Max Potential Sportif Yatırımlar Anonim Şirketi ("Max Potential," "we," "us," and "our") operates gaffer.house— a football tactics coaching game and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, and share personal information and how you can exercise your privacy rights.
Controller: Max Potential is the data controller for the personal information described in this Privacy Policy unless otherwise stated.
Max Potential Sportif Yatırımlar Anonim Şirketi
Maslak Mah. Anka Sok. Mashattan Sitesi B4 No: 2B/4 İç kapı no:71, 34485 Sarıyer, İstanbul, Türkiye
Email: privacy@gaffer.house
1. Scope
This Privacy Policy applies to personal information processed by us in connection with our mobile application(s), websites (including gaffer.house), and other online or offline offerings (collectively, the "Services"). This Privacy Policy is incorporated by reference into our Terms of Use (where applicable), which govern your use of the Services.
2. Personal Information We Collect
The categories of personal information we collect depend on how you use our Services and the requirements of applicable law. We collect (A) information you provide directly, (B) information collected automatically, and (C) information from other sources.
A. Information You Provide to Us Directly
- Account and Profile Information. When you create an account or update your profile, we may collect your name, email address, date of birth (or age range), sport preferences, experience level, goals, and other profile details you choose to provide.
- Coaching Session Inputs. Depending on features you use, you may provide tactical decisions, substitutions, formations, predictions, session notes, and other performance-related details during coaching game sessions.
- Payments (if applicable). We may collect information related to purchases or subscriptions (e.g., plan type, transaction identifiers, billing country). Payments are typically processed by third-party payment processors and/or app stores. We generally do not collect or store full payment card details, though we may receive limited payment-related metadata (e.g., billing status, last four digits where provided by the processor, payment confirmation identifiers).
- Communications. If you contact us (e.g., for customer support), we may collect your name, email address, and the contents of your communications.
- Surveys and Feedback. If you participate in surveys, submit feedback, or respond to research questions, we may collect the information you provide.
- Interactive Features (if available). If we offer community features or content uploads, we may collect information you submit. Information you make public in such areas may be viewable by others.
B. Information Collected Automatically
- Device and Usage Data. IP address, device identifiers, operating system and app version, language settings, time zone, network information, and information about how you interact with the Services (e.g., screens viewed, features used, session duration, clicks, and referring pages).
- Approximate Location. We may derive approximate location from your IP address or device settings (e.g., city-level) for operational, security, and localization purposes.
- Diagnostics and Crash Data. We may collect logs and diagnostic information to monitor performance, fix bugs, and improve stability.
- Cookies and Similar Technologies. We (and third parties) may use cookies, pixels, local storage, and similar technologies to enable functionality, measure performance, and understand usage. See Section 5 for your choices.
- Push Notification Tokens. If you enable web push notifications, we store your browser subscription endpoint.
- Analytics. We may use analytics tools to understand how people use our Services and to improve them.
C. Information from Other Sources
We may obtain information from third-party services where you choose to connect or access our Services via those services, such as app stores and third-party login providers (e.g., "Sign in with Google"). The information we receive depends on your settings with those services and the permissions you grant.
3. How We Use Your Information
We use your information for the following purposes, as permitted by applicable law:
A. Provide and Operate Our Services
- Create and manage user accounts.
- Provide access to features and coaching game sessions.
- Generate progress tracking, match reports, and leaderboard data.
- Respond to customer support requests.
- Communicate with you about your account, updates, and policy changes.
- Process transactions and manage subscription status.
B. Administrative, Security, and Improvement Purposes
- Maintain, improve, and develop the Services.
- Debug issues and repair errors.
- Measure engagement and analyze usage.
- Protect against fraud, abuse, and security incidents.
- Authenticate and verify users where necessary.
- Enforce our terms and policies.
- Comply with legal obligations and requests.
C. Marketing and Communications (Where Permitted)
We may send service-related messages (e.g., account notices, important updates). If we send marketing communications (e.g., newsletters or match reminders), we do so in accordance with applicable law and your preferences. We do not use coaching/session data for targeted advertising or disclose it to third parties for marketing or data-mining purposes.
D. Other Purposes
- With your consent where required.
- De-identified / aggregated data to analyze trends and improve the Services (e.g., "% of coaches chose a substitution at 60'").
Legal bases (GDPR / UK GDPR): Contract performance (account, subscription); Legitimate interests (security, analytics, fraud prevention); Consent (marketing, non-essential cookies); Legal obligation (record-keeping, regulatory requests). For Turkish residents, processing is also governed by KVKK (Law No. 6698).
