Privacy Notice

We collect the data you give us so the game works:

• Email — used to sign you in and contact you about your account.
• Display name — what other players see on leaderboards.
• Locale (EN or ES) — controls the language the site is shown in.
• Country — used for the country leaderboard.
• Fan nation / supported team — used for the fan-nation leaderboard.
• Your fantasy entries and daily predictions, with timestamps.
• Leaderboard rows and cumulative scores derived from your entries.
• Sign-in and session data (signed cookies, login timestamps).
• An 18+ age-attestation timestamp and the version of the wording you agreed to. We deliberately do NOT store your date of birth — only the fact that you self-attested to being 18 or older, and when.
• If enabled, anonymised analytics and error reports via PostHog and Sentry (see §3).
• Messages you send to support, when support is contacted.

Because the game is free-to-play and does not offer wagering, we deliberately do not collect:

• Payment information of any kind — no card, bank, wallet, or crypto details.
• Deposits, withdrawals, or any movement of money.
• Wagering, betting, or odds-related activity — there is none.
• Government ID, social-security numbers, or similar identifiers.
• Sensitive categories of personal data (race, ethnicity, political views, religion, sexual orientation, biometric data, etc.), unless that scope is added in a future feature AND independently reviewed by qualified counsel.

When enabled by the operator, anonymised product analytics may be sent to PostHog and error reports to Sentry. Both are configured behind a PII-redaction layer (see `src/lib/monitoring/redact.ts`) that strips email addresses, IP addresses, JWTs, cookies, and other identifiers before events leave the server. The redaction layer is covered by unit tests. Analytics and error tracking are off by default in any environment that does not set the relevant configuration keys.

We use a small number of first-party cookies for sign-in, session management, and to remember your locale preference. We do not use third-party advertising cookies. We do not run cross-site tracking pixels.

You can ask us to delete your account either by emailing privacy@123soccer.com OR by triggering a self-serve deletion request — sign in, then POST to /api/account/request-deletion. Self-serve deletion anonymises your User row immediately: your email is replaced with a non-personal placeholder, your display name is cleared (the leaderboard renders you as Deleted user), and your country and fan-nation selections are cleared. We do NOT, however, mutate or delete the append-only points-ledger rows that record what predictions and portfolio picks earned, because those rows are immutable by design and serve as an audit trail. The leaderboard and your historical rank still exist, but they are tied to a tombstone user, not to you.

123Soccer is not directed at children under the age of 13 (or the higher age required by your local jurisdiction). Prize-related features (if any) will require additional age and jurisdictional checks before they are enabled. You must be 18 or older to create an account and use 123Soccer.

You can exercise the rights afforded to you by your local law — including under the EU/EEA General Data Protection Regulation, the California Consumer Privacy Act / Privacy Rights Act, and similar regimes (access, correction, deletion, portability, and objection) — by contacting privacy@123soccer.com. We will verify your request and respond within the timeframe required by applicable law.

We do not perform third-party advertising tracking that "Do Not Track" or Global Privacy Control signals would meaningfully affect.

We may update this notice to reflect new features, new analytics tools, or new legal obligations. Material changes will be communicated by an updated effective date on this page.

Privacy questions and data-deletion requests can be sent to privacy@123soccer.com, the primary route for privacy correspondence.