Privacy Policy
Last updated: 3 May 2026
This policy explains what CrowdKick (“we”) collects, why, how we use it, who we share it with, and how you can delete it. We try to keep the language plain. If anything is unclear, email crowdkickapp@gmail.com.
1. Summary
- No account is required. You are identified by an anonymous device ID.
- Location is requested as “When In Use” only. Never collected in the background.
- We do not sell personal information. We do not advertise.
- You can permanently delete all of your data from inside the app: Me tab → Delete account & all data.
2. What we collect
| Data type | Why | Linked to you? |
|---|---|---|
| Anonymous device ID (UUID) | Distinguishes one device from another so the app can render the heatmap and apply rate limits. | Yes, but anonymous — not tied to your name, email, or phone. |
| Coarse + precise location | Renders your position on the map and contributes anonymous “pings” to the live fan-density heatmap. Only collected while you are actively using the app. | Linked only to the anonymous device ID. Locations are aggregated for the heatmap. |
| Team allegiance (sport + team you picked) | Filters matches and venues to your team. | Linked to the anonymous device ID. |
| Crash & performance diagnostics (only when enabled) | Helps us fix bugs. Disabled by default until we publish a release with telemetry on. | Not linked to your identity. |
We do not collect: your name, email address, phone number, photos, contacts, calendar, microphone input, advertising identifier (IDFA), or browsing history.
3. Service providers we use
| Provider | What they receive |
|---|---|
| Supabase (database + realtime) | The data above. Hosted in Canada (Central). |
| Mapbox | Standard map-tile requests (your viewport coordinates) so the map renders. Mapbox does not receive your device ID. |
| API-Sports | Provides match schedules, team logos, and venue data. Does not receive any of your data. |
| Apple Push Notification service (only if push is enabled in a future release) | An anonymous push token. Currently not used. |
We do not use Google Analytics, Facebook SDK, or any advertising network. There is no third-party tracking inside the app.
4. How we use the data
- To render the live fan-density heatmap.
- To show you matches and venues for the team you picked.
- To rate-limit ping submissions and prevent abuse.
- To diagnose crashes and performance issues (when enabled).
That is the complete list. We do not profile you for advertising, build behavioural shadow-profiles, or sell data to anyone.
5. Retention
- Live ping coordinates: retained for 15 minutes for the heatmap, then evicted from active state. Aggregated counts may be retained for up to 90 days for trend analysis.
- Device ID and team preferences: retained until you delete your account or the device is inactive for 12 months.
- Diagnostic logs: retained 90 days.
6. Your rights
- Access — You can request a copy of all data linked to your device ID by emailing crowdkickapp@gmail.com. We respond within 30 days.
- Deletion — The fastest way is in-app: Me tab → Delete account & all data. This permanently removes your device ID, team preferences, pings, and any associated profile from our servers. You can also email us with your device ID and we will delete the data within 30 days.
- Correction — Since we collect no identifying information beyond an anonymous ID, there is nothing to correct. You can change your team allegiance any time in Settings.
- Opt out of diagnostics — Diagnostics are disabled by default. When enabled in a future release, you will be able to disable them in the app.
7. Children’s privacy
CrowdKick is rated 12+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used CrowdKick, email crowdkickapp@gmail.com and we will delete the associated data promptly.
8. International users — GDPR & PIPEDA
If you are in the European Economic Area or the United Kingdom, the legal basis for our processing is your consent (granted when you accept location permission and when you submit a ping) and our legitimate interest in operating the app. You can withdraw consent at any time by deleting your data in-app or emailing us. You also have the right to lodge a complaint with your supervisory authority.
If you are in Canada, this policy is intended to comply with PIPEDA. Our Privacy Officer is reachable at crowdkickapp@gmail.com.
9. California (CCPA / CPRA)
We do not sell or share personal information for cross-context behavioural advertising. California residents have the right to know what we collect, request deletion, and opt out of sale (which is moot, since we do not sell). Contact crowdkickapp@gmail.com.
10. Security
All traffic to and from the app is over HTTPS. Data is stored on Supabase with row-level security enabled. We do not store passwords because we do not have accounts.
11. Changes to this policy
If we materially change this policy, we will update the “Last updated” date at the top and, where required, surface a notice in-app before the change takes effect.
12. Contact
For privacy questions or general support, email crowdkickapp@gmail.com.