Privacy Statement

• Account and identity data: email address, name if available, authentication identifiers, sign-in status, session information, and account settings provided through WorkOS AuthKit.
• Workbench and product data: teams, nations, matches, saved boards, pinned or archived items, scenarios, analysis requests, generated outputs, credit usage, and similar product state. Signed-out demo state may stay only in your browser. Signed-in product state may be stored against your account.
• Billing and entitlement data: checkout status, pass or tier, credit balances, transaction identifiers, Stripe customer identifiers, billing email, receipts, refunds, and accounting records. Stripe processes card details; we do not receive or store full card numbers.
• Technical, security, and usage data: IP address, approximate location derived from network data, device and browser details, URLs requested, timestamps, error reports, diagnostic logs, rate-limit signals, fraud-prevention signals, and security events.
• Communications data: messages you send to us, support requests, enterprise or press enquiries, survey responses, and any email preferences. If you previously joined a waitlist or asked for launch updates, we may retain that contact record until you unsubscribe or ask us to delete it.
• Notification data: browser notification permission is controlled by your browser. The current app may use followed teams or matches to trigger local or in-app notifications, but it does not run a separate push-notification backend.
• Sports data: fixtures, teams, squads, players, officials, scores, odds-like market inputs where licensed, and other football data from public or licensed sports-data providers. If you are a player, coach, official, or other person appearing in sports datasets, that data usually comes from those sources rather than directly from you.

• Provide, personalise, sync, and secure the Opono Football service.
• Authenticate users, manage sessions, prevent abuse, and enforce account and credit limits.
• Save workbench state, generate analyses, return AI-assisted football outputs, and keep an audit trail of credit grants and spends.
• Process purchases, receipts, refunds, tax, accounting, fraud checks, and billing support through Stripe.
• Monitor uptime, debug errors, improve speed, maintain security, and investigate suspicious activity.
• Respond to support requests and send service, legal, security, billing, product, or optional marketing communications.
• Improve the product, football models, prompts, ranking, safety, and reliability using usage patterns, analysis requests, outputs, logs, and feedback, while minimising direct identifiers where practical.
• Comply with law, enforce our terms, protect rights and safety, and support corporate transactions such as financing, acquisition, or reorganisation.

We do not use full payment details or authentication tokens for model training. The planned analysis service receives the analysis kind and payload needed to run the job; user authentication tokens do not need to leave the Opono web server for that service call. If we materially expand how personal data is used for model training, advertising, or third-party data sharing, we will update this statement and obtain consent where the law requires it.

• Contract, to provide accounts, saved workspaces, analyses, purchases, credits, support, and service communications.
• Legitimate interests, to secure the service, prevent fraud, debug issues, understand usage, improve Opono Football, and protect our users and business, balanced against privacy rights.
• Legal obligation, for tax, accounting, sanctions, payment, consumer-protection, records, and lawful request obligations.
• Consent, where required for optional marketing, browser notifications, non-essential cookies, or certain future data uses. You may withdraw consent through the relevant control or by contacting us.

• Service providers that help us run Opono, including WorkOS for authentication, Convex for database and backend functions, Vercel for hosting and aggregate web analytics, Stripe for payments, PostHog for product analytics and session replay (EU-hosted), Google Cloud for data storage and future analysis compute, Better Stack or similar uptime-monitoring tools, Resend or similar email tools, support tools, and security vendors.
• Sports-data providers, such as SportMonks and any future licensed football-data suppliers, where needed to provide fixture, team, player, live-match, and analytics features.
• Professional advisers, including lawyers, accountants, auditors, insurers, banks, and corporate advisers.
• Authorities or other parties when we believe disclosure is legally required, protects rights or safety, prevents abuse, enforces our terms, or responds to valid legal process.
• Corporate transaction parties if we explore or complete a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.

• Account and workbench data is generally kept while your account is active or while needed to provide the service.
• Billing, tax, accounting, and fraud-prevention records may be kept for up to seven years, or longer if required by law or a dispute.
• Security logs, diagnostics, and server logs are kept for shorter operational periods unless needed for investigation, safety, legal, or abuse-prevention reasons.
• Analytics events and session replays are kept for the retention period configured with our analytics provider and then deleted or aggregated; session replays are kept for a shorter period than event statistics.
• LocalStorage data remains in your browser until you clear it, change browser profile, or the app overwrites it.
• Backups may retain deleted data temporarily until they are overwritten according to ordinary backup cycles.
• Marketing or waitlist contact records are kept until you unsubscribe, object, or ask us to delete them, unless we need a suppression record to respect that request.