S
SportyChat

Privacy Policy

Effective date: May 15, 2026 · Last updated: May 15, 2026

1. Introduction

SportyChat (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

This policy applies to all users of the SportyChat mobile app and web application. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information you provide directly:

  • Account data: Name, email address, username, and password (stored as a bcrypt hash — we never store plaintext passwords).
  • Profile data: Profile photo, bio, sports preferences, skill level, and date of birth.
  • User content: Posts, comments, match details, community information, and messages you send through the Service.
  • Communications: Messages you send to our support team.

Information collected automatically:

  • Location data: Approximate or precise GPS coordinates (with your permission) used to show nearby communities and matches.
  • Device information: Device type, operating system, app version, and unique device identifiers.
  • Usage data: Features you use, pages you view, actions you take, and time spent in the app.
  • Log data: IP address, browser type, referring URLs, and error logs for security and debugging.

3. How We Use Your Information

  • To create and manage your account and provide the core features of the Service.
  • To show you nearby communities, matches, and athletes based on your location.
  • To personalize your feed and provide AI-powered recommendations (when enabled).
  • To facilitate real-time chat and community interactions.
  • To send push notifications about matches, messages, and community activity (which you can disable in settings).
  • To moderate content and enforce our community guidelines.
  • To improve, analyze, and develop new features of the Service.
  • To detect and prevent fraud, spam, abuse, and security incidents.
  • To comply with legal obligations.

4. Location Data

Location data is central to SportyChat’s core functionality — it enables you to find nearby sports communities and matches. We collect location in two ways:

  • Approximate location (derived from IP address): Used even if you deny GPS access, for general regional matching.
  • Precise location (GPS): Collected only with your explicit permission. You can revoke this at any time in your device settings.

We do not share your precise real-time location with other users. Only approximate distance (e.g. “2.5 km away”) is shown publicly. Location data is not sold to third parties.

5. AI & Machine Learning

SportyChat uses AI models (Google Gemini and OpenAI GPT-4o) to power features such as feed ranking, community recommendations, and content moderation.

  • Before sending any data to AI providers, we anonymize or pseudonymize it — your name, email, and other directly identifying information are never included in AI prompts.
  • We generate and store vector embeddings of your interests and activity to power recommendations. These embeddings are stored in our own database and are never shared externally.
  • AI personalization features can be disabled in Profile → Settings → Privacy.
  • You can request deletion of all AI-related profile data via sportychatofficialapp@gmail.com.

6. How We Share Your Information

We do not sell your personal data. We may share data with:

  • Service providers: Third-party vendors that help us operate the Service (e.g., Supabase for authentication, Upstash for caching, Stream.io for chat, Firebase for push notifications). These providers are contractually bound to handle data securely and only for specified purposes.
  • Other users: Your profile name, username, profile photo, sports, and community memberships are visible to other users. Your email address is never publicly visible.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of SportyChat, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before this happens.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • All data in transit is encrypted using TLS 1.3.
  • Passwords are hashed using bcrypt with a cost factor of 12.
  • Access tokens are short-lived (1 hour) and stored only in memory — never in localStorage or cookies accessible to JavaScript.
  • Refresh tokens are stored in httpOnly, Secure, SameSite=Strict cookies on web, and in encrypted storage on mobile.
  • Failed login attempts trigger rate limiting and account lockout after 10 consecutive failures.
  • Database data is encrypted at rest (managed by Supabase/PostgreSQL).

Despite these measures, no system is completely secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

8. Data Retention

  • Your account data is retained for as long as your account is active.
  • When you delete your account, your profile is anonymized within 30 days: your name is replaced with “Deleted User”, email is hashed, and personally identifying fields are cleared.
  • User content (posts, match records) may be retained in anonymized form for platform integrity.
  • AI embeddings and personalization data are permanently deleted within 7 days of account deletion.
  • Server logs are retained for up to 90 days for security monitoring.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for direct marketing or profiling.
  • Restriction: Request that we limit the processing of your data.
  • Withdraw consent: Withdraw consent for data processing where consent is the legal basis.

To exercise any of these rights, email sportychatofficialapp@gmail.com. We will respond within 30 days. You can also manage most of these directly in Profile → Settings → Privacy.

10. Cookies & Tracking

The SportyChat web app uses the following:

  • Essential cookies: httpOnly refresh token cookie required for authentication. Cannot be disabled.
  • Analytics: We may use privacy-respecting analytics to understand aggregate usage patterns. No cross-site tracking.

The mobile app does not use browser cookies. Firebase Cloud Messaging uses a device token for push notifications, which you can revoke by disabling notifications in device settings.

11. Children’s Privacy

SportyChat is not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete it. If you believe a child under 13 has registered, please contact sportychatofficialapp@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

For privacy-related questions, data requests, or concerns:

Privacy:sportychatofficialapp@gmail.com
Support:sportychatofficialapp@gmail.com
Legal:sportychatofficialapp@gmail.com
Website:sportychat.app

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.