Version: 1.1.0
Effective from: 28 May 2026
Last updated: 29 May 2026
This Privacy Policy explains how Amakinto B.V. (“we”, “us”, “our”) processes personal data when you use Skorable (the website at skorable.com, the web app, and the mobile apps). Skorable.com is a trade name of Amakinto B.V., registered in the Netherlands.
Skorable is a prediction and fantasy game. It is not a betting product and does not handle cash wagers or payouts. We do not run third-party advertising networks or sell your personal data.
For account and purchase terms, see our Terms & Conditions.
Who is responsible for your data?
| Role | Details |
|---|---|
| Controller | Amakinto B.V., The Netherlands |
| Registered address | Vuurvlinderberm 44, 3994 WH Houten, The Netherlands |
| KvK number | 86956116 |
| Product | Skorable (skorable.com) |
| Privacy contact | privacy@skorable.com (data rights and account deletion) · support@skorable.com (general help) |
If you are in the EEA or UK, you may also lodge a complaint with your local supervisory authority. In the Netherlands, that is the Autoriteit Persoonsgegevens (AP).
What personal data we collect
We collect only what we need to run the product, keep it secure, and (where you agree) understand how it is used.
Account and profile
- Email address (required to sign in)
- Username, display name, first name, last name (optional)
- Locale and timezone (to show dates, deadlines, and emails in your language)
- Profile visibility preference (public or private)
- Authentication identifiers and session tokens (managed by our auth provider)
Gameplay and social features
- Slates, predictions, scores, and poule memberships
- Poule names, invite codes, and leaderboard positions
- Competition and tournament context tied to your account
We do not share your individual predictions with other players except inside poules you join. One scoring rule sheet applies across every poule.
Payments and entitlements
- Purchase history, product identifiers, and entitlement state
- Stripe customer identifiers (web) and App Store / Google Play receipt metadata (mobile, via RevenueCat)
We never store full payment card numbers. Card data is handled by Stripe or the app stores.
Communications
- Emails we send you (magic links, security notices, receipts) and delivery metadata held by our email provider
- Messages you send to support
Technical and security data
- IP address, user agent, and request metadata in server and edge logs (short retention; see below)
- Error reports and performance traces (when enabled)
- Analytics and session-replay events (only after consent on production web; see Cookies)
We do not collect precise GPS location, government ID numbers, or payment card PAN/CVV.
Why we use your data and our legal bases
Under the GDPR, we rely on the following bases:
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide the service | Account, slates, scoring, poules, sync | Performance of a contract (Art. 6(1)(b)) |
| Payments | Checkout, receipts, entitlements | Contract; legal obligation for tax records (Art. 6(1)(c)) |
| Security and abuse prevention | Auth, rate limits, fraud signals | Legitimate interests (Art. 6(1)(f)) |
| Product analytics (optional) | Usage trends, funnels, replay | Consent on production web (Art. 6(1)(a)) |
| Support | Answering your emails | Legitimate interests / contract |
| Legal compliance | Responding to lawful requests | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we balance them against your rights. You may object to processing based on legitimate interests (see Your rights).
Who we share data with (subprocessors)
We use trusted service providers. They process data on our instructions and only for the purposes described here. We choose EU-hosted or EU-ready options where practical.
| Provider | Role | Typical data | Location / notes |
|---|---|---|---|
| Supabase | Database, authentication, storage, edge functions, realtime | Account, profile, gameplay, logs | EU (Ireland, eu-west-1) |
| Vercel | Hosting and CDN for website and web app | IP, request metadata, static assets | EU edge where available |
| Stripe | Web payments | Email, customer ID, purchase metadata | PCI DSS; EU processing per Stripe DPA |
| RevenueCat | Mobile in-app purchases | App user ID, receipt metadata, subscription state | EU processing per RevenueCat DPA |
| Resend | Transactional email | Email address, delivery events | EU-ready; DPA on request |
| api-football (RapidAPI) | Match fixtures, scores, events | No user PII; fixture queries only | Third-party sports data API |
| PostHog | Analytics, feature flags, session replay (with consent) | Pseudonymous IDs, events, masked replay | EU cloud (eu.posthog.com) |
| Sentry | Error and performance monitoring | Pseudonymous IDs, stack traces, breadcrumbs | EU-ready; DPA on request |
| Expo (EAS) | Mobile builds and updates | Build metadata; not routine gameplay PII | SOC 2 |
| Apple App Store / Google Play | Mobile distribution and IAP | Account and purchase data per store policies | Store operators |
We do not use third-party advertising SDKs.
International transfers
Primary storage and processing for account and gameplay data is in the European Union (Supabase Ireland, eu-west-1). Some providers may process data in the United States or other countries under Standard Contractual Clauses or equivalent safeguards offered in their DPAs. Copies of relevant safeguards are available from the provider or from us on request.
