Privacy Policy Goolak App

This Privacy Policy explains how Goolak ("we," "us," or "our") collects, uses, and shares information when you use the Goolak mobile application (the "App"). By installing or using Goolak, you agree to this Policy.

1. Who we are

Goolak is operated by GAME COOKS COMPANY, KSA ("Goolak"), based in Saudi Arabia. For any privacy-related questions, contact us at info@nxtlyr.com.

2. Information we collect

2.1 Information you provide

- Account information: email address, username, country, and (optionally) a profile photo when you sign up or update your profile.

- Sign-in identifiers: if you sign in with Apple or Google, we receive the identifier and email those services share with us.

- User-generated content: predictions, league names you create, and any reports or blocks you submit against other users.

- Support correspondence: anything you send us via email or in-app support.

2.2 Information collected automatically

- Device information: device type, OS version, app version, language, time zone.

- Usage data: screens viewed, features used, predictions submitted, and similar interaction events.

- Crash and performance logs: diagnostic data when the App crashes or errors, used to fix bugs.

- Push notification tokens: if you opt in to notifications, we store the token Apple or Google issues so we can deliver notifications to you.

2.3 Purchase information

If you make an in-app purchase, Apple (on iOS) or Google (on Android) processes the payment. We do not receive your card or banking details. We do receive a transaction receipt confirming what you bought, when you bought it, and the receipt identifier we need to grant you access to the purchased feature.

2.4 Advertising information

The App shows ads through Google AdMob. To serve and measure ads, AdMob may collect:

- Advertising identifier (IDFA on iOS, AAID on Android)

- IP address and approximate location

- Device information

- Ad interaction data (impressions, clicks)

On iOS, we ask for your permission before sharing the IDFA with AdMob via Apple's App Tracking Transparency (ATT) prompt. If you decline, you will still see ads — they will simply be non-personalized.

For more information about AdMob's privacy practices, see Google's privacy policy at https://policies.google.com/privacy.

2.5 Profile photo moderation

When you upload a profile photo, we send the image to Google Cloud Vision SafeSearch to detect adult, violent, or otherwise inappropriate content. Google processes the image for moderation only and does not retain it long-term. If the image passes moderation, we store it in our private storage and serve it as your avatar; if it fails, it is rejected and immediately deleted.

3. How we use your information

We use your information to:

- Create and maintain your account.

- Show your predictions, league standings, and rankings.

- Run match scoring and leaderboards.

- Send transactional notifications (e.g., match results, league updates) if you opt in.

- Process in-app purchases and grant access to the purchased features.

- Show advertisements and measure ad performance.

- Detect, prevent, and respond to fraud, abuse, and policy violations.

- Comply with legal obligations.

- Improve the App and fix bugs.

4. Legal basis (for users in the EEA/UK)

Where the GDPR applies, we rely on the following legal bases:

- Contract — to provide the App and the features you sign up for.

- Consent — for push notifications and personalized advertising.

- Legitimate interest — to keep the App secure, prevent abuse, and improve our service.

- Legal obligation — when we must process data to comply with the law.

You can withdraw consent at any time (e.g., by disabling notifications, revoking the ATT permission in iOS Settings, or deleting your account).

5. How we share information

We share your information only with:

- Supabase — our backend provider (authentication, database, file storage). Data is stored on Supabase servers in Frankfurt, Germany.

- Apple and Google — for sign-in, push notifications, in-app purchases, and crash reporting.

- Google AdMob — for serving advertisements (see §2.4).

- Google Cloud Vision — for one-time profile photo moderation (see §2.5).

- Expo (Expo Application Services) — for push notification delivery and over-the-air JavaScript updates.

- Football-Data.org — we fetch match fixtures and results from this API. No personal data about you is sent to them.

- Law enforcement or regulators — when legally required.

We do not sell your personal information.

6. Information visible to other users

Other users of the App can see your username, profile photo, country flag, streak, points, and predictions in shared contexts such as global and league leaderboards. Do not upload anything in your profile that you would not want other players to see.

You can report or block other users at any time from their profile or from any leaderboard row.

7. Your rights

Depending on where you live, you may have the right to:

- Access the personal information we hold about you.

- Correct inaccurate information (you can edit most fields directly in the App).

- Delete your account and associated data (Settings → Delete account, or by emailing us).

- Object to or restrict certain processing.

- Withdraw consent (disable notifications, revoke ATT in iOS Settings).

- Data portability — receive a copy of your data in a portable format.

- Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact [contact@goolak.com]. We will respond within 30 days.

8. Data retention

We keep your account information for as long as your account is active. When you delete your account, we delete your personal information within 30 days, except where we must retain it for legal, fraud-prevention, or accounting reasons.

Aggregated, de-identified data (e.g., total predictions per match across all users) may be retained indefinitely.

9. Security

We use industry-standard measures to protect your information, including encryption in transit (HTTPS) and encryption at rest. No system is 100% secure — if we discover a breach affecting your personal data, we will notify you in accordance with applicable law.

10. Children

Goolak is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it.

If you are between 13 and the age of digital consent in your country (which may be up to 16 in parts of the EEA), please use the App only with the consent of a parent or guardian.

11. International transfers

Your information may be processed in countries other than the one you live in, including the United States and the European Union. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

12. Changes to this Policy

We may update this Policy from time to time. We will post the new version in the App and update the "Last updated" date at the top. Significant changes will be highlighted in-app or by notification before they take effect.

13. Contact

For any privacy questions or requests, contact:

Email:info@nxrlyr.com
Address: Salahuddin al Ayoubi Street, Riyadh, KSA