Privacy Policy

Last updated: 7 March 2026

1. Introduction

Score A Kick ("we", "us", "our") operates the Score A Kick website and service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: username, email address, and password (stored as a salted hash — we never store plaintext passwords)
  • Payment information: processed and stored exclusively by Dodo Payments. We do not store your credit card number, CVV, or full payment details on our servers. We retain only your Dodo Payments customer ID and subscription ID for account management.

2.2 Information Collected Automatically

  • Authentication tokens: JWT tokens stored in HttpOnly secure cookies for session management
  • Usage data: pages visited, features used, and general interaction patterns with the Service
  • Device and browser information: IP address, browser type, operating system, and device identifiers collected through standard server logs

2.3 Information We Do Not Collect

We do not collect your real name, physical address, phone number, date of birth, government IDs, financial account details, geolocation data, or any biometric data. We do not track you across other websites.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process subscription payments through Dodo Payments
  • Enforce our Terms and Conditions and paywall access controls
  • Communicate important service updates (e.g., security notices, billing issues)
  • Monitor and improve the performance, security, and reliability of the Service
  • Comply with legal obligations

We do not sell, rent, or trade your personal information to any third party.

4. How We Share Your Information

We may share your information only in the following circumstances:

  • Payment processing: We share necessary billing information with Dodo Payments to process payments. Dodo Payments' use of your data is governed by their Privacy Policy.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Protection of rights: We may disclose information when we believe it is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Passwords are stored using salted cryptographic hashing (never in plaintext)
  • Authentication uses HttpOnly, Secure, SameSite cookies to prevent XSS and CSRF attacks
  • JWT tokens have limited lifetimes and are rotated on refresh
  • Database hosted on Supabase with encryption at rest and in transit
  • All connections use HTTPS/TLS encryption

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.

6. Cookies and Tracking

We use the following cookies:

  • access_token: HttpOnly secure cookie containing a short-lived JWT for authentication. Expires after 1 hour.
  • refresh_token: HttpOnly secure cookie for obtaining new access tokens. Expires after 30 days.

These are strictly necessary cookies for the Service to function. We do not use advertising cookies, analytics trackers, or third-party tracking pixels. We do not participate in cross-site tracking or behavioral advertising.

7. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your account and personal data
  • Object to or restrict the processing of your personal data
  • Request a copy of your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at support@mails.scoreakick.com. We will respond within 30 days.

9. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data is:

  • Contract performance: processing necessary to provide the Service you signed up for
  • Legitimate interests: security monitoring, fraud prevention, and service improvement
  • Legal obligation: compliance with applicable laws

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

10. California Users (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at support@mails.scoreakick.com.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at support@mails.scoreakick.com.