Joga Bonito - Football Coaching Platform

Important: Joga Bonito is operated from the United Kingdom. Depending on where you're located, different laws and rights may apply to you. Please review the sections relevant to your region below.

Joga Bonito ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our website and services at jogabonito.app.

Introduction

Who we are: Joga Bonito is a football coaching platform. For data protection purposes, we are the data controller for the personal information we collect through our Service.

Contact details: If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@jogabonito.app

This Privacy Policy complies with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For users outside the UK, we also comply with applicable data protection laws in your jurisdiction, including the EU GDPR where applicable.

Important Information About Player Data

Player data you record (names, statistics, match information) is stored locally on your device only. We do not collect, access, or store this information on our servers.

What this means for you:

You are the data controller for any player information you record
You are responsible for obtaining appropriate consent from players (or parents/guardians for minors)
You must have a lawful basis under UK GDPR for processing this data
You are responsible for keeping this data secure on your device
You must comply with data subject rights requests for this data
We cannot help you recover player data if you lose it or clear your browser storage

Your obligations as a coach:

When recording player information, you should:

Obtain consent from adult players or parental consent for players under 18 (or the age of majority in your jurisdiction)
Inform players what data you're collecting and why
Keep the data secure and confidential
Only use the data for legitimate coaching purposes
Delete data when no longer needed
Respond to requests from players to access or delete their data
Comply with all applicable data protection laws in your country or region

Information We Collect

1. Account Information

When you create an account, we collect:

Email address (required for login and communications)
Password (stored as an encrypted hash, we cannot see your actual password)
Account creation date
Subscription status

Legal basis: Contract - necessary to provide you with an account and access to our Service.

2. Subscription and Payment Information

When you purchase a subscription, we collect:

Billing information (processed by Stripe, our payment processor)
Subscription plan and status
Payment history and transaction IDs

Payment card details are processed and stored by Stripe, not by us. We never see or store your complete card information. Stripe's privacy policy can be found at stripe.com/privacy.

Legal basis: Contract - necessary to process your subscription and payments.

3. Content You Create

We store content you create while using our Service:

Custom drills and training sessions you design
Saved or favorited drills and sessions
Training preferences and settings

Legal basis: Contract - necessary to provide the Service features you've requested.

4. Technical and Usage Information

We automatically collect:

IP address
Browser type and version
Device type and operating system
Pages visited and features used
Date and time of access
Referring website
General location (country/city level, based on IP address)

Legal basis: Legitimate interests - to operate, maintain, and improve our Service, prevent fraud, and ensure security.

5. Cookies and Similar Technologies

We use essential cookies to:

Keep you logged in
Remember your preferences

Legal basis: Legitimate interests - essential cookies are necessary for the Service to function.

6. Communications

If you contact us, we collect:

Your email address and name
The content of your messages
Any attachments you send

Legal basis: Legitimate interests - to respond to your inquiries and provide support.

How We Use Your Information

Provide and Maintain the Service

Create and manage your account
Process your subscriptions and payments
Deliver the features and functionality you've requested
Store your created content and preferences
Authenticate your login

Communicate With You

Send transactional emails (account confirmations, password resets, payment receipts)
Respond to your questions and support requests
Send important service updates or changes to our terms
Send promotional emails about new features (you can opt out)

Improve and Develop Our Service

Analyze usage patterns to improve functionality
Identify and fix technical issues
Develop new features based on user behavior
Conduct research and analysis

Ensure Security and Prevent Fraud

Detect and prevent fraudulent transactions
Protect against abuse and unauthorized access
Enforce our Terms of Service
Comply with legal obligations

How We Share Your Information

We do not sell your personal information to third parties. We only share your information in the following limited circumstances:

Service Providers

We share information with trusted third-party service providers who help us operate our Service:

Stripe - payment processing (see stripe.com/privacy)
Vercel - application hosting and deployment (see vercel.com/legal/privacy-policy)
Neon - database services for storing account and content data (see neon.tech/privacy-policy)

These providers process data on our behalf and are contractually obligated to protect your data.

Legal Requirements and Law Enforcement

We may disclose your information if required by law or in response to valid legal processes:

UK/EU users: Court orders and legal processes from UK or EU member state authorities, requests from law enforcement under applicable UK or EU law, compliance with UK GDPR, EU GDPR, and Data Protection Act 2018.

US users: Valid subpoenas, court orders, or other legal processes under US law, law enforcement requests where legally required, compliance with federal and state privacy laws including CCPA/CPRA.

We will notify you of legal requests for your information unless prohibited by law or court order.

Business Transfers

If Joga Bonito is acquired, merged, or undergoes a business restructuring, your information may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent

We may share your information for other purposes with your explicit consent.

Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy.

