Effective date: April 22, 2026
Football Prediction AI (“we”, “us”, “our”) operates www.footballprediction.ai (the “Service”). This policy explains what personal data we collect, how we use it, how we store and protect it, and with whom we share it. We are the data controller for personal data processed through the Service.
The Service uses Google Sign-In (Google OAuth 2.0). This section fully discloses how we access, use, store, and share Google user data, in accordance with the Google API Services User Data Policy, including the Limited Use requirements.
We request only these OAuth scopes:
openid: to verify you have authenticated with Google.email: your primary Google email address and its verification status.profile: your name, profile picture URL, Google account identifier (the “sub” claim), and locale.We do not request, access, or store any other Google user data. We do not access Gmail, Google Drive, Google Calendar, Google Contacts, YouTube data, or any restricted or sensitive Google API scope.
Limited Use. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is not used for advertising, not sold or transferred for advertising, not used for credit-worthiness or lending decisions, and not used to develop, improve, or train generalised or non-personalised machine-learning or artificial-intelligence models. Human access is allowed only with your explicit consent, for security, to comply with applicable law, or where data has been aggregated and anonymised for internal operations.
Google user data is stored in our managed PostgreSQL database hosted in the European Union (Frankfurt, Germany) and is associated with your Football Prediction AI user record. Data in transit is protected with TLS and the database is encrypted at rest. Access is limited to authenticated application code and a small number of administrators who need access to operate the Service. OAuth tokens are held only for the time required to complete the sign-in flow and refresh your session; they are never exposed to the browser.
You can delete all of this data at any time from your account settings page (“Delete account”), which permanently removes your user record, linked Google account, and associated data from our database. You can also revoke the Service's access from your Google Account permissions page.
We do not sell Google user data. We share it only with the categories of processors listed in Section 7 (for example, our hosting provider and transactional-email provider), each bound by a data-processing agreement and acting solely on our instructions. A current list of named processors is available on our Sub-processors page.
If you are in the European Economic Area or the United Kingdom, our legal bases are: (a) performance of a contract, to provide the Service and manage your account and subscription; (b) legitimate interest, to secure, operate, and improve the Service and communicate with you about it; (c) consent, for non-essential cookies, analytics, advertising, and marketing emails, which you can withdraw at any time; (d) legal obligation, to comply with applicable law.
Match previews, tips, and summaries served on the Service are generated by large language models on our instruction using public football data. They are produced by automated means and are labelled in the interface with an “AI-generated” badge. Football Prediction AI does not send your Google user data or any personal profile field to these models. Prompts contain only football fixture and statistical context. Output is entertainment-oriented and is not financial, legal, or professional advice.
We do not make automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22 GDPR. Predictions served by the Service are informational and do not determine eligibility for any product, service, or right.
We use strictly-necessary cookies to keep you signed in and protect the Service from abuse. With your consent, we also use functional cookies (preferences such as dark mode), analytics cookies (Google Analytics via Google Tag Manager), and advertising cookies (Google AdSense, shown on free pages only). You can accept, reject, or change each category at any time via the “Cookie Settings” link in the footer. A full list of cookies, their purpose, category, and expiry is available on our Cookie Policy page.
Google signed-in user association. Our Google Analytics property has Google Signals enabled. When you are signed in to a Google account that permits ads personalisation and you have consented to analytics and/or advertising cookies on the Service, Google may associate your activity on the Service with your Google account to enable features such as cross-device reporting and audience building. You can review and delete this activity at any time via Google’s My Activity and you can turn off ads personalisation entirely from your Google Ads Settings.
We use the following categories of processors, each acting on our instructions under a data-processing agreement. Named processors are listed on our Sub-processors page, which we update when we change vendors.
Our primary application and database are hosted in the European Union. Some processors (notably payment, advertising, and AI model providers) are established outside the EEA and the United Kingdom. Where data is transferred outside the EEA/UK, we rely on the EU-US Data Privacy Framework (where the recipient is certified), European Commission Standard Contractual Clauses, and the UK International Data Transfer Addendum, together with supplementary measures such as encryption in transit and at rest.
Subject to applicable law you have the right to access, correct, export, or delete your personal data, to restrict or object to processing, to withdraw consent at any time, and to lodge a complaint with your local supervisory authority. You can exercise most rights directly from your account settings or by contacting us at [email protected].
If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Texas, or another U.S. state with a comprehensive privacy law, you may have rights to know, access, correct, delete, and port your personal information, and to opt out of “sale” or “sharing” for cross-context behavioural advertising.
We do not sell personal information for money. For residents of California under the CPRA, using our Advertising cookies on free pages may constitute “sharing”; you can opt out via the “Do Not Sell or Share My Personal Information” link in the footer, which rejects the Advertising cookie category for this browser. We do not knowingly process sensitive personal information within the meaning of the CPRA. You can submit other rights requests by emailing [email protected]. We will respond within the statutory timeframe of your state.
We protect personal data with TLS in transit, encryption at rest, access controls based on least privilege, HTTP security headers, rate limiting on sensitive endpoints, and regular dependency updates. No system is perfectly secure. If a personal-data breach occurs, we will notify the competent supervisory authority within 72 hours as required by Article 33 GDPR and inform affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
The Service is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this policy from time to time. The “Effective date” above shows when the latest version took effect. For material changes we will notify you by email or by a prominent in-app notice before the change takes effect.
For any privacy-related question or request, contact us at [email protected].