// legal

Privacy Policy

Effective date: March 8, 2026

1. Who We Are

SpectreSports ("we", "us", "our") operates the sports prediction platform at spectresports.net. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

For privacy-related enquiries: support@spectresports.net

2. Data We Collect

We collect the following categories of data:

Account data
Name, email address, hashed password, profile picture, account creation date.
Authentication data
Device identifiers (UUID generated on your device for 2FA trust), login timestamps, IP addresses used at login.
Usage data
Pages visited, features accessed, prediction views, session duration. Used for product improvement only.
Payment data
Payment is processed entirely by Stripe. We receive only a subscription status indicator — no card numbers, bank details, or full payment information is stored on our servers.
Communications
If you contact us by email, we retain your correspondence to resolve your enquiry.

3. How We Use Your Data

We use your data to:

  • Provide, operate, and improve the Service
  • Authenticate your identity and manage your account
  • Process subscription payments through Stripe
  • Send transactional emails (email verification, two-factor authentication codes, billing receipts)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Cookies and Storage

We use the following storage mechanisms:

Authentication cookie
An HttpOnly, Secure, SameSite=None cookie named access_token. Set on login, cleared on logout. Cannot be accessed by JavaScript. Used solely for authentication.
localStorage (device_id)
A randomly generated UUID stored locally on your device. Used to identify trusted devices for 2FA purposes. Contains no personal information.
localStorage (user)
A cached copy of your public profile (name, email, subscription status). Used for UI rendering. Cleared on logout.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

5. Data Retention

We retain your data as long as your account is active. If you delete your account:

  • Account data (name, email, password hash) is deleted within 30 days
  • Login and security logs are retained for up to 90 days for fraud prevention
  • Anonymised usage statistics may be retained indefinitely in aggregate form

6. Third-Party Services

We share limited data with the following third parties only where necessary:

Stripe
Payment processing. Subject to Stripe's Privacy Policy. We do not receive or store full payment details.
Resend
Transactional email delivery (verification codes, receipts). Receives your email address and message content only.
Railway
Backend hosting provider. Your data resides on Railway's infrastructure within their data centres. Subject to Railway's Privacy Policy.
Vercel
Frontend hosting. No personal data is stored on Vercel's infrastructure beyond standard CDN access logs.
API-Football
Sports data provider. No personal data is transmitted to API-Football.

7. Security

We implement industry-standard security measures including:

  • Passwords hashed with bcrypt (never stored in plaintext)
  • Authentication tokens stored as HttpOnly cookies (inaccessible to JavaScript)
  • All data in transit encrypted via TLS 1.2+
  • Database access restricted to application servers only
  • Rate limiting on authentication endpoints to prevent brute-force attacks
  • Two-factor authentication available for all accounts

No system is 100% secure. In the event of a data breach that affects your personal data, we will notify you by email within 72 hours of becoming aware.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your account and associated data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we restrict processing of your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at support@spectresports.net. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. The effective date at the top of this page indicates when the current version was last updated.

11. Contact

For privacy questions, data requests, or to report a concern:

support@spectresports.net

Terms of Service →← Back to home