BallDuty
BallDuty Football ‘26FIFA World Cup

Privacy Policy

Last Updated: May 22, 2026

BallDuty respects your privacy. This policy explains what data we collect, how we use it, and your rights as a user of the BallDuty Football ‘26 mobile application.

1. Data We Collect

  • Account Information: Email address, username, Account ID (a unique reference in the format BD######), “Love of Ball” rating, and supported team (I Support country). Note: your username, Account ID, supported team flag, and leaderboard rank are publicly visible to all BallDuty users on the Global Leaderboard. Your Account ID is also used by the BallDuty support team to identify your account.
  • Usage Data: Prediction history, points accumulated, and leaderboard rank.
  • Technical Data: IP address, device identifiers, and Firebase Cloud Messaging (FCM) tokens for push notifications.
  • Transactional Data: In-app purchase receipt identifiers and transaction IDs for purchase verification via Apple (iOS) and Google Play (Android). Credit card information is not stored by BallDuty.
  • Communication Data: Email address and message contents submitted via the in-app Contact Support feature.

2. How We Use Your Data

  • Service Provision: Managing predictions, calculating rank, and delivering Scout Reports.
  • Moderation: Gemini AI analyses usernames to maintain community safety standards.
  • Communications: Push notifications for halftime market openings, settlement results, and Scout Report alerts.
  • Advertising: Google AdMob delivers rewarded video ads to Standard (free) users. Device identifiers are used for ad frequency capping and attribution, subject to your consent (see Section 8 — Advertising Identifiers & Tracking).
  • Promotional Recognition: With your consent, your username and tactical insights may be shared on BallDuty’s official social media platforms (X, Instagram) if you accept a Pundit Interview or spotlight invitation.

Lawful Basis for Processing (GDPR)

Data TypeLawful Basis
Account information, predictions, scoring, leaderboardContract performance — necessary to provide the service
Push notificationsLegitimate interests (service updates); consent where required by local law
AdMob advertising identifiersConsent (via iOS ATT prompt on iOS; EU/UK UMP consent flow on both platforms; Android advertising ID opt-out via device settings)
Username moderation via Gemini AILegitimate interests (platform safety and integrity)
Contact form messagesLegitimate interests (customer support)

3. Data Retention and Deletion

  • Account Deletion: Deletion requests entered in the app trigger a 30-day soft-delete grace period. After 30 days, your data undergoes a permanent hard purge.
  • Contact Submissions: Retained for 12 months for support and audit purposes, then permanently deleted.
  • Inactive Accounts: BallDuty reserves the right to purge inactive account data following the conclusion of the 2026 FIFA World Cup tournament cycle.

4. Your Rights

GDPR (European Union / UK)

  • Access: Request a copy of the personal data we hold about you.
  • Portability: Request your data in a portable, machine-readable format (see Section 9).
  • Erasure: Delete your account at any time via the app settings.
  • Rectification: Correct inaccurate data via your profile settings or by contacting us.
  • Restriction / Objection: Object to certain processing or request restriction where permitted by law.

To exercise any of these rights, contact us at privacy@ballduty.com.

CCPA (California, USA)

California residents have the right to know what personal data is collected, to request deletion, and to opt out of the sale of personal data. BallDuty does not sell personal data to third parties.

Apple (iOS)

In-app controls allow you to view your predictions, change your username (subject to a 24-hour cooldown), update your I Support country, and delete your account.

5. Data Security

BallDuty uses industry-standard encryption and secure Firebase/Google Cloud infrastructure. Access to user data is restricted by Firestore security rules that enforce per-user read and write permissions.

6. International Data Transfers

BallDuty’s infrastructure runs on Firebase and Google Cloud Platform, which stores and processes data on servers located in the United States. If you are located in the European Union or United Kingdom, your data is transferred to the US under Google’s Standard Contractual Clauses (SCCs), which provide appropriate safeguards for international transfers under GDPR.

7. Third-Party Services

ServicePurpose
Google AdMobRewarded video ad delivery to Standard users
Google FirebaseAuthentication, database, push notifications, cloud storage
API-Football (api-football.com)Match schedules, player data, and player images
Apple App StoreIn-app purchase processing (iOS)
Google Play StoreIn-app purchase processing (Android)
Google Gemini AIUsername moderation
Social Media Platforms (X, Instagram)Optional Pundit Interview sharing (consent-based)

8. Advertising Identifiers & Tracking

iOS — Apple App Tracking Transparency (ATT)

When you first launch BallDuty Football ‘26 on iOS, you will see an Apple system prompt asking for permission to track your activity across other apps and websites. This tracking is used solely by Google AdMob for advertising personalisation and frequency capping.

  • If you allow tracking: AdMob may use your device’s advertising identifier (IDFA) to show you relevant ads.
  • If you decline tracking: AdMob will show contextual ads only. All app features remain fully available regardless of your choice.

You can change this setting at any time in your iOS Settings → Privacy & Security → Tracking.

Android — Google Advertising ID (GAID)

On Android, Google AdMob may use your device’s Google Advertising ID (GAID) for advertising personalisation and frequency capping. If you are located in the EEA, UK, or Switzerland, you will see a consent prompt before any advertising identifier is used.

  • If you consent: AdMob may use your GAID to show you relevant ads.
  • If you decline: AdMob will show contextual ads only. All app features remain fully available regardless of your choice.

You can reset or opt out of personalised ads at any time in your Android Settings → Privacy → Ads.

9. Data Portability

Under GDPR Article 20, you have the right to receive your personal data in a portable, structured format. To request a copy of your data, contact us at privacy@ballduty.com with the subject line “Data Portability Request.” We will respond within 30 days.

10. Delete Your Account

You can request deletion of your BallDuty account at any time.

In-app: Open the app → Profile tab → About section → tap Delete My Account.

  • What happens: Your account is soft-deleted immediately. All personal data is permanently and irreversibly purged after 30 days.
  • What is deleted: Predictions, points, stats, profile information, username, and email address.
  • What is retained: Nothing — after the 30-day grace period, no personal data is retained.
  • Grace period: If you sign back into the app within 30 days, your account and all data will be fully reactivated.

Can’t access the app? Email support@ballduty.com with the subject line “Account Deletion Request” and we will process your request within 30 days.

11. Contact Us

For privacy questions, data requests, or to exercise your rights:

Email: privacy@ballduty.com

Alternatively, use the Contact Support feature within the app (Profile → Contact BallDuty) or visit our Support page.

BallDuty Football ‘26 is operated by BallDuty Pty Ltd. This policy is designed to comply with GDPR, CCPA, Apple App Store, and Google Play Store privacy requirements.