in with Google” authentication. If we display ads on marketing pages for signed-out visitors, Google AdSense may set cookies on those pages only.
  • API-Football (API-Sports) — third-party football data provider. We do not send any user-identifying data to them; they supply fixtures, scores, and team data to us.

We may disclose information when required by law, to comply with legal process, or to protect our rights or the safety of our users.

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you and give you a chance to delete your account before any such transfer takes effect.

5. Data Retention

We keep account data for as long as your account is active. If you delete your account (see §7), we delete your profile, predictions, comments, friend relationships, reactions, and push tokens within 30 days, except where retention is required for legal, security, or fraud prevention reasons. Backups are rotated and overwritten within 90 days.

6. Security

We use HTTPS for all network traffic, Supabase row-level security for database access, and standard industry practices for secret management. No system is perfectly secure; we cannot guarantee absolute security. If we become aware of a breach affecting your data we will notify you as required by applicable law.

7. Your Rights

  • Access & correction: you can view and update your profile in Settings.
  • Deletion: you can delete your account and all associated data at any time from Settings → Delete Account. This cannot be undone.
  • Notifications: you can disable push notifications in your device OS settings or in Settings within the app.
  • Data portability & other GDPR/CCPA rights: if you are in the EEA, UK, or California, you have additional rights under GDPR or CCPA including access, rectification, restriction, and portability. Contact us to exercise these rights.

8. International Transfers

Pridyx operates in the United States and our service providers are primarily US-based. If you use the Service from outside the US, your information will be transferred to, stored, and processed in the US. By using the Service you consent to this transfer.

9. Changes

We may update this policy. Material changes will be announced in-app or by email to the address on your account. Continued use of the Service after a change means you accept the updated policy.

10. Contact

Questions, requests, or complaints: privacy@pridyx.com.

See also our Terms of Service.