World Cup 2026is on: free AI predictions, live standings and the full bracket.free AI predictionsOpen the hubHubWorld Cup 2026is on: free AI predictions, live standings and the full bracket.free AI predictionsOpen the hubHub
Effective date: April 20, 2026
To deliver the Service, Football Prediction AI engages the sub-processors listed below. Each is bound by a written data-processing agreement (or equivalent) and acts only on our instructions. International transfers outside the EEA and the United Kingdom rely on the EU-US Data Privacy Framework where applicable, Standard Contractual Clauses, and the UK International Data Transfer Addendum, with supplementary measures such as encryption in transit and at rest.
We review this list when we add, change, or remove a sub-processor. Material changes take effect together with any accompanying update to our Privacy Policy.
| Sub-processor | Purpose | Data | Region |
|---|---|---|---|
| Vercel Inc. | Application hosting and serverless compute | IP address, request metadata, application logs | Frankfurt, Germany (eu-central-1 / fra1) |
| Supabase Inc. | Managed PostgreSQL database | Account, Google user data, subscription, and application data | Frankfurt, Germany (eu-central-1) |
| Upstash Inc. | Managed Redis (session state, rate limits, caching) | Session identifiers, rate-limit counters, transient cache | European Union |
| Mailjet (Sinch Email) | Transactional email delivery and contact-list management | Email address, display name, marketing-consent status | France / European Union |
| Stripe, Inc. | Subscription billing and payment processing | Customer identifier, billing metadata, subscription status (no full card numbers) | United States (EU Data Processing Addendum + SCCs) |
| PayPal (Europe) S.à r.l. et Cie, S.C.A. | Alternative subscription billing and payment processing | PayPal customer identifier, subscription status, billing metadata | Luxembourg / United States |
| Functional Software, Inc. (Sentry) | Application error monitoring and diagnostics | Error stack traces, request context, optional user identifier | European Union (EU data-region deployment) |
| Google Ireland Ltd. (Google Tag Manager / Google Analytics) | Aggregate traffic analytics (loaded only with Analytics consent) | IP address (truncated), device and browser metadata, page views | Ireland / European Union, onward US transfer under DPF |
| Google Ireland Ltd. (Google AdSense) | Personalised and non-personalised advertising on free pages (loaded only with Advertising consent) | IP address, device identifiers, ad interaction signals | Ireland / European Union, onward US transfer under DPF |
| Google LLC (Google OAuth 2.0) | Sign in with Google and authentication | Google account identifier, email address, name, profile picture, locale | United States (DPF certified) |
| Anthropic PBC | AI model provider for match-preview generation (football data only) | Fixture and statistical context only (no personal user data) | United States (SCCs) |
| OpenAI, LLC | AI model provider for match-preview generation (football data only) | Fixture and statistical context only (no personal user data) | United States (DPF certified) |
| Google LLC (Gemini API) | AI model provider for match-preview generation (football data only) | Fixture and statistical context only (no personal user data) | United States (DPF certified) |
| Contentful GmbH | Headless CMS for marketing pages and blog content | No personal user data stored in CMS entries | European Union |
| Cloudflare, Inc. (Turnstile) | CAPTCHA / bot protection on authentication flows | IP address, device signals used for bot scoring | Global edge network |