1. Information We Collect

1.1 Information You Provide

When you use Goalify, we collect the following information:

• Account Information: When you sign in with Google OAuth, we collect your email address, name, and profile picture from your Google account.
• Team Data: Team names, member information, and team settings you create within the service.
• Player Information: Player names, positions, statistics, and profile photos you choose to upload.
• Match Records: Game dates, locations, scores, attendance records, and game statistics.
• Financial Data: If you choose to integrate with Google Sheets, we may access financial records you explicitly authorize.

1.2 Information Collected Automatically

• Usage Data: Information about how you interact with our service, including access times, pages viewed, and features used.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies and Similar Technologies: We use cookies to maintain your session and enhance user experience.

1.3 Health & Fitness Data

When you opt in, we may read the following data types from your device's health platform:

• Heart Rate Data: Real-time and resting heart rate measurements, heart rate variability (HRV)
• Activity Data: Step count, walking/running distance, and active energy (calories burned)
• Workout Sessions: Exercise type, duration, start/end time, and associated metrics
• Respiratory Data: Respiratory rate and blood oxygen saturation (SpO2), if available

How We Use Health Data

Your health data is used solely for the following purposes:

• Displaying workout analysis and performance metrics linked to your match participation
• Generating heart rate zone distribution, sprint detection, and performance scores
• Allowing you to optionally share workout summaries with your teammates

How Health Data Is Stored

• Health data is stored in our secure database (Supabase) with Row Level Security (RLS) enforced — only you can access your own health records
• Data is encrypted in transit (HTTPS/TLS) and at rest
• Raw health snapshots are never exposed to other users; shared data contains only aggregated summaries (e.g., average heart rate, total distance)

Health Data Sharing

• Health data is private by default. You control whether to share workout summaries with your team
• When you enable sharing, only aggregated statistics (not raw biometric data) are visible to teammates
• You can revoke sharing at any time, and shared data will be removed from teammates' views

Health Data Deletion

• You can delete your health data for any match at any time through the app
• You can revoke health data consent entirely, which will prevent further data collection
• Deleting your account will permanently delete all associated health data within 30 days

Apple HealthKit Disclosure

We integrate with Apple HealthKit to read health and fitness data. In accordance with Apple's requirements:

• Data obtained from HealthKit is not used for advertising, marketing, or sale to data brokers
• HealthKit data is not shared with third parties without your explicit consent
• We do not use HealthKit data to build user profiles for purposes unrelated to health and fitness
• We do not disclose HealthKit data to third parties for their own marketing or advertising purposes

Google Health Connect Disclosure

On Android devices, we integrate with Google Health Connect. In accordance with Google's Health Connect policies:

• We request only the minimum permissions necessary for the workout analysis feature
• Health Connect data is used solely to provide the app's health and fitness features
• We do not use Health Connect data for serving advertisements or for non-health-related purposes
• Health Connect is available on Android 8.0 (API 26) and above

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate and maintain Goalify's features including team management, match recording, draft systems, and statistics tracking.
• Authentication and Security: To verify your identity, prevent unauthorized access, and detect fraudulent activity.
• Communication: To send you service-related notifications, updates, and respond to your inquiries.
• Improve Our Service: To analyze usage patterns, develop new features, and enhance user experience.
• Comply with Legal Obligations: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

3.1 Service Providers

We work with third-party service providers who perform services on our behalf:

• Supabase: Database hosting and authentication services
• Google: OAuth authentication and Sheets API integration (when authorized by you)
• Vercel: Web hosting and content delivery network

These providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.4 Public App Feature (Team Choice)

4. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain your data while your account is active.
• Deleted Accounts: When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.
• Legal Obligations: We may retain certain information for legal compliance, dispute resolution, and enforcing our agreements.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data transmission is encrypted using HTTPS/TLS protocols.
• Access Controls: We implement Row Level Security (RLS) policies to restrict data access.
• Authentication: Secure OAuth 2.0 authentication through Google.
• Regular Updates: We regularly update our security measures and conduct security assessments.
• Data Backups: Regular automated backups to prevent data loss.
• Health Data Protection: Health and fitness data is subject to additional protections including consent-gated access, per-user row isolation via RLS, and stripping of sensitive metadata (device names, GPS routes) from shared views.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you.
• Rectification: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information.
• Objection: Object to our processing of your personal information.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your information.

To exercise these rights, please contact us at goalify.support@gmail.com

7. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services. We use cookies for:

• Essential Cookies: Required for authentication and basic service functionality.
• Preference Cookies: Remember your settings and preferences.
• Analytics: Understand how users interact with our service to improve it.

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling cookies may affect the functionality of our service.

8. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

9. Children's Privacy

Goalify is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page with a new effective date
• Sending you a notification through the service or via email

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us using the information above. We will respond to your inquiry within a reasonable timeframe.

13. United States Privacy Rights

13.1 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

Your California Privacy Rights:

• Right to Know: You can request information about the personal information we collected, used, disclosed, and sold about you in the past 12 months.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You can opt-out of the "sale" or "sharing" of your personal information. Note: We do not sell your personal information.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use: You can limit the use and disclosure of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information We Collect:

• Identifiers: Name, email address, Google account ID, IP address
• Internet Activity: Browsing history, search history, interaction with our service
• Geolocation Data: Approximate location based on IP address
• Professional Information: Team membership, player statistics, match records
• Sensitive Personal Information (Health Data): Heart rate, steps, distance, calories, heart rate variability, blood oxygen saturation, respiratory rate — collected only with your explicit opt-in consent via Apple HealthKit or Google Health Connect
• Inferences: Preferences and characteristics derived from your activity

How to Exercise Your Rights:

To exercise your California privacy rights, email us at support@goalify.club with the subject line "California Privacy Rights Request." We will verify your identity before processing your request.

Authorized Agent:

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization or power of attorney.

Shine the Light Law:

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13.2 Virginia, Colorado, Connecticut, and Utah Residents

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have similar rights including:

• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to delete your personal data
• Right to obtain a copy of your personal data (data portability)
• Right to opt-out of targeted advertising, sale of personal data, and profiling

To exercise these rights, contact us at support@goalify.club

13.3 Nevada Residents

Nevada residents have the right to opt-out of the sale of their personal information. We do not sell personal information as defined under Nevada law.

13.4 Do Not Track Signals

Our service does not currently respond to "Do Not Track" (DNT) browser signals. We treat all users consistently regardless of DNT settings.

14. Email Communications (CAN-SPAM Act)

We comply with the CAN-SPAM Act for commercial emails. You can opt-out of marketing emails by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at goalify.support@gmail.com
• Updating your email preferences in account settings

Note: You cannot opt-out of transactional or service-related emails (e.g., account notifications, security alerts).

15. Legal Basis for Processing (GDPR - EEA Users)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

• Consent: You have given us explicit consent to process your information for specific purposes.
• Contract: Processing is necessary to provide you with our services.
• Legal Obligation: Processing is necessary to comply with legal obligations.
• Legitimate Interests: Processing is in our legitimate interests and not overridden by your data protection rights.

Note: US-based operations primarily fall under US privacy laws (CCPA, state laws) rather than GDPR. EEA users are subject to GDPR protections.

← Back to Home