4. How We Disclose Your Information
We do not sell your personal information. We may disclose personal information to third parties for business purposes, including:
A. Service Providers
We may share information with vendors that help us operate the Services. These providers are authorized to use personal information only as necessary to provide services to us.
| Provider | Purpose | Data location |
|---|---|---|
| Paddle.com | Payment processing, subscription management, VAT/tax handling (Merchant of Record) | UK / EU |
| Supabase / PostgreSQL | Database hosting (user accounts, session data, match data) | AWS EU-West-1 |
| Vercel Inc. | Web hosting and edge infrastructure | Global (EU servers used where possible) |
| Anthropic PBC | AI-powered coaching analysis (Claude API) | USA |
| Google LLC — Analytics 4 | Usage analytics | USA (EU transfer: SCCs) |
| Microsoft — Clarity | Session heatmaps, usage analytics | USA (EU transfer: SCCs) |
| Meta Platforms | Conversion measurement (Meta Pixel) | USA (EU transfer: SCCs) |
| Resend | Transactional email delivery | USA (EU transfer: SCCs) |
| API-Football (RapidAPI) | Live football data | EU |
B. Legal and Safety
We may access, preserve, and disclose information if we believe it is required or appropriate to: comply with legal process or lawful requests; protect rights, property, or safety of users, Max Potential, or others; enforce our policies and agreements; or investigate and prevent suspected illegal activity, fraud, or security issues.
C. Corporate Transactions
If we are involved in a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction as permitted by law. Users will be notified of any such change.
5. Your Privacy Choices and Rights
Your rights depend on your jurisdiction and applicable law. You may have the right to:
Access
Request a copy of the personal data we hold about you.
Correction
Correct inaccurate or incomplete information.
Erasure
Request deletion of your data (subject to legal exceptions).
Restriction
Ask us to limit how we process your data.
Portability
Receive your data in a machine-readable format (EU/UK GDPR).
Objection
Object to processing based on legitimate interests or direct marketing.
Withdraw consent
Where processing is based on consent, withdraw at any time.
KVKK rights
Turkish residents may exercise rights under Law No. 6698.
Account Management and Deletion
You can update profile information in your account settings. You can permanently delete your account at any time from Settings → Privacy → Delete Account. Deletion removes all your data within 90 days. To exercise any other privacy rights, email privacy@gaffer.house with subject "Privacy Request". We respond within 30 days.
Communications
You may opt out of marketing communications using the unsubscribe mechanism or by contacting us. You will still receive essential service messages (e.g., security or account notices).
Push Notifications
You can disable push notifications through your browser or device settings.
Cookies
- Strictly necessary: Session authentication, CSRF protection. Cannot be disabled.
- Preferences: Remember your settings (e.g., team side selection).
- Analytics: Google Analytics 4, Microsoft Clarity. You can opt out via browser settings or tools like uBlock Origin.
- Marketing / measurement: Meta Pixel. You can opt out via the Your Online Choices tool or Meta Ad Preferences.
You also have the right to lodge a complaint with your local data protection authority.
6. Security of Your Information
We use reasonable technical and organisational measures designed to protect personal information (TLS encryption in transit, access controls, hashed passwords). However, no system is completely secure. To the fullest extent permitted by law, we cannot guarantee absolute security. If we become aware of a data incident affecting your personal information, we may notify you and/or regulators as required by applicable law.
7. International Data Transfers
Our service providers may process and store information in countries other than your own (including the United States and/or the EU/EEA), which may have different data protection laws. Where required, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses or UK International Data Transfer Agreements) consistent with applicable law. By using the Services, you acknowledge that your data may be transferred internationally as described in this policy.
8. Retention of Personal Information
We retain personal information as long as necessary to provide the Services, fulfil the purposes described in this Policy, comply with legal obligations (e.g., financial records for 7 years under applicable tax law), resolve disputes, enforce agreements, and protect security and integrity. If you delete your account, we will delete or anonymise your data within 90 days, except where legally required to retain it longer. Anonymised or aggregated data may be retained indefinitely.
9. Children's Information
The Services are not intended for children under the age required by local law to provide consent (and in any event, not for children under 13). We do not knowingly collect personal information from children in violation of applicable law. If you are a parent or guardian and believe a child has provided personal information, please contact us at privacy@gaffer.house. We will take appropriate steps, including deletion where required.
10. Other Provisions
Third-Party Websites/Applications
The Services may contain links to third-party websites or apps. We are not responsible for their privacy practices. Please review their policies before providing information.
Changes to this Privacy Policy
We may update this Policy from time to time. Material changes will be communicated by email or a prominent notice on the site. The "Last updated" date at the top of this page always reflects the current version. Continued use of the Services after an update means you accept the updated Policy to the extent permitted by law.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, contact:
Max Potential Sportif Yatırımlar Anonim Şirketi
Maslak Mah. Anka Sok. Mashattan Sitesi B4 No: 2B/4 İç kapı no:71, 34485 Sarıyer, İstanbul, Türkiye
Email: privacy@gaffer.house