Privacy Policy

1. Introduction

Welcome to Driblink ("we," "us," "our," or "Company"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and mobile application (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing or using Driblink, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration

• Name and username
• Email address
• Password (encrypted)
• Phone number (optional)
• Date of birth
• Profile image/avatar
• Position/role in football
• Bio and personal interests

Age Restrictions & Parental Consent

Minimum Age Requirement: Driblink is intended for users aged 13 and above. Users under 18 are considered minors and require parental or guardian consent to use the Service.

Age Verification Process: During account registration, users must provide their date of birth. We use automated verification checks to validate that the entered date is reasonable and matches registration patterns. For accounts flagged as potentially belonging to minors, we may require additional verification through:

• Confirmation email from a parent/guardian email address
• Third-party age verification services (if available in your jurisdiction)
• Government-issued ID verification for users near the age threshold

Parental Consent for Minors (Under 18): If your child wishes to use Driblink, we require explicit parental or guardian consent. The process includes:

1. Consent Verification: A verification email is sent to the parent/guardian's email address
2. Consent Recording: Parent/guardian must confirm consent by clicking the verification link and accepting the terms
3. Account Linking: The minor's account is linked to the parent/guardian account for monitoring purposes
4. Parental Controls: Parents/guardians can view their child's account activity, game history, club memberships, and contact information

Handling Children's Accounts: For users under 13, we do not knowingly collect personal information. If we discover a user is under 13 without proper verification, we will delete the account and all associated data within 30 days upon notice.

Data Processing for Minors: For users aged 13-17 with valid parental consent:

• We collect minimal personal data necessary for the Service
• We do not use cookies for targeted marketing without explicit consent
• We restrict third-party data sharing (except with essential service providers)
• We do not conduct automated decision-making or profiling

Jurisdictional Notes:

• GDPR (EU/UK): Minors under 16 require parental consent; age of digital consent varies by member state (13-16)
• CCPA (California): Minors under 13 require parental consent; "opt-in" requirement for marketing
• PDPA (Singapore): Children's data is processed only with parent/guardian consent

Withdrawing Consent & Account Deletion: Parents/guardians or users aged 18+ can withdraw consent or request account deletion at any time by:

• Logging into the account and using Account Settings → Privacy → Delete Account
• Using the API endpoint: POST /api/user/delete-account
• Contacting us at privacy@driblink.com with proof of parental relationship

Upon deletion, all personal data associated with the minor's account will be removed within 30 days, except where retention is required by law. Game history and stats may remain (anonymized) for historical records.

Questions or Disputes: If you have concerns about how we handle minor data or parental consent, please contact our Data Protection Officer at privacy@driblink.com or submit a complaint to the relevant supervisory authority in your jurisdiction (ICO for UK, GDPR for EU, CCPA for California, PDPC for Singapore).

Game & Club Management

• Game participation history
• Club memberships and roles
• Game bookings and cancellations
• Team assignments and performance
• Goals scored and assists provided
• Game feedback and ratings

Venue Information

• Venue reviews and ratings
• Venue booking details
• Facility feedback and comments

Communication

• Messages and notifications
• Support requests and feedback
• Profile customization data

2.2 Information Collected Automatically

Device Information

• Device type and operating system
• Browser type and version
• IP address and geolocation (approximate)
• Device identifiers and unique IDs

Usage Information

• Pages/features accessed and time spent
• Links clicked and actions performed
• Referral source
• Search queries
• Error logs and crash reports

Cookies and Similar Technologies

• Session cookies (authentication)
• Preference cookies (settings)
• Analytics cookies (usage tracking)
• Tracking pixels and web beacons

2.3 Information from Third Parties

OAuth Providers

• Basic profile data (Google, Facebook, etc.)
• Email verification status
• Profile pictures

Payment Processors

• Transaction history and amounts
• Billing addresses (not stored by us)
• Payment method type (not full details)

3. Legal Basis for Processing

3.1 GDPR Legal Basis (EU/UK Users)

1. Consent (Article 6(1)(a)) - Marketing communications, direct marketing, non-essential cookies, analytics beyond necessity
2. Contract (Article 6(1)(b)) - Account management, service delivery, game participation, club management
3. Legal Obligation (Article 6(1)(c)) - Fraud prevention, security compliance, tax and accounting records
4. Legitimate Interests (Article 6(1)(f)) - Service improvement and analytics, security and fraud prevention, personalization and recommendations

3.2 CCPA Legal Basis (California Users)

We collect and process personal information for purposes disclosed in this Privacy Policy: providing and improving the Service, fraud prevention and security, analytics and research, and legal compliance.

