Privacy Policy
Privacy Policy
Last updated: 6 May 2026 Effective from: 6 May 2026
At Sportspoule, we value your privacy. In this privacy policy, we explain in clear language which personal data we process, why we do so, how long we keep it, and what rights you have.
This policy applies to the Sportspoule app for iOS and Android, to www.sportspoule.com, and to the web app at app.sportspoule.com.
1. Who is responsible for your data
Sportspoule Pikeursbaan 15AH 7411 GT Deventer, Netherlands
Chamber of Commerce: 82395071 VAT: NL862451784B01
For questions or requests about privacy, you can email us at info@sportspoule.com.
We have not appointed a Data Protection Officer (DPO) because that is not legally required for our size and activities.
2. What data we process
Depending on what you do with Sportspoule, we process the following categories of data.
2.1 Account data
Name
Email address
Password (stored encrypted, we cannot view it)
Profile photo (only if you set one)
Preferred language and country
Date of registration and last login
Social login IDs (Apple, Google, Facebook), only if you log in through one of those providers
2.2 Game data
Predictions you make in the app
Points and standings in pools
Favorite teams and answers to bonus questions
Pools you participate in or have created
Membership in groups and any admin role
2.3 Device and usage data
IP address (from which we infer the country)
Device type, OS version, and language
Push notification tokens (Firebase Cloud Messaging on Android/web, Apple Push Notification Service on iOS)
Live Activity tokens for the iOS lock screen
Anonymous in-app behavior (such as which screens you visit) — only after your consent
Crash reports if the app crashes
2.4 Payment data (only with a paid plan)
Invoice details: name, address, postal code, city, and country
VAT number (only for a business pool)
Amount, date, and payment method
A reference to your payment with Stripe or Mollie
The card type and the last four digits
We never store your full credit card number or bank account number. That data is processed directly by Stripe or Mollie on their secure infrastructure.
2.5 Communication
Emails you send us or messages via our chat support
Whether you have indicated that you want to receive mailings
2.6 Special personal data
We do not intentionally process special personal data (such as health, ethnicity, or religion). Please do not voluntarily provide it via chat or in your profile either.
3. What we use your data for (and on what basis)
Offering a Sportspoule account: for this we process account and login data. Basis under the GDPR: performance of the agreement.
Enabling predictions, points, and standings: for this we process game data. Basis: performance of the agreement.
Sending push notifications (goals, reminders, points received): for this we process push tokens and notification preferences. Basis: performance of the agreement; you can turn off each type of notification yourself.
Handling payments and creating invoices: for this we process invoice and payment data. Basis: performance of the agreement.
Fulfilling our administrative obligations: for this we process invoice and payment data. Basis: legal obligation.
Providing customer support: for this we process communication and account data. Basis: legitimate interest.
Fixing app errors: for this we process crash and error reports. Basis: legitimate interest.
Improving the app through usage analysis: for this we process anonymized app behavior. Basis: consent.
Preventing abuse and fraud: for this we process log data and your IP address. Basis: legitimate interest.
Helping and reaching pool organizers (Sportspoule Business): for this we process name, email, and pool information. Basis: legitimate interest.
Sending important product updates or announcements: for this we process your email address. Basis: legitimate interest.
We do not send you unsolicited commercial mailings.
4. How long we keep your data
We do not keep your data longer than necessary.
Active account: we keep this as long as you use it.
Inactive account (no login or use): up to 5 years; after that we automatically anonymize the account.
Predictions and game history: kept linked to your account.
Request logs (URLs and methods): 12 months.
App usage events: up to 36 months; after 24 months no longer linked to your account.
Crash and error reports (Sentry): standard retention period of Sentry, maximum 90 days.
Invoices and payment data: 7 years (legal tax retention obligation).
Support conversations (Crisp): up to 24 months after the last contact.
CRM data of pool organizers (HubSpot): standard HubSpot retention; we delete you proactively on request.
Encrypted backups: rotating, maximum 30 days.
If you delete your account via Profile → Delete account, we anonymize your profile immediately: your name, email address, and profile photo are deleted or replaced with an unrecognizable placeholder. Your predictions remain anonymously in pool standings, because otherwise the final ranking of fellow participants could no longer be correct.
