Privacy Policy

Data we collect

Account: email and (optionally) name, handled by our auth provider Clerk.

Network: IP address and basic request metadata, used for rate-limiting, fraud detection, and Vercel server logs.

Payments: we receive a transaction ID and amount from Creem.io (card / fiat MoR) and NOWPayments (USDT). We never see or store your card number, full crypto wallet, or banking credentials.

Cookies: a Clerk session cookie (required to stay signed in) and a localStorage key named pg_lang that remembers your language choice.

Usage: which pages you visit, aggregated via Cloudflare Web Analytics — no PII, no cross-site tracking.

We do NOT collect: precise geolocation, biometric data, health data, or browsing history outside poisgoal.com.

How we use it

To run the service: authentication, access control, payment processing, and customer support.

To stay safe: rate-limiting, fraud detection, and abuse prevention.

To improve the product: aggregated usage analytics (counts, not identities).

We never sell, rent, or share your data with third parties for advertising. No Meta Pixel. No Google Analytics. No ad networks.

Sub-processors

We rely on the following sub-processors to operate POISGOAL. Each receives only the data needed for its job.

• Clerk — authentication (US, Cloudflare infra).

• Neon — PostgreSQL database hosting (US).

• Vercel — web hosting and edge functions (global).

• Cloudflare — CDN, DNS, and aggregate analytics (global).

• NOWPayments — USDT / crypto payment processor (Estonia).

• Creem.io — Merchant of Record for fiat / card payments (Estonia).

• DeepSeek — generates AI pre-match briefings; we send only public match data, never your PII.

• api-football — third-party fixture and odds feed; we are a consumer of their data, we do not send them yours.

Your rights (GDPR + CCPA)

Access — request a copy of the data we hold on you.

Deletion — request erasure of your account and all associated data; processed within 14 days.

Rectification — correct anything inaccurate.

Portability — export your data in machine-readable JSON.

Opt-out — unsubscribe from email and opt out of optional analytics.

Complaint — lodge a complaint with your local data protection authority.

To exercise any of these, email privacy@poisgoal.com. We respond within 24 hours.

Cookies and tracking

Essential: a Clerk session cookie. Disabling this means you cannot sign in.

Preference: a pg_lang value in localStorage remembers your chosen language.

We do NOT use third-party advertising trackers, Meta Pixel, Google Analytics, or remarketing pixels of any kind.

Data retention

Account data: hard-deleted 30 days after account closure.

Transaction records: retained for 7 years to meet tax and anti-money-laundering obligations.

Server logs: rolling 90-day window, then deleted.

Children

POISGOAL is not for anyone under 18. We do not knowingly collect data from minors. If we discover a minor's account, we delete it immediately.

International transfers

Users in the EU, Latin America, and Asia: your data is processed in the US (Clerk, Vercel, Neon) and Estonia (NOWPayments, Creem). We rely on Standard Contractual Clauses (SCC) and signed Data Processing Agreements (DPA) with each sub-processor.

Changes

Material changes are announced by email and via a banner on your account page. If you do not actively object within 14 days of notice, continued use constitutes acceptance.