Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Goals Against Limited (“we”, “us”, “our”) collects, uses, and protects your personal information when you use the Goals Against app and website (“the Service”).

1. What we collect

  • Email address — for account login and important service emails
  • Password — stored as a one-way hash, never in plain text
  • Push notification token — to send you alerts
  • Selected rival teams — to know what to notify you about
  • Notification preferences — quiet hours, max-notifications cutoff, etc.
  • Subscription status — managed by Stripe
  • Approximate country (from your device locale) — to show local prices
  • Waitlist email address (if you join via the website) — to tell you when the app launches

2. What we don't collect

  • Card details — these go directly to Stripe, our payment processor. We never see them.
  • Location data
  • Contacts, photos, microphone, or camera access
  • Browsing history outside the app

3. How we use your data

We use your information solely to provide the Service: deliver notifications, manage your subscription, and respond to support requests. We do not sell your data to anyone, ever.

4. Third parties

We use the following service providers, each governed by their own privacy policies:

  • Stripe — payment processing
  • Expo Push Notifications — to deliver push notifications
  • Sportmonks — match data feeds
  • Neon (PostgreSQL) — secure database hosting
  • Railway — application hosting
  • Resend — service email delivery

5. Data retention

We keep your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where required to retain it for legal or accounting purposes (e.g., payment records).

6. Your rights

You have the right to: access your data, correct inaccuracies, request deletion, withdraw consent, and lodge a complaint with the UK Information Commissioner’s Office (ICO). Email support@goalsagainst.com to exercise any of these rights.

7. Security

We use industry-standard encryption (HTTPS/TLS) for all data in transit and store passwords as hashed values. No system is completely secure; in the event of a data breach, we will notify affected users within 72 hours where required by law.

8. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

9. Changes

We may update this policy from time to time. Material changes will be communicated via email or in-app notice.

10. Contact

Questions? privacy@goalsagainst.com