Home

Privacy Policy

Last updated: 2026-05-20

DT ("the App") is operated by thedtapp ("we", "us"). This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have. We comply with GDPR, CCPA, LGPD, Apple App Store and Google Play data-safety requirements.

1. Data we collect

  • Account data: name, email or phone number, password (hashed), country, preferred club and national team.
  • Authentication data: session tokens, device identifier used to keep you signed in.
  • Voting and chat content: questions you answer, predictions, messages you send in match or global chat.
  • Stadium-mode data: when you opt-in to unlock stadium mode we collect either (a) your GPS coordinates at the moment of verification or (b) the raw payload of the QR code scanned from your match ticket plus the parsed match fields (home team, away team, date, venue, match id).
  • Diagnostic data: IP address and user-agent string are stored together with each stadium ticket verification for fraud prevention.
  • Media you upload: profile photo, images attached to chat.
  • Device permissions: camera (QR scanning + chat photos), microphone (voice messages), photo library (sharing pictures), precise location (stadium verification). All permissions are requested only at the moment of use.

2. How we use your data

  • Provide core features: account, real-time match voting, match and global chat, personalized home feed by club and national team.
  • Stadium-mode access control: verify your attendance manually (admin review) when the QR scan cannot be auto-matched to a live match.
  • Security and fraud prevention: detect duplicate accounts, suspicious sign-ins, and ticket abuse.
  • Service communications: respond to your support requests.
  • Aggregated analytics: anonymous metrics about collective predictions. These are not linked to any individual.

3. Legal basis (GDPR / LGPD)

  • Performance of contract: providing the features you signed up for.
  • Legitimate interest: fraud prevention, security, service improvement.
  • Consent: camera, microphone, location and notifications. You can revoke consent at any time in your device settings.

4. Sharing and processors

  • We do not sell your personal data.
  • We share data with infrastructure processors strictly to operate the service: cloud hosting (AWS), database hosting (PostgreSQL on managed service), error monitoring, and email delivery. Each processor is bound by a data-processing agreement.
  • We may disclose data when required by law or to protect the rights, safety, and property of users.

5. Retention

  • Account data: kept while your account is active.
  • Stadium ticket verifications: the raw QR payload is retained until the verification is approved or rejected, and automatically purged 30 days after a decision. The verification record itself is kept for up to 12 months for audit.
  • Chat messages: kept while the related match thread exists.
  • When you delete your account, all personally identifying data is deleted within 30 days; backups are purged within 90 days.

6. Your rights

  • You may request access, correction, export, restriction, or deletion of your personal data, and object to certain processing.
  • You can withdraw consent at any time and unsubscribe from non-essential communications.
  • Send requests to [email protected]. We respond within 30 days.
  • You have the right to lodge a complaint with your local data-protection authority.

7. Children

  • The App is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

8. International transfers

  • Data may be processed in countries other than your own. We use Standard Contractual Clauses or equivalent safeguards where required.

9. Security

  • We use TLS in transit, encrypted storage at rest, hashed passwords (bcrypt), short-lived session tokens, and role-based admin access. No system is 100% secure; we will notify affected users of any qualifying breach within 72 hours.

10. Changes to this policy

  • When we make material changes we will update the date above and notify you in-app or by email.

11. Contact