Privacy Policy

Last updated: April 28, 2026

We collect only what we need to make ScoreMind.AI work. We never sell your data, and you can delete your account at any time from the in-app Settings.

1. Who we are

ScoreMind.AI ("ScoreMind", "we", "our", "us") is operated by Datanaat. This policy explains what personal data we collect when you use our mobile app (iOS, Android) or website at scoremind.ai, and what we do with it.

2. Data we collect

Category	What it is	Why we need it
Account	Email, display name, optional avatar; auth provider (Google, Apple, email/password)	Sign in, attach your subscription, sync your favourite teams across devices
Profile preferences	Country, age range, favourite teams/leagues, theme, language	Personalize the home screen, surface local leagues first
Activity	Picks you make, ScoreBot conversations, daily login streak, coin balance	Run the gamification + leaderboard features, evaluate your prediction accuracy
Subscription	Tier (free / plus / premium), expiry date, original platform receipt id	Verify your subscription is active, restore on a new device
Push tokens	Firebase Cloud Messaging device token	Send you match-start, goal, and result notifications you opted into
Diagnostic / usage	App version, OS, anonymous request rate counters, error logs	Detect bugs, prevent abuse, improve performance

We do not collect: precise location (GPS), contacts, photos, or microphone audio.

3. How we use the data

Run the app. Show your picks, your subscription tier, your daily reward, your followed teams.
Personalize content. Lead the home feed with leagues from your country.
Improve the model. Aggregate prediction accuracy across all users to retune the scientific model. Individual identities are not used in model training.
Send notifications. Only those you opted into in Settings → Notifications.
Prevent abuse. Rate-limit ScoreBot calls and detect script-driven access.

4. Third parties

To run the app we share specific data with the following processors:

Supabase — hosts the database where your account, picks, and preferences live.
Railway — hosts our backend API and crons (no user data stored here, only forwarded).
Google AdMob — serves rewarded video ads for ScoreBot ad-gated messages on free / quota-exhausted users. Ad personalization can be turned off in your device settings.
Google Generative AI (Gemini) — powers ScoreBot replies. Your message text is sent for inference; responses are not used by Google to train its model on your data per the API ToS.
Anthropic (Claude) — fallback ScoreBot model. Same processing terms.
Sportmonks — match data feed. We send no user data to Sportmonks; we only fetch fixtures, lineups, scores.
Apple App Store / Google Play — handle subscription billing and receipt verification.
Firebase Cloud Messaging — delivers push notifications.
Resend — sends contact/feedback emails when you reach us via the in-app form.

We do not sell your personal data to advertisers, brokers, or any third party.

5. Data retention

We keep your account-level data for as long as you have an active account. Activity data (picks, ScoreBot messages older than 3 days, login streaks) is retained on a rolling basis to support feature timelines and accuracy backtests. When you delete your account, all of the above is removed within 30 days from our active systems. Some entries (purchase audit logs) are retained longer where required by tax, legal, or anti-fraud obligations.

6. Your rights

Access / export. Email info@datanaat.com with the subject "Data export" and we'll send you a JSON of everything we hold about your account within 14 days.
Correction. Most fields you can edit yourself in Settings.
Deletion. Settings → Account → Delete Account. The deletion is propagated across all linked tables, push tokens are unregistered, and Apple Sign-in tokens (if applicable) are revoked through Apple's revoke endpoint per Guideline 5.1.1(v).
Object / withdraw consent. You can disable notifications, opt out of analytics, or stop using the app at any time.

7. Children

ScoreMind.AI is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe we have collected such data, please contact us so we can delete it.

8. Security

Passwords are hashed and never stored in plaintext. Database connections are encrypted in transit (TLS) and at rest. Backend API keys are stored in Railway's encrypted secret manager. We follow industry-standard practices, but no internet-connected service is 100% secure — please use a strong unique password.

9. International transfers

Our infrastructure (Supabase, Railway, Google) operates in the United States and the European Union. By using the app you consent to your data being processed in those regions.

10. Changes

We may update this policy from time to time. The "Last updated" date at the top indicates when. Material changes will be communicated in-app on next launch.

11. Contact

Questions or requests? Email info@datanaat.com. We reply within 5 business days.