Privacy Policy

Last updated: 2026-03-18

This Privacy Policy explains how we collect, use and share information when you use the UFL Scout website and mobile apps ("Service"). "We" and "us" refer to the operators of UFL Scout.

1. Who is responsible for your data?

The Service is operated by Pinnacle Parameters, Blodstensvägen 5, 75258 Uppsala, Sweden ("Pinnacle Parameters"), which operates the UFL Scout website and mobile apps. For any questions or requests about this Policy or your data, you can contact us via our Contact Page.

2. Where is the Service hosted?

Our primary application servers and databases are located in a data center in Germany. In addition, we use network, security and content-delivery providers such as Cloudflare, which may route traffic through data centers in other regions to improve performance and protect the Service.

3. What data do we collect?

3.1 Account and authentication data

When you create an account or sign in, we process data such as:

• Email address
• Username and display name
• Hashed passwords (never stored in plain text)
• Account role (e.g. user, admin)
• Profile information such as avatar image if you choose to provide it

Authentication and session handling is implemented using the BetterAuth library backed by our PostgreSQL database. Session identifiers are stored in cookies to keep you signed in.

3.2 Usage and log data

When you interact with the Service, we may automatically log certain information to operate and secure the platform, including:

• IP address and approximate location inferred from it
• Browser and device information (user agent)
• Pages and API endpoints accessed, timestamps and response status codes
• Authentication and security events (for example, sign-in attempts, invite code usage, email verification)

Some of this data is stored in dedicated audit and session tables in our PostgreSQL database to help detect abuse, debug issues and protect the Service.

3.3 Content you submit

If you choose to interact with community features, we process the content you submit, such as:

• Comments and replies on player pages
• Votes on comments and players
• Poll votes and other in-app feedback
• Data you provide for squad building and related tools

3.4 Mobile app telemetry

For the UFL Scout mobile apps, we store aggregated usage statistics in dedicated tables, including:

• Platform (iOS or Android)
• App version
• Daily request counts and approximate number of active users
• Pseudonymous device signatures (hashed identifiers) to distinguish unique devices per day

These identifiers are designed to be pseudonymous and are used only for aggregated statistics and reliability monitoring, not for advertising profiles.

3.5 In-app purchases

If you purchase premium features in our mobile apps, the transaction itself is processed by Apple (App Store) or Google (Google Play). We do not receive or store your full payment card details.

To confirm that a purchase or subscription is valid, our servers contact Apple's receipt verification API and Google Play Developer APIs using the receipt or purchase token provided by your device. We process relevant details from the store (such as product ID, purchase time and subscription status) and may log parts of this data for troubleshooting and fraud prevention.

3.6 Emails and notifications

When we send transactional emails (for example password reset, email verification, email change approval), we process:

• Your email address
• Basic message metadata (subject, send time, delivery status)

Email delivery is handled through Resend as our email service provider. Resend acts as a processor and may also log technical data necessary to deliver and troubleshoot email.

3.7 Analytics, ads and third-party content

We use the following third-party services when you visit the website:

• Google Tag Manager (GTM) to load and manage analytics and advertising tags.
• Google Ads / Google Ad Manager to serve advertising placements on the site. These services may use cookies and similar technologies to measure ad performance and, depending on your settings, to personalize ads.
• Twitch APIs to check whether listed streamers are currently live and playing UFL, and to display their public streaming information and links.

In addition, automated compliance and cookie-scanning services (for example, Truendo and similar tools) may crawl our pages to analyze which cookies and tags are in use. These tools access the site in a similar way to search engine crawlers.

3.8 AI-assisted admin tools

For certain internal/admin-only features (such as mapping CSV columns when importing player data), we use OpenAI's API. We send structured data like column names and sample values related to player attributes to OpenAI in order to receive mapping suggestions. These tools are not intended to process end-user account credentials or private communications.

4. How and why we use your data

We use the information described above to:

• Provide and maintain the Service and its core features
• Authenticate users and manage sessions
• Send necessary transactional emails and service notifications
• Secure the Service, detect abuse and prevent fraud
• Measure usage, performance and reliability of the website and apps
• Serve and measure advertising on the site
• Improve the Service and develop new features
• Comply with legal obligations and respond to lawful requests

5. Cookies and similar technologies

We use cookies and similar technologies in your browser and in our mobile apps for the following purposes:

• Essential cookies for authentication and security (for example, BetterAuth session cookies to keep you signed in and protect access to admin areas).
• Analytics and measurement cookies loaded via Google Tag Manager to understand how the site is used and to improve performance.
• Advertising cookies used by Google Ads / Ad Manager to deliver and measure ads. These may be used by Google to personalize ads based on your activity, depending on your ad settings with Google.

You can control cookies through your browser settings and, where implemented, through consent tools on our site. Disabling certain cookies may affect how the Service functions.

6. Legal bases

Where applicable law (such as the EU/EEA GDPR or similar regimes) requires a legal basis for processing, we rely on the following:

• Performance of a contract – to operate the Service, create and manage your account, and provide features you request.
• Legitimate interests – for security, abuse prevention, debugging, aggregated analytics, and reasonable improvements of the Service, provided these interests are not overridden by your rights.
• Consent – where required for certain analytics, advertising or optional features. You can withdraw consent at any time via your browser settings, ad preferences or available consent tools.
• Legal obligations – for example, to keep records required by law or to respond to lawful requests from authorities.

7. How we share data

We do not sell your personal data. We share data only as necessary with the following types of recipients:

• Infrastructure, hosting and network providers (for example data center operators and Cloudflare) that host our servers, deliver content and protect the Service.
• Email service providers such as Resend that deliver transactional emails on our behalf.
• Analytics and advertising partners, primarily Google (Tag Manager, Ads / Ad Manager) that set cookies or receive usage data when you visit the site.
• Mobile app store operators (Apple and Google) when we verify in-app purchases using their APIs.
• AI service providers such as OpenAI when we use their APIs for internal admin-only tools.
• Third-party streaming platforms such as Twitch, to display public streamer data and check live status.
• Service providers that help us with logging, security, development and maintenance, acting as data processors under appropriate agreements.
• Competent authorities or legal advisors when required by law or to protect our rights, users or the public.

8. International data transfers

Some of our service providers are located outside your country and may process data in other jurisdictions (for example, the United States or other regions where OpenAI, Google, Resend or Twitch operate). Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms to protect your data in line with applicable law.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this Policy, including for the period needed to operate the Service, maintain security logs, comply with legal obligations and resolve disputes. Retention periods can vary depending on the type of data and our legal or operational needs. When data is no longer needed, we aim to delete it or anonymize it.

10. Your rights

Depending on your jurisdiction, you may have rights such as:

• Accessing a copy of your personal data
• Correcting inaccurate or incomplete data
• Deleting your account and certain associated data
• Restricting or objecting to certain types of processing
• Receiving your data in a portable format, where applicable
• Withdrawing consent where processing is based on consent

To exercise these rights, please contact us via our Contact Page. We may need to verify your identity before responding to certain requests.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our Service, legal requirements or best practices. When we make material changes, we will take reasonable steps to notify you, such as displaying a notice in the app or updating the date at the top of this page. Your continued use of the Service after the updated Policy becomes effective means you accept the changes.

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us via our Contact Page.