Privacy Policy
Last updated: April 2026
1. Data Collected
We collect the following personal data: identification data (name, email); Platform usage data (sessions, feedback, performance metrics); organization data (organization name, tax ID); technical data (IP address, browser type, access logs); mobile app data (push notification token, device platform, device name, app version); user-generated content (profile photos, tournament data, AI-generated VIP portraits and trophies).
2. Purpose of Processing
Data is processed for: service provision and improvement; generation of educational reports and analyses via artificial intelligence; service-related communications; compliance with legal obligations.
3. Legal Basis (GDPR)
Data processing is based on: user consent (Art. 6(1)(a) GDPR) for registration and use; contract performance (Art. 6(1)(b) GDPR) for service provision; legitimate interests (Art. 6(1)(f) GDPR) for service improvement and security.
4. Data Retention
Personal data is retained while the account is active. After account deletion, data is removed within 30 days, except when retention is required by law. Anonymized data for statistical purposes may be kept indefinitely.
5. User Rights
Under the GDPR, the User has the right to: access their personal data; rectification of incorrect data; erasure of data (right to be forgotten); data portability; objection to processing; restriction of processing. To exercise these rights, contact us by email.
6. Cookies
The Platform uses essential cookies for operation (authentication, session preferences). We do not use third-party tracking cookies for advertising. Analytical cookies may be used to improve the experience, always with prior consent.
7. Sub-processors
We use the following sub-processors: Supabase (database and authentication, EU servers); Vercel (application hosting); Resend (transactional email delivery); Stripe Payments Europe Ltd. (payment processing, PCI-DSS Level 1 certified); Vendus (AT-certified invoicing in Portugal); Expo Push Notifications (mobile push delivery), routed through Apple Push Notification service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android; OpenAI, Anthropic, xAI and Google AI (AI processing for educational content, portraits and trophies generation). All sub-processors comply with GDPR or equivalent.
8. DPO Contact
For privacy and data protection questions, contact our Data Protection Officer (DPO) at: privacidade@feedxboost.com