PRIVACY POLICY

Hot Comps Ltd ("we", "us") operates the Hot Comps Football Predictor at football.hotcomps.com.

• Account data: email address, username, UK residency and 18+ self-confirmation.
• Game data: match predictions, tournament winner pick, scores, points, streaks, badges, league memberships, credit balance, coupon history.
• Referral data:a per-user referral code, and — if you arrived from someone else's invite link — the referral code that brought you, plus any UTM parameters from the link.
• Technical data: IP address (used for UK geo eligibility and rate-limiting; we store a hashed form for fraud-prevention only), browser type, and push notification subscription endpoints (only if you opt in).
• Marketing preference: opt-in status for promotional communications.

• To operate the prediction game and maintain your account.
• To calculate scores, credit, and leaderboard rankings.
• To issue discount coupons restricted to your account.
• To send push notifications (with your consent).
• To send marketing communications (only with your explicit opt-in consent).
• To detect and prevent fraud or abuse.

• Contract: processing needed to provide the game service you signed up for.
• Consent: marketing communications and push notifications.
• Legitimate interest: fraud prevention and service improvement.

We share data with the following processors to operate the service:

• Supabase (database and authentication)
• Vercel (hosting)
• Cloudflare (CDN and geo-filtering)
• Resend (transactional email)
• OneSignal (push notification delivery — receives a stable pseudonymous user ID for any account that opts in to push)
• Sentry (error monitoring)
• Upstash (caching)

Coupon codes are created on hotcomps.com (WooCommerce) and restricted to your email address. We do not sell your personal data.

Predictions inside private leagues: if you join a private league, your match predictions become visible to other members of that league after each match kicks off. This is a core part of the private-league experience and cannot be disabled. Public leaderboards and club fan leagues do not expose individual predictions.

Account and game data are retained for up to 2 years after the tournament ends. You may request deletion at any time.

Under GDPR/UK GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Request deletion of your account and data.
• Withdraw consent for marketing at any time.
• Object to processing based on legitimate interest.
• Data portability.

You can request account deletion via the Settings page or by emailing support@hotcomps.com. Deletion soft-deletes your account; data is purged within 30 days.

We use first-party cookies and equivalent browser storage only. No third-party advertising cookies. No cross-site tracking. The items we set:

• Authentication cookies (Supabase) — keep you signed in, plus a flag (profile_complete) so we know to skip the profile setup screen.
• Onboarding cookie (onboarded) — remembers that you've seen the welcome cards.
• Attribution cookies (hc_attr, hc_ref, hc_anon) — record where you arrived from (UTM parameters and referral codes) so referral credit attaches correctly. They are first-party only and not shared with advertisers.
• UI preferences (localStorage)— remembers whether you've dismissed banners such as the in-app browser notice or the winner-pick reminder. Stored in your browser only.

You can clear cookies and local storage at any time from your browser settings. Doing so will sign you out and reset dismissed banners.

For data protection queries, contact support@hotcomps.com.