Privacy Policy

Transparency and Control

Last updated: January 12, 2026

1. Introduction

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

2. Definitions & Interpretation

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application refers to fballyt, the software program provided by the Company.
  • Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
  • CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to fballyt (Upbias GmbH). For the purposes of the GDPR, the Company is the Data Controller.
  • Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: Switzerland.
  • Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  • Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
  • Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
  • GDPR refers to EU General Data Protection Regulation.
  • Personal Data is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. For the purposes of the CCPA/CPRA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
  • Service refers to the Application or the Website or both.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purposes of the GDPR, Service Providers are considered Data Processors.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to fballyt, accessible from https://www.fballyt.com.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You can be referred to as the Data Subject or as the User as you are the individual using the Service.

3. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data: While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to: Email address, First name and last name, Usage Data.

Usage Data: Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

Information from Third-Party Social Media Services: The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services: Google, Facebook, Instagram, Twitter, LinkedIn.

4. Data Retention (Offline-First)

App Data (Offline-First): Match statistics, player profiles, and tactical session data entered into the Application are stored locally on Your Device. The Company does not sync, upload, or retain this specific data on its servers. Therefore, retention of this data is solely under Your control.

Account Data: The Company will retain minimal Account Data (email, name, subscription status) only for as long as is necessary for the purposes set out in this Privacy Policy.

The Company will also retain Usage Data for internal analysis purposes (via Google Analytics/Firebase) to improve the Service.

5. Tracking Technologies and Cookies

We use Cookies and similar technologies to ensure the security, stability, and functionality of Our Service. Unlike standard tracking tools, we do not use these technologies for behavioral profiling or advertising. The technologies We use include:

  • Cookies or Browser Cookies: A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. Our core tools, such as the Tactical Board, utilize local storage to function even if third-party cookies are blocked.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies:

    These Cookies are generated by our infrastructure providers (Google/Firebase) to protect the site against automated attacks, bots, and session hijacking.

  • Functionality Cookies:

    These Cookies identify session context to allow regional assets, such as the Google Play badge, to load correctly for your specific location.

  • Analytical Session Cookies:

    Our analytics provider (Plausible) may utilize a functional session cookie (such as _plausible_prod) to ensure secure and stable data transmission during your visit. This does not track you across other websites.

  • Browser Local Storage:

    While not a cookie, we use Local Storage to save your formations and tactics directly on your device. This data is never sent to our servers.

We do not use Tracking, Performance, or Advertising cookies for profiling. Our visitor statistics are handled by Plausible Analytics, which prioritizes a privacy-first approach without storing persistent identifiers.

Our mobile application does not use browser cookies. However, it utilizes mobile-specific identifiers for technical stability (randomized Installation IDs via Firebase) and for displaying advertisements (Advertising IDs via AdMob), which are subject to user consent. All coaching data (Match stats, players) is stored locally in an encrypted Isar database and never leaves your device.

6. Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

Website Analytics: For our Website, We use Plausible Analytics to track usage trends. Plausible is a privacy-focused analytics tool that does not use cookies and does not collect any personal data or personally identifiable information (PII). All data is aggregated and isolated to a single day.

Mobile Application Analytics: We use Google Analytics and Firebase. You may opt-out of certain features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy.

7. Advertising

We may use Service Providers to show advertisements to You to help support and maintain Our Service.

Google AdSense & DoubleClick Cookie: Google, as a third party vendor, uses cookies to serve ads on our Service. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet.

AdMob by Google: AdMob by Google is provided by Google Inc. You can opt-out from the AdMob by Google service by following the instructions described by Google.

8. GDPR Privacy (Europe)

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions: Consent, Performance of a contract, Legal obligations, Vital interests, Public interests, Legitimate interests.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Request access to Your Personal Data.
  • Request correction of the Personal Data that We hold about You.
  • Object to processing of Your Personal Data.
  • Request erasure of Your Personal Data.
  • Request the transfer of Your Personal Data.
  • Withdraw Your consent.

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us.

9. LGPD Privacy Notice (Brazil)

This section applies solely to users who reside in Brazil. The Lei Geral de Proteção de Dados (LGPD) grants Brazilian residents specific rights regarding their Personal Data.

Your Rights under LGPD

If You are a Brazilian resident, You have rights similar to those set out in the GDPR section above. Specifically, under LGPD (Article 18), You have the right to:

  • Confirmation: Confirm the existence of data processing.
  • Access: Access Your data (stored locally on Your device).
  • Correction: Correct incomplete, inaccurate, or out-of-date data.
  • Anonymization/Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data.
  • Portability: Port Your data to another service provider.
  • Deletion: Delete personal data processed with Your consent.
  • Information: Obtain information about public and private entities with whom We shared data.
  • Revocation: Revoke consent at any time.
Exercising Your LGPD Rights

Local Data: Because our App is "Offline-First," the most effective way to exercise your rights (Access, Correction, Deletion) is directly within the App on your device. Uninstalling the App permanently deletes all local User Data.

Account Data: For data held on our servers (Account/Login), You may contact our Data Protection Officer (DPO) at [email protected] with the subject line "LGPD Request".

10. CCPA/CPRA (California)

This section applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

  • Category A: Identifiers. (Collected: Yes)
  • Category B: Personal information categories listed in the California Customer Records statute. (Collected: Yes)
  • Category C: Protected classification characteristics under California or federal law. (Collected: No)
  • Category D: Commercial information. (Collected: Yes)
  • Category E: Biometric information. (Collected: No)
  • Category F: Internet or other similar network activity. (Collected: Yes)
  • Category G: Geolocation data. (Collected: No)
  • Category H: Sensory data. (Collected: No)
  • Category I: Professional or employment-related information. (Collected: No)
  • Category J: Non-public education information. (Collected: No)
  • Category K: Inferences drawn from other personal information. (Collected: No)
  • Category L: Sensitive personal information. (Collected: Yes - Account login/password)
Your Rights under the CCPA/CPRA

The CCPA/CPRA provides California residents with specific rights regarding their personal information: The right to notice, The right to know/access, The right to say no to the sale or sharing of Personal Data (opt-out), The right to correct Personal Data, The right to limit use and disclosure of sensitive Personal Data, The right to delete Personal Data, The right not to be discriminated against.

Do Not Sell My Personal Information

We do not sell personal information as the term sell is commonly understood. We do allow Service Providers to use Your personal information for the business purposes described in Our Privacy Policy, for activities such as advertising, marketing, and analytics, and these may be deemed a sale under CCPA/CPRA. You have the right to opt-out of the sale of Your personal information.

11. Children's Privacy

Parental Responsibility: The Service is intended for use by parents, coaches, and guardians to track the performance of athletes, who may be under the age of 13 ("Minors").

Local Storage of Minor's Data: Any data regarding a Minor (e.g., name, match statistics) entered into the Application is stored locally on the User's device. The Company does not knowingly collect, upload, or process personally identifiable information from anyone under the age of 13 on its servers.

If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data (e.g., via a direct email inquiry), please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

12. Contact Us

If you have any questions about this Privacy Policy, You can contact us: