← Back to Home

Privacy Policy

Last updated: 31 December 2025

1. Controller

The controller of your personal data is:

Solbizz Canarias S.L.

CIF: B76607415

Calle Felix Casanova Ayala 44

38678 ArmeΓ±ime, Santa Cruz de Tenerife, Spain

Email: hello@db.football

2. What We Do

DB Football is a football prediction and community platform. Users can create accounts, join leagues/groups, submit match predictions, view leaderboards, and interact via chat and direct messages.

3. Personal Data We Collect

A) Data you provide

  • Account data: email, username, display name (optional)
  • Profile data (optional): avatar, cover photo, bio, timezone, country/nationality, languages/interests, football preferences, social links, optional birth date (not verified)
  • Community content: predictions, league memberships, chat messages, direct messages, reactions
  • Support: contact form and support ticket content (including unauthenticated contact tickets)

B) Data we collect automatically

  • Technical data: IP address, device and browser data, timestamps
  • Security/anti-bot: Cloudflare Turnstile verification events
  • Logs: login attempts, audit logs (admin actions), scheduler logs, API usage logs
  • Acquisition data (with consent): referral source, landing page, and campaign parameters (UTM tags) to understand where visitors come from and improve onboarding

C) Cookies and similar technologies

  • Necessary cookies for authentication (e.g., wc_session)
  • Functional cookies for features (e.g., invite flow)
  • Analytics cookies (Google Analytics) β€” only if you consent

See our Cookie Policy for details.

4. Why We Use Your Data (Purposes) and Legal Bases

We process personal data for:

Providing the service

Create account, authenticate, predictions, leagues, leaderboards, chat/DMs

Legal basis: Contract (GDPR Art. 6(1)(b))

Security and abuse prevention

Rate limiting, fraud detection, login attempt tracking, audit logs

Legal basis: Legitimate interests (GDPR Art. 6(1)(f))

Support and communications

Responding to tickets, account emails like verification and password reset

Legal basis: Contract and Legitimate interests (Art. 6(1)(b)/(f))

Optional notifications

Prediction reminders, summaries, match events by email/push/Telegram/Discord if enabled

Legal basis: Contract (service feature) and/or Consent where required (Art. 6(1)(a))

Analytics & Ad Measurement

Google Analytics for site analytics and Reddit Pixel/Conversions API for ad measurement β€” only with consent. With your consent, we may share conversion events (e.g., sign-up, email verification) along with identifiers (hashed email, click ID, IP address, user agent) with Reddit for measurement purposes only. The _rdt_uuid cookie is set by Reddit Pixel for anonymous ad measurement. The dbf_acq cookie may store Reddit click ID and UUID for attribution. You can withdraw consent at any time via Cookie Settings in the footer, and all tracking will stop.

Legal basis: Consent (GDPR Art. 6(1)(a))

5. Sharing and Visibility

  • Within leagues/groups: other members may see your username, display name, avatar, predictions (after lock), scores, and leaderboard entries (this is core to the game).
  • Service providers: we use trusted vendors to operate the service (hosting, email, push). They act as processors under GDPR where applicable.
  • Legal obligations: we may disclose data if required by law or to protect rights and security.

5a. Social Features (Followers & Activity Feed)

DB Football includes social features that allow you to connect with other users:

  • Following: You can follow other users to see their activity in your feed. Your followers list is visible to you; others can see your follower/following counts on your profile.
  • Activity Feed: When you earn badges, join leagues, or achieve streaks, this activity may be visible to your followers (unless you opt out).
  • User Search: Other users can find you by searching for your username or display name. You can disable this in your privacy settings.
  • Blocking: You can block users to prevent them from following you, messaging you, or viewing your profile.

Privacy Controls

You can control your social visibility in your account settings:

  • League Visibility: Choose who can see which leagues you're in (Anyone, Followers Only, or No One)
  • Predictions Visibility: Choose who can see your predictions (Anyone, Followers & League Members, or League Members Only)
  • Search Visibility: Choose whether to appear in user search results

Age Requirement for Social Features

Social features (following, activity feed) require you to have a birth date set in your profile and be at least 14 years old, in accordance with Spain's LOPDGDD digital consent age.

6. Service Providers (Processors)

We currently use:

  • Hetzner (Germany/EU) β€” hosting
  • Cloudflare β€” bot protection/security (Turnstile)
  • Mandrill (Mailchimp Transactional) β€” transactional email delivery
  • Google β€” Firebase Cloud Messaging (push) and Google Analytics (analytics)
  • Reddit β€” ad measurement via Reddit Pixel and Conversions API (only with consent)
  • API-Football (France/EU) β€” football match data

7. International Transfers

Some providers (e.g., Google, Mailchimp/Mandrill, Cloudflare) may process personal data outside the EEA. Where applicable, transfers rely on recognized safeguards such as:

  • The EU–U.S. Data Privacy Framework adequacy decision, and/or
  • The European Commission Standard Contractual Clauses (SCCs)

8. Retention

We keep data only as long as necessary:

  • Account and profile data: while your account is active
  • Predictions, league history, messages: while your account is active (unless removed earlier through moderation or deletion)
  • Login attempts: up to 90 days
  • Audit logs: up to 12–24 months (admin/security)
  • Support tickets: up to 24 months after resolution (or longer if needed for legal reasons)
  • Moderation tickets: up to 12 months after resolution. Evidence snippets are retained with tickets for appeals and pattern detection.
  • Backups: point-in-time backups retained for about 10 days. If you delete your account, your data may persist in backups until they rotate.

9. Your Rights

You have the right to access, rectify, erase, restrict, object, and portability under GDPR.

You can:

You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

10. Security

We use appropriate measures such as HTTPS, secure authentication cookies, hashed passwords (bcrypt), rate limiting, and access controls.

11. Age Requirements & Youth Safety

DB Football is not intended for users under 14 years of age. We do not knowingly collect personal data from children under this age.

Birth Date Processing

If you provide your birth date, we use it to:

  • Verify you meet the minimum age requirement (14+)
  • Apply enhanced safety measures for users under 18
  • Determine eligibility for age-related features

Age Visibility

  • Under 18: Your age is never displayed publicly, regardless of settings.
  • 18 and over: You may choose whether to display your age on your profile. This is off by default.

Legal basis: Legitimate interests (youth safety) and Contract (GDPR Art. 6(1)(b)/(f))

11a. Automated Content Moderation

To maintain a safe community, we use automated systems to scan user-generated content (messages, chat) for potential violations of our Code of Conduct.

What We Scan For

  • Profanity and vulgar language
  • Hate speech and discriminatory content
  • Sexual or explicit content

How It Works

  • Content is analyzed in real-time when you send a message
  • Violations may trigger warnings, temporary restrictions, or account bans
  • Serious violations (e.g., hate speech) may result in immediate action
  • A moderation ticket is created for admin review

Data Minimization

When notifying administrators of potential violations, we include only a brief snippet (up to 200 characters) of the flagged content, not the full message. Full content is accessible only through the secure admin interface.

Appeals

If you believe a moderation action was taken in error, you can appeal by contacting us at hello@db.football or through the support system. Please reference any ticket number you received.

Legal basis: Legitimate interests (platform safety) (GDPR Art. 6(1)(f))

12. Updates

We may update this policy. We will post changes on this page and may provide additional notice for material changes.

← Back to Home