Privacy Policy

Version 1.0 · Effective date: 22 May 2026 · Last updated: 22 May 2026

Plain-language summary: We collect your name, email, and profile photo when you sign up so we can identify you within your squads. We use your email for squad invites and (if you opt in) weekly digests. We do not sell your data. You can request a copy of your data or ask us to delete your account at any time.

1. About This Policy

This Privacy Policy describes how SquadPicks ("we", "us", "our") collects, uses, and protects your personal information when you use our platform at squadpicks.io ("Service"). It applies to users worldwide, with specific provisions for users in Canada and India.

This policy is designed to comply with:

Canada: the federal Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), and Canada's Anti-Spam Legislation (CASL).
India: the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.

2. Data We Collect and Why

Data	Source	Why we collect it	Legal basis
Name	Google / Telegram OAuth	Display your name in your squad; identify you to other members	Consent (signup)
Email address	Google OAuth	Squad invites, digest emails, account recovery	Consent (signup)
Profile photo	Google / Telegram OAuth	Display your avatar in squad interfaces	Consent (signup)
Notification preferences	You set them at signup	Determine which emails to send you	Consent (signup)
Picks, votes, ratings	You create them	Core functionality — sharing picks with your squad	Consent / contract performance
Consent record	Signup flow	Compliance audit trail (T&C accepted, timestamp, version)	Legal obligation
Approximate country	IP-derived header (Cloudflare)	Apply the correct legal framework; serve relevant regional content	Legitimate interest
Session cookie	Browser	Keep you logged in for 7 days	Consent / legitimate interest

We collect only the data listed above. We do not access your messages, call logs, banking information, contacts, or device location.

3. How We Use Your Data

Service delivery: Showing your picks, votes, and ratings to squad members you've chosen to share with.
Notifications: Sending transactional emails (new pick added, squad agrees, weekly digest) based on your preferences. You can change or withdraw notification consent at any time in Settings.
Marketing emails: Only if you explicitly opted in at signup (or later). Each marketing email includes a one-click unsubscribe link in compliance with CASL.
Compliance: Retaining a record of when and to which version of our policies you consented.
Platform improvement: Aggregate, anonymised analytics to understand feature usage (no personal data is shared with analytics tools).

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Within your squad: Your name, avatar, picks, and votes are visible to the members of squads you belong to.
Service providers: We use Supabase (database hosting) and Railway (application hosting). Both are bound by data-processing agreements. Supabase stores data in AWS regions; please see supabase.com/privacy for details.
Legal obligations: We may disclose data when required by law, court order, or a lawful government request.

5. Data Retention

Your account and associated data are retained for as long as your account is active.
If you delete your account, we remove your personal profile data within 30 days. Squad content you created (picks) is anonymised rather than deleted to preserve context for other members.
Consent records are retained for 7 years to satisfy legal audit requirements.
Support ticket data is retained for 3 years.

6. Your Rights

Depending on where you are located, you have the following rights over your personal data:

Access Request a copy of all personal data we hold about you.

Correction Ask us to correct inaccurate or incomplete data.

Erasure / Deletion Request deletion of your account and personal data.

Withdraw consent Withdraw marketing consent or notification preferences at any time.

Data portability Receive your data in a machine-readable format.

Grievance / Complaint Lodge a complaint with us or a supervisory authority.

To exercise any of these rights, email privacy@squadpicks.io. We will respond within 30 days (or the shorter period required by applicable law). Identity verification may be required before we process your request.

Canada-specific rights (PIPEDA / Quebec Law 25)

Canadian residents may also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Quebec residents may also contact the Commission d'accès à l'information du Québec (CAI).

India-specific rights (DPDP Act 2023)

Indian residents ("Data Principals") have the rights of access, correction, erasure, and grievance redressal under the DPDP Act. You may also nominate a representative to exercise rights on your behalf. To file a complaint with the Data Protection Board of India, visit the Board's official portal when available.

7. Cookies and Tracking

We use a single session cookie to keep you logged in (valid 7 days, HTTP-only, secure). We do not use third-party advertising cookies or cross-site tracking pixels. If we add analytics in the future we will update this policy and request fresh consent if required.

8. Security

We implement industry-standard technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), HTTP-only secure session cookies, HMAC-based Telegram auth verification, and role-based access controls in our database. No system is 100% secure; if you discover a vulnerability please report it responsibly to security@squadpicks.io.

9. International Data Transfers

Our database is hosted on Supabase, which may store data in AWS regions outside Canada or India. By using the Service and providing consent, you acknowledge this transfer. We ensure our hosting providers maintain adequate data-protection standards. Canadian users: transfers are made under PIPEDA's cross-border transfer provisions. Indian users: we will comply with any data-localisation requirements as mandated under the DPDP Act once corresponding rules are notified.

10. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us at privacy@squadpicks.io and we will delete it promptly. Users aged 13–17 may only use the Service with parental consent.

11. Marketing Communications (CASL Compliance)

We send marketing emails only to users who have provided explicit (express) consent at signup or in account settings. Every marketing email includes:

Our identity and contact information.
A clear one-click unsubscribe mechanism that takes effect within 10 business days.

Transactional emails (pick notifications, squad invites, weekly digest) are sent based on your notification preferences, which you can change at any time in Settings → Notifications.

12. Changes to This Policy

We will notify you of material changes by email (if we have your address) or by displaying a banner on the platform at least 14 days before changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. We record which version of the Privacy Policy you consented to.

13. Contact, Privacy Officer and Grievance Officer

Privacy Officer (Canada — PIPEDA / Quebec Law 25)

Our Privacy Officer is responsible for overseeing compliance with PIPEDA and Quebec Law 25 and handling access and correction requests from Canadian residents.

Role: Privacy Officer, SquadPicks
Email: privacy@squadpicks.io

Grievance Officer (India — DPDP Act 2023, IT Act 2000)

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer for Indian residents ("Data Principals").

Role: Grievance Officer, SquadPicks
Email: grievance@squadpicks.io
Response time: We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

General support

Email: support@squadpicks.io
Or use the in-app support ticket system (Settings → Support).

This policy covers users globally with specific provisions for Canada (PIPEDA, Quebec Law 25, CASL) and India (DPDP Act 2023, IT Act 2000). See our Terms of Service for platform usage rules.