5. Who we share data with
We only share your data with parties that we need in order to make Sportspoule work. We have a data processing agreement with all of these parties.
Hosting and infrastructure
Hetzner (Germany) — hosting of our servers and database
Amazon Web Services (Frankfurt, Germany) — encrypted backups
Payments and invoicing
Stripe — processing credit card and SEPA payments
Mollie — processing iDEAL and other payment methods
Moneybird — invoicing and accounting
Notifications and email
Firebase Cloud Messaging (Google) — push notifications on Android and web
Apple Push Notification Service — push notifications and Live Activities on iOS
Resend — sending transactional emails (welcome, password reset, invoice, and similar)
Sports data
SportMonks — matches, results, and player data. We only retrieve data; we do not share any personal data with SportMonks.
Analytics and error reporting
Sentry — crash and error reports
Microsoft Clarity — anonymized analysis of app usage, only after your explicit consent
Login
Apple, Google, and Facebook — only if you log in through one of these providers
Customer contact (business)
HubSpot — only for people who organize a pool or contact us via Sportspoule Business
Crisp — chat support on the website and in the app
Government and oversight
We only share data with the Tax Authorities, law enforcement, or other agencies when we are legally required to do so.
We never sell your data to third parties.
6. Transfers outside the European Economic Area
Our servers and most sub-processors are located in the EU. Some of the services mentioned above (such as Stripe, Sentry, HubSpot, Microsoft Clarity, Firebase, Apple, and Google) process data partly in the United States. The following applies to those transfers:
the European Commission standard contractual clauses (SCCs)
additional technical measures such as encryption
where applicable, the EU-US Data Privacy Framework
7. Security
We take appropriate technical and organizational measures to protect your data, including:
Encrypted connections (TLS/HTTPS) everywhere
Irreversibly encrypted passwords
Access restrictions for employees to only what they need
Encrypted backups
Logging and monitoring of suspicious activity
Do you think something is wrong? Then email info@sportspoule.com as soon as possible.
8. Cookies and similar technologies
On our website and in the web app, we use three types of cookies and local storage.
Functional (always active)
These are necessary for Sportspoule to work — for example to remember your login session or to store your chosen language. We do not ask consent for these because we need them to provide the service.
Analytical (only after consent)
We use Microsoft Clarity to anonymously see how people use Sportspoule, so that we can improve the app. We only turn this on after you have given consent. You can withdraw that consent at any time via Profile → Settings → Privacy.
Sub-processor cookies
Stripe and Mollie may place their own cookies during a payment to prevent fraud.
We do not place advertising or third-party tracking cookies.
9. Automated decision-making
We do not make decisions based solely on automated processing that produce legal effects for you or affect you in a similar significant way.
10. Minors
Sportspoule is intended for users aged 16 years and older. If you are younger than 16, you need permission from a parent or guardian. Do you think we processed data from a minor without that permission? Email us via info@sportspoule.com and we will delete that data.
11. Your rights
Under the GDPR, you have the following rights regarding your personal data:
Access — you may request a copy of what we hold about you
Rectification — correct inaccurate data
Erasure — request that we delete your data
Restriction — limit how we use your data
Objection — object to processing based on legitimate interest
Portability — receive your data in a readable file
Withdraw consent — if we do something on the basis of consent
The easiest ways to exercise these rights:
Edit your profile, language, and notification preferences in the app under Profile → Settings.
Delete your account via Profile → Delete account. We will then anonymize your data immediately.
Email info@sportspoule.com for anything you cannot arrange yourself in the app.
We will respond within four weeks. We may ask you to verify your identity — for example by logging in to your account or confirming a verification email. We do not ask for a copy of your identity document.
12. File a complaint
Do you feel that we are not handling your data carefully? Then first contact us via info@sportspoule.com — we would be happy to resolve it.
If you cannot resolve it with us, you can file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.
13. Changes
We may amend this privacy policy. The most recent version is always on this page. In the event of major changes, we will send you a message in the app or an email.