Specific retention periods:

Account information: Retained while your account is active, plus 30 days after deletion (to allow recovery if deleted accidentally)
Payment records: Retained for 7 years to comply with UK tax and accounting requirements
Usage analytics: Aggregated data retained indefinitely; individual user data deleted after 26 months
Support communications: Retained for 3 years
Local player data: Not stored by us; retention is your responsibility

You can request deletion of your account and associated data at any time by contacting hello@jogabonito.app. We will delete your data within 30 days, except where we're legally required to retain it.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit (HTTPS/TLS)
Secure password hashing
Access controls limiting who can access your data
Secure payment processing through PCI-compliant providers (Stripe)

However, no internet transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your responsibilities:

Use a strong, unique password
Keep your login credentials confidential
Enable two-factor authentication if available
Log out when using shared devices
Keep your device and browser secure

Your Rights Under Data Protection Laws

Depending on your location, you have various rights regarding your personal information:

For UK and EU Users (UK GDPR / EU GDPR):

Right of Access: You can request a copy of the personal information we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete information.
Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal information in certain circumstances.
Right to Restriction of Processing: You can request that we limit how we use your information in certain situations.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format to transfer to another service.
Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.

For California Users (CCPA/CPRA):

You have the right to:

Know what personal information we collect, use, disclose, and sell
Request deletion of your personal information
Opt-out of the sale of personal information (note: we do not sell personal information)
Non-discrimination for exercising your privacy rights

For Users in Other Jurisdictions:

Users in other regions may have similar rights under local data protection laws. Contact us to understand what rights apply to you.

How to Exercise Your Rights

To exercise any of these rights, email us at hello@jogabonito.app with your request. We will respond within the timeframe required by applicable law (typically 30 days for UK/EU requests, 45 days for California requests).

Right to Complain

UK users: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
EU users: You can lodge a complaint with your national data protection authority
Other jurisdictions: Contact your local data protection or privacy authority

International Data Transfers

Our Service infrastructure is provided by:

Vercel - which may host data in multiple global regions (see their data processing terms at vercel.com/legal/dpa)
Neon - which provides database services with data residency options (see neon.tech/privacy-policy)

Both Vercel and Neon maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses and compliance with UK GDPR and EU GDPR requirements.

For UK and EU users: When we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place through our agreements with these providers, including Standard Contractual Clauses approved by UK and EU authorities.

Third-party service providers (like Stripe) may also process data internationally and maintain their own appropriate safeguards for international transfers.

Cookies and Tracking Technologies

What are cookies?

Cookies are small text files stored on your device that help websites function and provide information to website owners.

Cookies we use:

Essential Cookies (always active):

Authentication cookies - keep you logged in
Security cookies - protect against fraud and abuse
Session cookies - remember your actions during a browsing session

We currently only use essential cookies required for the Service to function. We do not use third-party analytics or tracking cookies. Our hosting provider (Vercel) may collect basic performance metrics as part of their infrastructure.

Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Block cookies from specific sites
Block all cookies

Marketing Communications

What we send:

Transactional emails: Account confirmations, password resets, payment receipts (you cannot opt out - these are necessary for the Service)
Product updates: New features, important changes (you can opt out)
Marketing emails: Tips, coaching content, promotions (you can opt out)

Opting out:

Click the "unsubscribe" link in any marketing email, or adjust your preferences in your account settings. You'll still receive essential transactional emails.

Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18 (or the age of majority in your jurisdiction).

For coaches recording youth player information:

If you are a coach recording information about youth players, you are responsible for:

Obtaining parental/guardian consent before recording any data about minors (as defined in your jurisdiction)
Complying with all applicable child protection and data protection laws in your country or region
Ensuring you have appropriate safeguarding policies in place
Meeting any additional requirements under laws such as COPPA (Children's Online Privacy Protection Act) in the United States for children under 13, UK Age Appropriate Design Code, and similar laws in your jurisdiction

If we become aware that we've collected information from a child without proper consent, we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

Posting the updated policy on our website with a new "Last updated" date
Sending an email to your registered email address (for significant changes)
Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

Third-Party Links and Services

Our Service may contain links to third-party websites, plugins, or services that are not operated by us. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any information.

Data Protection Officer

As a small organization, we are not required to appoint a Data Protection Officer. For all data protection inquiries, please contact hello@jogabonito.app.

Legal Basis Summary

Data Type	Legal Basis	Purpose
Account information	Contract	Provide Service
Payment information	Contract	Process subscriptions
Created content	Contract	Deliver features
Technical data	Legitimate interests	Operate and improve Service
Marketing communications	Consent	Promotional emails
Support communications	Legitimate interests	Customer service

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@jogabonito.app

Response time: We aim to respond to all inquiries within 5 business days, and no later than 30 days for formal data subject rights requests.

Supervisory Authority

If you're not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction:

UK users:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

EU users:

Contact your national data protection authority. A list is available at: edpb.europa.eu/about-edpb/board/members_en

California users:

California Attorney General
Website: oag.ca.gov/privacy

Other jurisdictions: Contact your local data protection or privacy regulatory authority.