P
Prognosist
Войти Регистрация →
P
Войти Регистрация
⚽ Football 57 + Value 23 📈 Forecasts

Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how Prognosist collects, uses, stores and protects personal data when you use our website and related services.

Prognosist is a football analysis and prediction platform. We do not operate a sportsbook, bookmaker, casino or gambling service. We do not accept real-money bets, process deposits or withdrawals, or exchange virtual coins for money.

1. Who we are

"Prognosist" ("we", "us", "our") operates this website and related online services.

For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is the person or legal entity operating Prognosist.

For privacy questions or data-subject requests, please use our contact form and pick the Data request (GDPR) subject so the message reaches the right person.

2. What personal data we collect

We collect only the data needed to operate, secure and improve the Service.

Data you provide directly

Account details:

  • nickname
  • email address
  • password

Passwords are stored as one-way hashes. We do not store passwords in plain text.

Optional profile data:

  • display name
  • avatar
  • preferred language or locale
  • timezone

User-generated content and activity:

  • predictions
  • tipster picks
  • prediction commentary
  • leaderboard activity
  • virtual coin activity
  • group membership, if private groups are enabled
  • messages you send us through the contact form (delivered by email; not stored in the application database — see Section 7 for details)

Data collected automatically

When you use the Service, we may automatically collect:

  • IP address
  • browser type and version
  • device information
  • referring URL
  • requested pages and paths
  • date and time of requests
  • basic security and error logs

Server logs are used for security, debugging, abuse prevention and service reliability.

Data from third-party sign-in providers

If you sign in using Google or another supported third-party login provider, we may receive:

  • email address
  • name
  • profile picture URL
  • provider account ID

We do not receive your Google password.

Data we do not collect

We do not intentionally collect special-category personal data such as health data, biometric data, religious beliefs, political opinions or trade union membership.

We do not collect payment card data, bank account data or gambling transaction data because Prognosist does not process real-money payments or bets.

3. Why we process personal data

We process personal data only when we have a lawful basis under GDPR.

Contract — GDPR Art. 6(1)(b)

We process data necessary to provide the Service, including:

  • creating and maintaining your account
  • allowing you to log in
  • displaying your predictions and tipster activity
  • calculating leaderboard positions
  • managing virtual coins or points
  • providing private group features, if enabled
  • responding to enquiries you send us through the contact form when those enquiries relate to your account or the Service (Art. 6(1)(b) also covers pre-contractual steps for enquiries from prospective users)

Legitimate interests — GDPR Art. 6(1)(f)

We may process data for our legitimate interests, including:

  • keeping the Service secure
  • preventing abuse, spam and fraud — including running Cloudflare Turnstile challenges on public forms (contact form, registration form, login form, password-reset request form) to keep them usable for humans; see "Anti-spam / captcha" in Section 5
  • debugging technical issues
  • improving performance and reliability
  • responding to general contact-form enquiries that are unrelated to a contract or pre-contractual step (e.g. press, partnerships, feedback)
  • understanding aggregated product usage

We balance these interests against your rights and freedoms.

Consent — GDPR Art. 6(1)(a)

We rely on consent for non-essential cookies, analytics cookies and similar tracking technologies where required.

You can decline non-essential cookies without losing access to the core Service.

Legal obligation — GDPR Art. 6(1)(c)

We may process or retain certain data when required by applicable law, court order or regulatory obligation.

4. Cookies and similar technologies

Prognosist uses cookies and similar technologies to operate and improve the Service.

Essential cookies

Essential cookies are required for core functionality, such as:

  • login sessions
  • CSRF protection
  • security
  • language or locale preference
  • basic service settings
  • spam protection on the contact form — Cloudflare Turnstile sets a short-lived challenge cookie to tell humans and bots apart; see "Anti-spam / captcha" under Section 5

These cookies cannot be disabled through our cookie banner because the Service may not work correctly without them.

Analytics cookies

With your consent, we may use analytics tools such as Google Analytics 4 to understand how users interact with the Service.

Analytics may include:

  • page views
  • session duration
  • approximate location
  • device and browser information
  • traffic source
  • interaction events

Where available, analytics data is collected in an aggregated or pseudonymised form.

You can withdraw analytics consent at any time through our cookie settings or by blocking cookies in your browser.

5. Third-party services and processors

We use selected third-party services to operate the Service. These providers may process data only as needed to provide their services to us.

Examples include:

Hosting provider

Our hosting provider stores the application, database and related infrastructure.

Google

Google may be used for:

  • Google sign-in / OAuth
  • Google Analytics 4, if analytics consent is given

Google may process data according to its own privacy terms.

AI service providers

We may use AI service providers, such as OpenAI or Anthropic, to help generate football previews, explanations, summaries or translations.

