Privacy Policy

Effective Date: February 10, 2026

About This Policy

Controller: Anifowoshe Digital LLC ("we," "us," "our")

Contact (privacy & support): twofootballcrows@gmail.com

Mailing Address: 4357 S Indiana Ave Suite 5, Chicago, IL 60653

This Privacy Policy explains how we collect, use, share, and protect personal data when you use Flock Football Analytics (the "Service"). It is written to be broadly compatible with GDPR/UK GDPR-style transparency requirements and general U.S. privacy expectations.

1. Scope

This Privacy Policy applies to personal data we process when you:

  • visit our website,
  • create an account or sign in (including via magic link or Google sign-in),
  • use site features (including subscriber-only features when enabled), or
  • contact us for support or provide feedback (including through forms we provide).

2. What Personal Data We Collect

We collect the following categories of personal data (depending on how you use the Service):

A. Account and identity data

  • Email address
  • Display name / username
  • Authentication method (e.g., magic link or Google sign-in)
  • Account status (e.g., active, deleted)

B. Authentication and security data

  • Sign-in history (e.g., timestamps and related security signals)
  • Security data used to protect accounts and the Service (for example, suspicious login indicators, abuse-prevention signals, and related logs). Depending on configuration, this may include technical identifiers such as IP address and user agent.

C. Usage and analytics data

We collect usage data to understand how the Service is used and to improve performance and features, such as:

  • pages viewed and interactions (e.g., clicks, searches, filters used),
  • performance metrics,
  • approximate location derived from IP address (often at city/region level, depending on configuration).

D. Billing and subscription data (for paid features)

If you purchase a subscription, we (and/or our payment processors) may process:

  • subscription status (free vs. paid),
  • plan/tier information,
  • payment processor customer IDs (e.g., Stripe customer ID),
  • invoices/receipts and transaction metadata (primarily stored by the payment processor),
  • limited information required for tax/accounting purposes (depending on what you configure).

We do not store full payment card details on our servers. Payment card data is handled by our payment processors.

E. Support and feedback data

If you contact us or submit feedback/bug reports, we process:

  • your contact information (often email),
  • the contents of your message,
  • any attachments or information you choose to include.

3. Where Personal Data Comes From

We collect personal data from:

  • You (e.g., when you create an account, contact support, or submit feedback),
  • Your device/browser (e.g., technical data and usage data),
  • Our service providers (e.g., authentication providers, hosting providers, analytics providers, and payment processors).

4. How We Use Personal Data and Our Lawful Bases

Depending on your location, laws may require a "lawful basis" for processing. We use personal data for the purposes below:

A. Provide accounts/login and core features

Purpose: Create accounts, authenticate users, maintain sessions, and deliver Service functionality (including subscriber-only access when enabled).

Lawful basis: Contract (to provide the Service you request).

B. Maintain security, prevent fraud/abuse, and enforce terms

Purpose: Secure the Service, detect/prevent abusive activity, debug incidents, and enforce acceptable use rules.

Lawful basis: Legitimate interests (security and service integrity) and, where applicable, contract.

C. Product analytics and improvement

Purpose: Understand usage trends, improve features, and maintain performance and reliability.

Lawful basis: Legitimate interests (improving and maintaining the Service).

If we later enable non-essential cookies/trackers, we will request consent where required.

D. Customer support and troubleshooting

Purpose: Respond to support requests, investigate bugs, and communicate with you about issues you raise.

Lawful basis: Legitimate interests and/or contract (depending on the request).

E. Service/admin notices (transactional communications)

Purpose: Send transactional emails such as magic links, account created/deleted notices, and important service/security messages.

Lawful basis: Contract and/or legitimate interests.

F. Marketing emails/newsletters/promos

We do not send marketing emails at this time.

If we add marketing emails later, we will implement opt-out/unsubscribe mechanisms and obtain consent where required by law.

G. Legal compliance

Purpose: Comply with legal obligations, maintain required records, and respond to lawful requests.

Lawful basis: Legal obligation and/or legitimate interests.

