Privacy Policy for stattracker.live

1. Who We Are and How to Contact Us

We are stattracker.live, a service operated by [Company Name], located at [Registered Address, City, Province, Canada]. For privacy-related inquiries, you may contact our Data Protection Officer (DPO) at:

• Email: privacy@stattracker.live
• Postal address: [Full Mailing Address, Canada]
• Phone: [Phone Number, if applicable]

We are committed to responding to your queries within 30 days, as required by PIPEDA, and within one month under the GDPR.

2. Definitions

For the purpose of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, IP addresses, device identifiers, and location data.
• "Processing" means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
• "Data Controller" is stattracker.live, which determines the purposes and means of processing your personal data.
• "Data Processor" means third parties who process data on our behalf (e.g., cloud hosting providers).
• "User" means any individual accessing or using the Service.

3. Information We Collect

We collect personal information that you provide directly and information that is collected automatically through your use of the Service. The types of data we collect include:

3.1 Information You Provide Voluntarily

• Account Information: When you register for an account, we collect your username, email address, and password (stored in a hashed format).
• Profile Information: Optional information such as your display name, avatar, or biography.
• Communications: If you contact us via email, feedback forms, or support tickets, we collect your name, email address, and the contents of your message.
• Payment Information: If you subscribe to premium features, we collect billing details (e.g., name, billing address) and payment method tokens from third-party payment processors (we do not store full credit card numbers).
• User Content: Data you upload or post, such as statistics, comments, or preferences.

3.2 Information Collected Automatically

• Log Data: IP address, browser type, operating system, referring URLs, access times, and pages viewed.
• Device Information: Device type, unique device identifiers (e.g., IDFA, Android ID), and advertising IDs.
• Usage Data: Information about how you interact with the Service, including features used, time spent, and clicks.
• Cookies and Similar Technologies: We use cookies, web beacons, and tracking pixels to enhance user experience and analyze trends. See Section 8 for details.
• Location Data: Approximate geographic location based on IP address (city/country level). We do not collect precise GPS location unless you explicitly enable it (e.g., for location-based features).

3.3 Information from Third Parties

We may receive personal data from third-party services you connect to our Service (e.g., social media logins, analytics providers, or advertising networks). This includes your public profile information from platforms like Google or Facebook, with your consent.

4. Legal Bases for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data only when we have a valid legal basis under GDPR. These bases include:

• Consent: For activities such as marketing emails, non-essential cookies, and optional data sharing. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Contractual Necessity: To provide the Service to you (e.g., creating an account, processing payments, delivering features you request).
• Legal Obligation: To comply with applicable laws (e.g., tax reporting, fraud prevention, or responding to lawful requests from authorities).
• Legitimate Interests: For improving our Service, ensuring security, analyzing usage, and performing analytics, provided these interests do not override your rights and freedoms. We balance these interests carefully.

5. How We Use Your Information

We use your personal data for the following purposes:

• To Provide and Operate the Service: Process registrations, authenticate users, manage subscriptions, deliver content, and enable features.
• To Improve and Personalize: Analyze usage patterns to enhance user experience, recommend relevant content, and develop new features.
• To Communicate with You: Respond to inquiries, send service-related updates (e.g., password changes, outages), and provide support.
• To Send Marketing Communications: With your explicit consent (or as permitted by applicable law), send newsletters, promotional offers, and product updates. You can opt out at any time via the unsubscribe link or by contacting us.
• For Security and Fraud Prevention: Detect and prevent unauthorized access, fraudulent activity, or abuse of the Service.
• To Comply with Legal Obligations: Maintain records, respond to legal requests, and enforce our Terms of Service.

6. Sharing and Disclosure of Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

• With Service Providers: Third-party vendors who assist us in operating the Service, such as cloud hosting (e.g., AWS, Google Cloud), payment processors (e.g., Stripe, PayPal), analytics providers (e.g., Google Analytics, Mixpanel), and customer support platforms. These providers are contractually bound to protect your data and use it only for specified purposes.
• For Legal Reasons: When required by law, court order, or governmental regulation (e.g., PIPEDA compliance, Canadian court subpoena, or GDPR regulatory requests). We will notify you unless prohibited by law.
• In Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. You will be notified via email or prominent notice on the Service of any change in ownership or use of your data.
• With Your Consent: We may share your information for other purposes with your explicit consent.

We may also share aggregated, anonymized data that cannot identify you for analytics, research, or marketing purposes.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including Canada (where our servers are primarily located) and the United States or other jurisdictions where our service providers operate. For users in the EEA, UK, or Switzerland, we ensure that adequate safeguards are in place for such transfers, such as:

• Standard Contractual Clauses (SCCs): Adopted by the European Commission or UK Information Commissioner’s Office.
• Binding Corporate Rules (BCRs): Where applicable.
• Privacy Shield or equivalent: Where applicable (note: Privacy Shield is no longer valid for US transfers, but we rely on SCCs).

By using the Service, you consent to the transfer of your data to countries that may have different data protection laws than your jurisdiction. We will take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels, local storage) to enhance functionality, analyze usage, and deliver targeted advertising (with your consent where required). You have control over these technologies.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the Service to function (e.g., session management, authentication). These cannot be disabled but are stored only as long as your session lasts.
• Performance and Analytics Cookies: Collect anonymous data about how you use the Service (e.g., pages visited, errors). We use tools like Google Analytics and Hotjar.
• Functional Cookies: Remember your preferences (e.g., language, region) to personalize your experience.
• Targeting/Advertising Cookies: Used to deliver relevant ads and measure their effectiveness. These may be set by third-party ad networks (e.g., Google AdSense).