3.3 PDPA Legal Basis (Singapore Users)

Under the Personal Data Protection Act (PDPA) of Singapore, we process personal data based on the following lawful bases:

1. Consent - You have consented to the collection, use, or disclosure of your personal data for specific purposes (e.g., marketing communications, analytics)
2. Contractual Necessity - Processing is necessary to enter into or fulfill a contract with you (account management, game bookings, club memberships, payments)
3. Legal Obligation - Processing is required to comply with applicable laws and regulations in Singapore (fraud prevention, tax compliance, law enforcement requests)
4. Legitimate Interests - Processing is necessary for our legitimate business interests that do not unreasonably prejudice your rights (security, fraud detection, service improvement, analytics)

4. How We Use Your Information

4.1 Service Delivery

• Creating and managing your account
• Processing game bookings and club memberships
• Managing payments and transactions
• Providing customer support
• Sending service-related announcements

4.2 Service Improvement

• Analyzing usage patterns and trends
• Developing new features and functionality
• Personalizing your experience
• Conducting research and analytics
• A/B testing

4.3 Communication

• Sending transactional emails (confirmations, receipts)
• Responding to inquiries and support requests
• Sending game reminders and notifications
• Marketing communications (with consent)

4.4 Legal and Security

• Preventing fraud and misuse
• Detecting and investigating security incidents
• Enforcing terms of service
• Complying with legal obligations
• Protecting rights, privacy, and safety

4.5 Legitimate Interests

• Improving security measures
• Personalizing content and recommendations
• Analyzing business performance
• Preventing unauthorized access
• Maintaining service integrity

5. Data Sharing and Disclosure

5.1 Data We Share

With Other Users

• Public profile information (name, position, stats)
• Game participation and performance data
• Club membership status
• Reviews and ratings
• Goals and assists in shared games

With Service Providers

• Cloud hosting providers (data processing)
• Email service providers (communications)
• Payment processors (transactions)
• Analytics providers (usage analysis)
• Customer support tools (support tickets)

Legal Requirements

• Law enforcement (with valid legal process)
• Court orders and subpoenas
• Government agencies (as required)
• Child safety protection
• Rights/property/safety protection

5.2 Data We Do NOT Share

• Full passwords or security credentials
• Sensitive payment card details
• One-time verification codes
• Unencrypted personal identifiers
• Health information beyond activity data
• Data sold to third parties for profit

6. Data Retention

6.1 Retention Periods

6.2 Data Deletion

When you delete your account, your personal profile information is removed immediately. Game bookings and participation records are anonymized, and your email address is permanently deleted. However, shared data (goals, game records, historical stats) may be retained for accuracy and integrity of game history.

6.3 Right to Erasure

You may request deletion of your personal data at any time through account settings, email, or our data deletion endpoints. We will process your request within 30 days, except where legal obligations require retention.

7. Your Privacy Rights

7.1 GDPR Rights (EU/UK/EEA Users)

You have the right to:

1. Access (Article 15) - Request a copy of all personal data we hold, receive in portable JSON format via our export endpoint
2. Rectification (Article 16) - Correct inaccurate personal data, update incomplete information
3. Erasure (Article 17) - Request deletion of your personal data, "Right to be forgotten"
4. Restrict Processing (Article 18) - Request limitation of data processing
5. Data Portability (Article 20) - Receive your data in machine-readable format, transfer to another service
6. Object (Article 21) - Oppose marketing communications, opt-out of analytics
7. Automated Decision-Making (Article 22) - Right not to be subject to automated decisions

7.2 CCPA Rights (California Users)

You have the right to:

1. Know - Categories of personal information collected, purposes of collection, source of collection
2. Delete - Request deletion of personal information
3. Opt-Out - Opt-out of data sales (note: we do not sell personal information)
4. Non-Discrimination - No discrimination for exercising rights
5. Limit Use - Limit use to disclosed purposes

7.3 PDPA Rights (Singapore Users)

Under the PDPA, you have the right to:

1. Access (Section 21) - Request access to your personal data held by us
2. Correction (Section 22) - Request correction of inaccurate, incomplete, or false personal data
3. Withdraw Consent (Section 21.2(f)) - Withdraw consent for collection, use, or disclosure at any time (subject to contractual or legal restrictions)
4. Opt-Out of Marketing (Section 21.2(c)) - Opt out of direct marketing via email, SMS, phone, or post
5. Cease Data Use - Request cessation of use or disclosure for purposes you do not consent to

7.4 Exercising Your Rights

To exercise any privacy rights:

1. Online: Account settings → Privacy → [Right]
2. Email: privacy@driblink.com
3. API Endpoints:
   • Export: POST /api/user/export-data
   • Delete: POST /api/user/delete-account

We will verify your identity and respond within 30 days for GDPR or PDPA, or 45 days for CCPA (extendable in some cases).

8. Data Security

8.1 Security Measures

We implement comprehensive security measures:

Data Protection

• AES-256 encryption at rest
• TLS 1.3+ encryption in transit
• Password hashing (bcrypt)
• Secure token generation
• Rate limiting on auth endpoints

Access Controls

• Role-based access control (RBAC)
• Admin audit logging
• Session management
• Secure authentication
• Multi-factor options

Infrastructure Security

• Regular security audits
• Vulnerability scanning
• Intrusion detection
• DDoS protection
• WAF (Web Application Firewall)

8.2 Incident Response

In the event of a data breach, we will investigate immediately, notify affected users within 72 hours (GDPR), provide information about the incident, recommend protective measures, and cooperate with authorities.

Report Security Issues: security@driblink.com

9. Contact Information

9.1 Company Details

Legal Entity: Driblink
Street Address: [Your Company Street Address]
City, Country, Postal Code: [Your City, Country, Postal Code]
Company Registration Number: [Your Registration Number]
VAT Number (if applicable): [Your VAT Number]
Jurisdiction: [Your Jurisdiction]

9.2 Privacy Questions

For privacy-related questions, contact:

Data Protection Officer / Privacy Team
Email: privacy@driblink.com
Response Time: 5-10 business days

9.3 Legal Process

Legal requests/subpoenas should be directed to: legal@driblink.com