Privacy Policy β Grid Team
Last updated: 2026-05-12 Effective date: 2026-05-13
This Privacy Policy describes how Grid Team (βweβ, βusβ, βthe Appβ) collects, uses, and protects your personal data when you use our mobile application.
Grid Team is an independent, unofficial app for F1 and MotoGP fans. It is not affiliated with the Formula One Group, the FIA, Dorna Sports (MotoGP), any team, or any driver.
1. Data Controller
Grid Team Email: contact@gridteam.app
For any GDPR-related request (access, rectification, erasure, portability, objection), contact: contact@gridteam.app.
2. Data We Collect
2.1 Account data (when you create an account)
- Email address (via Apple Sign-In, Google Sign-In, or email/password)
- Display name (pseudo) β chosen by you
- Favorite team and driver (F1 + MotoGP) β chosen by you
- Sport preference (F1 / MotoGP)
- Language preference
- Account creation date
2.2 Activity data (generated while using the app)
- Race predictions (P1/P2/P3) β linked to your account
- League memberships and league join codes
- Poll/vote responses
- App usage logs (anonymized) β to detect crashes and improve performance
2.3 Device data (collected automatically)
- Device type and OS version
- App version
- Approximate region (for language detection and EU/UK consent banner)
- AdMob advertising identifier (only if you consent β see section 5)
2.4 Data we do NOT collect
- Real name (unless you put it in your pseudo)
- Phone number
- Precise GPS location
- Contacts
- Photos / camera / microphone
- Biometric data
- Browsing history outside the app
- Financial information (no payments in-app)
3. Legal Basis (GDPR Article 6)
| Data | Legal basis |
|---|---|
| Account data | Contract performance (Art. 6.1.b) |
| Predictions, leagues | Contract performance |
| Logs / crash reports | Legitimate interest (Art. 6.1.f) β app quality |
| Personalized ads | Consent (Art. 6.1.a) β see section 5 |
| Analytics | Legitimate interest (anonymized) |
4. How We Use Your Data
- Provide app functionality (auth, predictions, leagues, leaderboards)
- Personalize your experience (favorite team colors, sport preference)
- Detect and fix bugs
- Display advertising (with or without personalization based on your consent)
- Communicate important service updates (very rare, via in-app)
- Comply with legal obligations
We do not:
- Sell your data to third parties
- Use your data for profiling unrelated to app features
- Share data with anyone except service providers listed below
5. Advertising & Tracking
Grid Team displays ads via Google AdMob to support free access to the app.
EU / UK / Switzerland users
On first launch, youβll see a consent form (Google UMP) asking whether you allow:
- Personalized ads (based on your AdMob ID)
- Non-personalized ads (contextual only)
You can change your choice anytime in Profile β Privacy & Data β Manage ad consent.
iOS 14.5+ users
Youβll see Appleβs App Tracking Transparency (ATT) prompt asking permission to use your IDFA. Choosing βAsk App Not to Trackβ disables personalized ads.
6. Service Providers (Sub-processors)
| Provider | Purpose | Location | Data shared |
|---|---|---|---|
| Supabase | Backend, auth, database | Frankfurt (EU) | Account + activity data |
| Apple | Sign-In with Apple | USA / Ireland | Email (anonymized if user choice) |
| Sign-In with Google + AdMob | USA / Ireland | Email + advertising ID (with consent) | |
| Cloudflare | CDN images | Global | Static assets only (no user data) |
All providers are GDPR-compliant and have Data Processing Agreements (DPAs) in place where applicable.
7. Data Retention
- Active account: retained as long as you use the app
- Inactive account (no login for 24 months): account-deletion email sent, then deleted within 30 days
- Deleted account: all data erased within 30 days of your deletion request
- Crash logs / analytics: 90 days (anonymized)
8. Your Rights (GDPR / UK GDPR / Swiss FADP / CCPA)
You have the right to:
- Access your data β use the in-app export (Profile β Privacy & Data β Export my data)
- Rectify inaccurate data β edit in your profile
- Erase your account β use the in-app deletion (Profile β Privacy & Data β Delete my account)
- Portability β JSON export available in-app
- Object to processing β withdraw consent in Profile β Manage ad consent
- Restrict processing β contact us
- Lodge a complaint with your data protection authority (CNIL in France, ICO in UK, EDΓB in Switzerland)
California residents (CCPA): same rights as above. We do not sell personal information.
To exercise these rights: contact@gridteam.app (response within 30 days).
9. Children
Grid Team is not intended for children under 13 (under 16 in some EU countries). We do not knowingly collect data from children. If you believe a child has created an account, contact us for immediate deletion.
10. Data Security
- All connections use HTTPS / TLS 1.2+
- Passwords are hashed (bcrypt via Supabase Auth)
- Database access is restricted by Row Level Security (RLS) policies
- No data stored on the device beyond local cache (encrypted)
- Service providers are SOC 2 / ISO 27001 certified
In case of data breach affecting your rights, we will notify you within 72 hours per GDPR Art. 33-34.
11. International Transfers
Data may be transferred outside the EU (e.g., to Apple/Google US datacenters). Such transfers rely on Standard Contractual Clauses (SCC) approved by the European Commission.
12. Changes to This Policy
We may update this policy. Significant changes will be communicated in-app. The latest version is always available at: https://gridteam.app/privacy.
13. Contact
For any privacy-related question or to exercise your rights: π§ contact@gridteam.app
This policy is provided as a template. Before publishing, have it reviewed by a legal professional familiar with GDPR, CCPA, and the App Store / Google Play policies.