8.2 Cookie Consent

When you first visit the Service, you will see a cookie banner requesting your consent for non-essential cookies. You can manage your preferences at any time via the "Cookie Settings" link in the footer of our website. Please note that disabling certain cookies may affect functionality.

8.3 Third-Party Cookies

We may allow third parties (e.g., analytics, advertising partners) to place cookies on your device. These providers have their own privacy policies. For example:

• Google Analytics: https://policies.google.com/privacy
• Facebook Pixel: https://www.facebook.com/privacy/explanation

8.4 Do Not Track

Our Service does not respond to "Do Not Track" signals from your browser at this time. However, you can manage cookies via your browser settings.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law (e.g., Canadian tax laws require retention of financial records for 6 years). Specific retention periods:

• Account Data: Retained as long as your account is active. Upon account deletion, we will delete or anonymize your data within 90 days, except for legal obligations.
• Log Data: Retained for up to 12 months for security analysis, then anonymized or deleted.
• Cookie Data: As specified in the cookie consent tool (e.g., analytics cookies retained up to 2 years).
• Payment Data: Retained as required by financial regulations (e.g., 7 years in Canada). We store only tokens, not full card numbers.

When we no longer need your data, we will securely delete or anonymize it to prevent identification.

10. Your Rights Under GDPR and Canadian Law

Depending on your location, you have the following rights regarding your personal data. We will respond to your request within the timeframes required by law (30 days under PIPEDA, one month under GDPR, or as permitted by law).

10.1 Rights for EEA/UK/Switzerland Residents (GDPR)

• Right to Access: Request a copy of the personal data we hold about you, including information on how it is processed.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal exceptions (e.g., to comply with legal obligations).
• Right to Restrict Processing: Limit how we use your data (e.g., while a complaint is being resolved).
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Complain: Lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK).

10.2 Rights for Canadian Residents (PIPEDA and Provincial Laws)

• Right to Access: Request access to your personal data, subject to limited exceptions (e.g., national security, confidential commercial information).
• Right to Rectification: Correct inaccuracies in your data.
• Right to Withdraw Consent: Withdraw consent to our collection, use, or disclosure of your data, subject to contractual or legal limitations.
• Right to Deletion: Request deletion of your data (where permitted by law).
• Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner (e.g., Quebec’s Commission d'accès à l'information).

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 1. We may need to verify your identity before processing your request (e.g., by asking for account details or providing additional identification). We will not charge a fee unless the request is manifestly unfounded or excessive.

11. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or 16 in some jurisdictions, such as under GDPR or Canadian provincial laws). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data without parental consent, we will take steps to delete that information promptly. If you believe a child has submitted data to us, please contact us immediately at privacy@stattracker.live.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS 1.2 or higher).
• Encryption of data at rest (AES-256).
• Access controls and authentication (e.g., strong passwords, two-factor authentication for staff).
• Regular security audits and vulnerability assessments.
• Staff training on data protection and privacy.

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use strong passwords and protect your device.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms (under GDPR) or that is likely to cause significant harm (under PIPEDA), we will:

• Notify relevant data protection authorities within 72 hours of becoming aware of the breach (GDPR) or as required by Canadian law (e.g., OPC within a reasonable time).
• Inform affected users without undue delay, including the nature of the breach, potential consequences, and steps taken to mitigate risks.

14. Third-Party Links and Services

Our Service may contain links to third-party websites, plugins, or services (e.g., social media buttons, external analytics). This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any information.

15. Automated Decision-Making and Profiling

We do not engage in automated decision-making (including profiling) that produces legal effects or similarly significant effects concerning you, unless you have given explicit consent or it is necessary for a contract. If we process data for profiling (e.g., to recommend content), we will inform you and provide a right to object.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by:

• Posting a prominent notice on the Service (e.g., a banner or pop-up).
• Sending an email to the address associated with your account (if you have one).
• Updating the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy (or we will seek your consent where required by law).

17. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles. However, if you are a resident of the EEA, UK, or Switzerland, you may also rely on GDPR protections. Any disputes arising from this policy shall first be attempted to be resolved through informal negotiation. If unresolved, you may file a complaint with the relevant privacy authority (e.g., OPC in Canada, or your local data protection authority in the EU/UK).

18. Specific Provisions for Quebec Residents (Law 25)

In addition to the rights listed above, if you are a resident of Quebec, Canada, you have the following protections under Quebec Law 25 (Privacy Act):

• We designate a person responsible for the protection of personal data (see Section 1).
• We take reasonable measures to ensure that any personal data collected is necessary for the purposes for which it is collected.
• You have the right to request that we cease disseminating your personal data or de-index any hyperlink attached to your name that provides access to personal data, if the dissemination contravenes the law or a court order.
• You have the right to request rectification of inaccurate data and to access your data in a structured, commonly used format.
• Any consent we obtain is clear, free, and informed, and you may withdraw it at any time.

For Quebec-specific inquiries, please contact our privacy officer at privacy@stattracker.live.

19. Acceptance of This Policy

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your data as described. If you do not agree, please do not use the Service.

20. Contact Us

If you have questions, concerns, or wish to exercise your rights, please contact us:

• Email: privacy@stattracker.live
• Postal address: [Full Mailing Address, City, Province, Postal Code, Canada]
• Phone: [Phone Number, if applicable]

We aim to respond to all legitimate requests within 30 days (Canada) or one month (EU/UK) of receipt. If your request is complex or you have made multiple requests, we may need additional time. We will inform you of any extensions.