Privacy Policy

1. Scope and roles

BreakStacks acts as a processor or service provider for certain information entered by club operators about their members, and as a controller of account and usage data needed to run the Service. Club operators may be separate controllers for their roster data; they should provide their own notices where required.

2. Information we collect

We may collect:

• Account data: email address, authentication identifiers (for example from Google sign-in), profile fields you submit, and security logs.
• Club and gameplay data: club names, slugs, settings, member display names, game records, balances or points as configured by the club, invitations, and audit-style timestamps needed to operate features.
• Technical data: IP address, device/browser type, cookies or similar technologies, and diagnostics for security and reliability.
• Support and communications: messages you send us (including via hosted forms on the Support page).

Not gambling accounts. We do not treat in-app virtual “coins” or points as regulated gambling stakes or customer funds held for wagering with BreakStacks.

3. How we use information

We use information to:

• Provide, secure, and improve the Service;
• Authenticate users, prevent fraud and abuse, and comply with law;
• Process subscriptions or payments where offered;
• Communicate about the Service, including transactional messages;
• Respond to support requests and enforce our Terms.

4. Legal bases (EEA/UK-style)

Where GDPR-style rules apply, we rely on appropriate bases such as: contract (to deliver the Service you request); legitimate interests (security, analytics, product improvement balanced against your rights); legal obligation; and consent where we ask it (for example optional marketing, if offered).

5. Sharing and subprocessors

We use trusted infrastructure providers to host the Service and process data—for example Supabase (database and authentication) and, where billing is enabled, Stripe (payments). Those providers process data under their agreements and security practices. We may also disclose information if required by law, to protect rights and safety, or as part of a merger or asset transfer subject to confidentiality obligations.

6. International transfers

Your information may be processed in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

7. Retention

We retain information as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Club operators may delete or export certain club data subject to product capabilities; account deletion flows may be offered where implemented.

8. Security

We implement administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your personal data; object to or restrict certain processing; and withdraw consent where processing is consent-based. To exercise rights, contact us via Support. You may also lodge a complaint with a data protection authority; we ask that you give us a reasonable opportunity to address concerns first.

10. California residents (summary)

If the California Consumer Privacy Act (CCPA/CPRA) applies, you may have rights to know, delete, and correct personal information, and to limit certain uses of sensitive information. We do not “sell” personal information in the conventional tracking-for-money sense; we may use analytics to run the Service. Contact Support to submit requests; we will verify your identity as required by law.

11. Children

The Service is not directed to children under 13 (or the age required in your jurisdiction). If you believe we have collected information from a child, contact Support and we will take appropriate steps to delete it.

12. Complaints and dispute resolution

We take complaints seriously. Please contact us through Support with a clear description of the issue. We will acknowledge good-faith complaints promptly where feasible and work to resolve them. This process does not waive any rights you have under law, including the right to contact a supervisory authority where GDPR applies.

13. Changes to this Policy

We may update this Policy from time to time. We will post the new version and revise the “Last updated” date. Where required, we will provide additional notice.