Privacy Policy

Last updated: March 2026 · Afrieira Cycling

1. Data controller

The data controller is Afrieira Cycling, an individual operator based in Spain. Contact: [email protected].

2. Data we collect

We collect only what is necessary to provide the service:

  • Account data: Email address, username, and hashed password when you register.
  • Usage data: Game activity such as team selections, league participation, and scores.
  • Payment data: Billing is handled by Stripe. We store only a Stripe customer ID — never your card details.
  • Technical data: IP address and login timestamps for security purposes.

3. How we use your data

  • To provide and maintain the service
  • To send transactional emails (account verification, password reset, payment confirmations)
  • To manage your Premium subscription via Stripe
  • To detect and prevent fraud or abuse

We do not sell your data, show ads, or share your data with third parties for marketing purposes.

4. Legal basis (GDPR)

We process your data under the following legal bases:

  • Contract performanceto provide the service you signed up for.
  • Legitimate interestfor security, fraud prevention, and service improvement.
  • Legal obligationwhen required by applicable law.

5. Third-party services

  • Stripe: Payment processing. Stripe processes payment data under their own privacy policy (stripe.com/privacy).
  • Resend: Transactional email delivery. No marketing emails.
  • Cloudflare: DNS and email routing.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days, except where retention is required by law (e.g. payment records for tax purposes, kept for 5 years).

7. Your rights (GDPR)

As a user in the EU, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es

To exercise any of these rights, contact us at [email protected].

8. Cookies

We use only essential cookies and localStorage for session management (authentication token). We do not use tracking cookies or third-party analytics.

9. Security

Passwords are hashed using bcrypt. All data is transmitted over HTTPS. We take reasonable technical measures to protect your data, but no system is completely secure.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests: [email protected]