Cookies and similar technologies
Strictly necessary
- Authentication session cookies and tokens so you can stay signed in
- Security and load-balancing cookies from our host
These do not require consent under the ePrivacy rules.
Analytics and replay (optional)
On skorable.com and the web app in production, PostHog is off by default until you opt in to analytics. While opted out, we do not capture analytics events or session replay.
We are adding a cookie banner so you can accept or decline analytics in the browser. That banner is not live yet on the marketing site. Until it ships, production web has no user-facing control to turn analytics on (aside from clearing site data or contacting us). When the banner is available, accepting analytics will call posthog.opt_in_capturing() and store your choice in localStorage under skorable_analytics_consent. If that key is already true from a prior visit, we honour it on load.
In development and QA environments, analytics may be enabled automatically so engineers can test integrations. That traffic stays in our PostHog QA project, separate from production.
Session replay masks form inputs (maskAllInputs: true). We do not record passwords or payment fields in replay.
The mobile app does not use the web cookie banner. Analytics defaults to off in production until an in-app consent flow ships; development builds may opt in automatically for testing.
You can withdraw consent at any time by clearing site data, using the cookie banner when it is available, or emailing support@skorable.com.
How long we keep data
| Category | Retention |
|---|---|
| Account, profile, slates, predictions, poules | While your account is active |
| After account deletion | Removed from live systems; database backups may retain copies for up to 30 days |
| Server and edge access logs (incl. IP) | Up to 30 days |
| Support emails | Up to 24 months after the ticket closes |
| Analytics (if consented) | Up to 12 months in our PostHog projects, unless shortened in project settings |
| Error monitoring (Sentry) | Per project settings, typically up to 90 days for events |
| Payment and tax records | 7 years where required by law; held by Stripe, RevenueCat, and/or app stores under their policies |
When retention ends, we delete or anonymise data unless we must keep it for legal claims or compliance.
How we protect your data
We apply technical and organisational measures including encryption in transit (TLS), row-level security on database tables, least-privilege access for staff, hardware-key or TOTP two-factor authentication on admin dashboards, and secret management via Doppler. No method is 100% secure; report concerns to support@skorable.com.
Your rights
If GDPR or similar law applies to you, you have the right to:
- Access - obtain a copy of your personal data
- Rectification - correct inaccurate data (edit profile in-app or ask us)
- Erasure - request deletion (“right to be forgotten”)
- Restriction - ask us to limit processing in certain cases
- Portability - receive data you provided in a structured, machine-readable format
- Object - object to processing based on legitimate interests
- Withdraw consent - where processing is based on consent (e.g. analytics), without affecting prior lawful processing
How to exercise your rights
- Email privacy@skorable.com from the address linked to your account (or explain how we can verify you). Use support@skorable.com for general product help.
- Tell us which right you are exercising and any scope (e.g. export all profile and gameplay data).
- We respond within one month, extendable by two months for complex requests as GDPR allows.
Account deletion: Email privacy@skorable.com to request deletion at any time. We verify ownership, then delete your auth account; that removes your Skorable user record and cascades to profile, slates, predictions, and poule memberships. Poules where you are the only member are removed. Poules with other members stay as they are. We send a confirmation email once deletion is complete, within 30 days (GDPR). Stripe, RevenueCat, PostHog, and Sentry may retain separate copies under their policies; we request deletion from those vendors where their tools allow.
Export: We can provide a JSON or CSV export of account-linked data we hold in Supabase. Payment receipts are also available from Stripe or your app store.
We will not discriminate against you for exercising these rights.
Children
Skorable is intended for users aged 13 and older, except where local law sets a higher minimum age (for example 16 in the Netherlands under GDPR Article 8 and the UAVG). Users aged 13–15 in those jurisdictions need parental or guardian consent before creating an account. We do not knowingly collect personal data from anyone below the applicable minimum age. If you believe a child has provided data, contact support@skorable.com and we will delete it.
Automated decision-making
We do not make decisions with legal or similarly significant effects based solely on automated processing. Scoring and leaderboards are rule-based calculations on your predictions, not profiling for credit or employment.
Changes to this policy
We may update this policy for new features, vendors, or legal requirements. We will post the new version on this page and update the version table below. Material changes may be notified by email or in-app notice where appropriate.
Change log
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 28 May 2026 | First published version |
| 1.1.0 | 29 May 2026 | Account deletion via privacy@skorable.com; confirmation email and poule behaviour clarified |
Contact
Privacy and data requests (access, export, erasure): privacy@skorable.com
General support: support@skorable.com
Controller: Amakinto B.V., Vuurvlinderberm 44, 3994 WH Houten, The Netherlands · KvK 86956116 (trade name: Skorable.com)