PRIVACY POLICY

1. Introduction

Golazo("we," "our," or "the Service") is operated independently. A registered legal entity for Golazo is being formed; this policy will be updated when filing completes. This Privacy Policy explains how Golazo collects, uses, and safeguards your information when you use our FIFA World Cup 2026 prediction pool platform.

2. Information We Collect

We collect minimal information necessary to provide our Service:

• Account Information: Email address and display name when you create an account
• Mobile Phone Number (optional): If you choose to receive your account verification code by text message during signup, we collect the mobile number you provide solely to deliver the one-time verification code (OTP) via SMS
• Predictions: Your pool picks and predictions for World Cup matches
• Pool Membership: Information about which pools you create or join
• Usage Data: Basic analytics about how you interact with the Service (page views, features used)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Authenticate your account and secure your data
• Display your predictions and standings within your pools
• Send important service notifications (password resets, deadline reminders)
• Improve and optimize the Service

4. Information Sharing

We do not sell your personal information.

Your information may be shared in limited circumstances:

• Within Pools: Your display name and predictions are visible to other members of pools you join
• Service Providers: We use third-party services for hosting (Vercel), database and email (AWS DynamoDB and SES), and SMS delivery (Twilio) that process data on our behalf
• Legal Requirements: If required by law or to protect our rights

5. SMS / Text Message Communications

Golazo operates the Verification SMS program. If you choose "Text" as your verification code delivery method during signup at https://www.golazo.us/signup, the following terms apply:

• What we collect: The mobile phone number you enter on the signup form. Phone numbers are collected directly from you on this page only; no third-party or affiliate data is used.
• How we use it: Solely to send a one-time verification code (OTP) to confirm your account at signup. We do not use your phone number for marketing, pick reminders, or any other purpose without separate, explicit opt-in.
• How we protect it: Phone numbers are stored encrypted in our database, transmitted over TLS, and never sold or shared with third parties for marketing.
• Service providers: SMS messages are delivered through Twilio, Inc., which processes the phone number on our behalf solely to send the OTP.
• Frequency: Up to one verification code message per signup attempt. You will not receive recurring or marketing messages from this program.
• Opt-out: Reply STOP to any message to opt out. Reply HELP for help. STOP and HELP keywords are honored on all messages.
• Carrier disclosure: Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
• Retention: If you delete your account, your phone number is deleted within 30 days alongside other personal information.

See our Terms of Service for the full SMS program description.

6. Data Security

We implement appropriate security measures to protect your data:

• Passwords are hashed using industry-standard algorithms (bcrypt)
• All data transmission is encrypted via HTTPS
• Database access is restricted and secured
• Session tokens are securely generated and managed

7. Cookies and Local Storage

We use:

• Session Cookies: To keep you logged in and maintain your session
• Local Storage: To store preferences and improve performance

We do not use tracking cookies or third-party advertising cookies.

8. Your Rights

You have the right to:

• Access your personal data
• Update or correct your account information
• Delete your account and associated data
• Export your predictions data

To exercise these rights, visit your Account settings or contact us.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we need to retain it for legal purposes.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Third-Party Services

Our Service uses the following third-party providers:

• Vercel, Inc.: Hosting and deployment
• Amazon Web Services, Inc.: DynamoDB database and SES email delivery
• Twilio, Inc.: SMS verification code delivery (when you opt in to text verification)
• Cloudflare, Inc.: DNS and bot protection (Turnstile)

Each provider has their own privacy policy governing their handling of data. No data is sold or shared with these providers for marketing or affiliate purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact Golazo at [email protected].