Privacy Policy
Last Updated: April 17, 2026
BallDuty respects your privacy. This policy explains what data we collect, how we use it, and your rights as a user of the BallDuty WC ‘26 mobile application.
1. Data We Collect
- Account Information: Email address, username, Account ID (a unique reference in the format BD######), “Love of Ball” rating, and supported team (I Support country). Note: your username, Account ID, supported team flag, and leaderboard rank are publicly visible to all BallDuty users on the Global Leaderboard. Your Account ID is also used by the BallDuty support team to identify your account.
- Usage Data: Prediction history, points accumulated, and leaderboard rank.
- Technical Data: IP address, device identifiers, and Firebase Cloud Messaging (FCM) tokens for push notifications.
- Transactional Data: In-app purchase receipt identifiers and transaction IDs for purchase verification via Apple. Credit card information is not stored by BallDuty.
- Communication Data: Email address and message contents submitted via the in-app Contact Support feature.
2. How We Use Your Data
- Service Provision: Managing predictions, calculating rank, and delivering Scout Reports.
- Moderation: Gemini AI analyses usernames to maintain community safety standards.
- Communications: Push notifications for halftime market openings, settlement results, and Scout Report alerts.
- Advertising: Google AdMob delivers rewarded video ads to Standard (free) users. Device identifiers are used for ad frequency capping and attribution, subject to your consent (see Section 8 — Apple App Tracking Transparency).
- Promotional Recognition: With your consent, your username and tactical insights may be shared on BallDuty’s official social media platforms (X, Instagram) if you accept a Pundit Interview or spotlight invitation.
Lawful Basis for Processing (GDPR)
| Data Type | Lawful Basis |
|---|---|
| Account information, predictions, scoring, leaderboard | Contract performance — necessary to provide the service |
| Push notifications | Legitimate interests (service updates); consent where required by local law |
| AdMob advertising identifiers | Consent (via iOS ATT prompt and EU/UK UMP consent flow) |
| Username moderation via Gemini AI | Legitimate interests (platform safety and integrity) |
| Contact form messages | Legitimate interests (customer support) |
3. Data Retention and Deletion
- Account Deletion: Deletion requests entered in the app trigger a 30-day soft-delete grace period. After 30 days, your data undergoes a permanent hard purge.
- Contact Submissions: Retained for 12 months for support and audit purposes, then permanently deleted.
- Inactive Accounts: BallDuty reserves the right to purge inactive account data following the conclusion of the 2026 FIFA World Cup tournament cycle.
4. Your Rights
GDPR (European Union / UK)
- Access: Request a copy of the personal data we hold about you.
- Portability: Request your data in a portable, machine-readable format (see Section 9).
- Erasure: Delete your account at any time via the app settings.
- Rectification: Correct inaccurate data via your profile settings or by contacting us.
- Restriction / Objection: Object to certain processing or request restriction where permitted by law.
To exercise any of these rights, contact us at privacy@ballduty.com.
CCPA (California, USA)
California residents have the right to know what personal data is collected, to request deletion, and to opt out of the sale of personal data. BallDuty does not sell personal data to third parties.
Apple (iOS)
In-app controls allow you to view your predictions, change your username (subject to a 24-hour cooldown), update your I Support country, and delete your account.
5. Data Security
BallDuty uses industry-standard encryption and secure Firebase/Google Cloud infrastructure. Access to user data is restricted by Firestore security rules that enforce per-user read and write permissions.
6. International Data Transfers
BallDuty’s infrastructure runs on Firebase and Google Cloud Platform, which stores and processes data on servers located in the United States. If you are located in the European Union or United Kingdom, your data is transferred to the US under Google’s Standard Contractual Clauses (SCCs), which provide appropriate safeguards for international transfers under GDPR.
7. Third-Party Services
| Service | Purpose |
|---|---|
| Google AdMob | Rewarded video ad delivery to Standard users |
| Google Firebase | Authentication, database, push notifications, cloud storage |
| API-Football (RapidAPI) | Match schedules and player data |
| Apple App Store | In-app purchase processing |
| Google Gemini AI | Username moderation |
| Social Media Platforms (X, Instagram) | Optional Pundit Interview sharing (consent-based) |
8. Apple App Tracking Transparency (ATT)
When you first launch BallDuty WC ‘26 on iOS, you will see an Apple system prompt asking for permission to track your activity across other apps and websites. This tracking is used solely by Google AdMob for advertising personalisation and frequency capping.
- If you allow tracking: AdMob may use your device’s advertising identifier (IDFA) to show you relevant ads.
- If you decline tracking: AdMob will show contextual ads only. All app features remain fully available regardless of your choice.
You can change this setting at any time in your iOS Settings → Privacy & Security → Tracking.
9. Data Portability
Under GDPR Article 20, you have the right to receive your personal data in a portable, structured format. To request a copy of your data, contact us at privacy@ballduty.com with the subject line “Data Portability Request.” We will respond within 30 days.
10. Contact Us
For privacy questions, data requests, or to exercise your rights:
Email: privacy@ballduty.com
Alternatively, use the Contact Support feature within the app (Profile → Contact BallDuty) or visit our Support page.
BallDuty WC ‘26 is operated by BallDuty Pty Ltd. This policy is designed to comply with GDPR, CCPA, and Apple App Store privacy requirements.