5. How We Share Personal Data

We share personal data only as needed to operate the Service, including with:

A. Service providers ("processors")

We use vendors that process data on our behalf. These may include:

  • Vercel — hosting and performance/usage analytics (as configured)
  • Supabase — database, authentication, and related logging/monitoring (as configured)
  • Amazon Simple Email Service — delivery of transactional emails (magic links and account notices)
  • Stripe — subscription payments and transaction records
  • Ko-fi — optional payments
  • Google — sign-in (Google OAuth) and forms (if used for feedback intake)

We currently accept support requests via email and may use forms (including Google Forms) for bug reports/feedback. The exact data each vendor processes depends on configuration.

B. Legal, safety, and business transfers

We may disclose personal data if we believe it's necessary to:

  • comply with law or legal process,
  • protect the security/integrity of the Service,
  • prevent fraud or abuse,
  • enforce our terms, or
  • in connection with a corporate transaction (e.g., merger, acquisition, or asset sale). If this happens, we will take steps to protect your data.

6. International Data Transfers

Because our vendors may operate globally, personal data may be processed in countries outside your state/province/country (including the United States). Where required, we rely on appropriate safeguards for international transfers (such as contractual protections like Standard Contractual Clauses or equivalent mechanisms) and vendor data protection terms.

7. Cookies and Similar Technologies

We use cookies and/or local storage that are strictly necessary to:

  • authenticate users,
  • maintain sessions, and
  • help keep accounts secure.

We do not use targeted advertising cookies or retargeting pixels at this time. If we introduce non-essential cookies/trackers (for example, certain analytics), we will update this notice and implement consent mechanisms where required.

8. Data Retention

We retain personal data only as long as needed for the Service, security, and legal compliance. Deleted account data is removed on a reasonable schedule; logs are periodically rotated; backups follow provider rotation. In some cases, we may retain certain records longer where required by law or where reasonably necessary to prevent fraud, resolve disputes, enforce our terms, or maintain Service security.

Account deletion

If you delete your account, we will delete or anonymize personal data within a year of the request, with limited exceptions, such as:

  • records we must keep for legal, tax, or accounting obligations (often handled primarily by payment processors),
  • data needed to prevent fraud/abuse or maintain Service security,
  • data that persists in backups until those backups rotate.

Because retention depends on configuration and legal requirements, we may retain different categories of data for different periods.

9. Your Privacy Rights

Depending on your location, you may have rights such as:

  • Access: request a copy of your personal data
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your personal data
  • Objection: object to processing based on legitimate interests (in certain cases)
  • Restriction: request we limit processing (in certain cases)
  • Portability: request a portable copy of certain data you provided (in certain cases)
  • Withdraw consent: where processing is based on consent (if applicable)

How to exercise your rights

  • Request method: Email us at twofootballcrows@gmail.com.
  • Verification: We will take reasonable steps to verify your identity before fulfilling certain requests (especially access/export/deletion).
  • Response timeframe: We aim to respond within 30 days (and within one month where required). If a request is complex, we may need additional time and will notify you.

Complaints (EEA/UK)

If you are in the EEA or UK, you may have the right to lodge a complaint with your local data protection authority (and in the UK, the Information Commissioner's Office).

10. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data. However, no system is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is intended for a general audience of football fans and is not directed to children under 13.

  • Account age requirement: You must be 13 or older to create an account.
  • Purchases: You must be 18 or older to purchase a subscription (or have a parent/guardian complete the purchase).

We do not knowingly collect personal data from children under 13. If we learn we have collected personal data from a child under 13, we will take steps to delete it.

Age Verification and Misrepresentation

We rely on users to provide accurate information about their age. We do not independently verify the age of users at registration. By creating an account or using the Service, you represent that you meet the applicable age requirements.

If a user provides false or inaccurate age information, we are not liable for any data collection or processing that occurs as a result. Parents or guardians who permit a child under 13 to access the Service using inaccurate age information assume responsibility for that child's use and any resulting data collection.

12. "Sale" / "Share" (U.S. Privacy Concepts)

We do not sell personal information. We do not share personal information for cross-context behavioral advertising (for example, ad retargeting).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Effective Date" above and may provide additional notice if changes are material.