Where possible, we avoid sending personal data to AI providers. For football previews and predictions, we aim to send only structured football data, such as team names, fixtures, scores, statistics and model outputs.

If a feature requires processing user-generated text, such as a support message, translation request or public prediction commentary, that text may be processed by an AI provider only when necessary to provide the requested feature.

We do not intentionally send account passwords, payment data or unnecessary personal data to AI providers.

Sports data providers

We may use sports data providers such as API-Football or similar services to obtain fixtures, results, statistics, lineups, standings, odds and other football data.

These providers supply football data to Prognosist. We do not intentionally send Prognosist user account data to sports data providers.

Email delivery provider (Brevo)

We use Brevo (operated by Sendinblue SAS, France) as our transactional email provider. When you submit the contact form, the message is delivered through Brevo's SMTP relay so it can reach our inbox.

Data processed by Brevo to deliver each contact-form email includes:

  • your name and email address (so we can reply)
  • the subject and body of your message
  • standard mail headers and routing information

The legal basis is GDPR Art. 6(1)(b) — processing necessary to take steps at your request before entering into a contract (or to respond to a non-contractual enquiry on the basis of our legitimate interest, Art. 6(1)(f)).

Brevo is established in France (European Union), so the message stays within the EEA — no international transfer is involved in routine delivery. Brevo retains delivered messages according to its own retention schedule; we do not separately store the contact-form message in our application database (see Section 7 for retention details).

Brevo's privacy policy: brevo.com/legal/privacypolicy.

Anti-spam / captcha (Cloudflare Turnstile)

We use Cloudflare Turnstile, provided by Cloudflare, Inc., to protect public forms against automated abuse. Turnstile currently runs on:

  • the contact form
  • the registration form
  • the login form — adaptive: the captcha is hidden on the first attempts and only appears after repeated failures from the same visitor, so legitimate users typing the right password on the first try are not exposed to Cloudflare at all
  • the password-reset request form (the "forgot password" page)

Turnstile is a privacy-friendly alternative to traditional CAPTCHA — it does not require you to solve a puzzle, and Cloudflare states that it does not use the data collected to build advertising profiles.

When you submit one of these forms, the following information is processed by Cloudflare to score the request:

  • your IP address
  • your browser user-agent string
  • a short-lived challenge response token issued by the Turnstile widget
  • basic browser signals required to run the challenge (e.g. headers, cookie support)

The legal basis for this processing is our legitimate interest (GDPR Art. 6(1)(f)) in keeping the contact form usable and free of automated spam.

Cloudflare is established in the United States. Where data is transferred outside the EEA, we rely on the safeguards listed in Section 6 (International data transfers), including the EU–US Data Privacy Framework and Standard Contractual Clauses, as applicable.

Turnstile is designed to work invisibly for the vast majority of legitimate visitors and only escalates to a checkbox or interactive challenge when the request looks automated. If you encounter a persistent block and cannot submit the form, please try again from a different browser or network.

We do not sell or rent your personal data to anyone.

6. International data transfers

We aim to process personal data within the European Economic Area (EEA) where possible.

Some third-party providers may process data outside the EEA, including in the United States. Where required, such transfers rely on appropriate safeguards, such as:

  • the EU–US Data Privacy Framework, where applicable;
  • Standard Contractual Clauses approved by the European Commission;
  • other lawful transfer mechanisms under GDPR.

7. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this policy.

Typical retention periods:

Account data

Kept for as long as your account exists.

Deleted accounts

If you delete your account, we aim to erase or anonymise identifying account data within 30 days, unless a longer period is required by law or necessary for security, dispute resolution or abuse prevention.

Prediction and tipster history

Prediction history may be kept while your account exists. If your account is deleted, we may delete or anonymise this data. Aggregated statistics may be retained if they no longer identify you.

Virtual coin and leaderboard activity

Kept while your account exists and may be anonymised after deletion for integrity of historical leaderboards and aggregate statistics.

Server logs

Usually retained for up to 30 days, unless needed longer for security investigation or legal reasons.

Analytics data

Analytics data may be retained according to the analytics provider settings, usually up to 26 months, and is used in aggregated or pseudonymised form where possible.

Contact form messages

If you contact us through the contact form, we process the name, email address, subject and message you submit in order to respond to your request. We do not store contact-form submissions in our application database. The message is delivered through Brevo (Sendinblue SAS, France — see Section 5), which retains delivered mail according to its own retention policy.

8. Security

We use reasonable technical and organisational measures to protect personal data.

These may include:

  • password hashing
  • access controls
  • HTTPS where available
  • server and application security monitoring
  • backups
  • limiting access to personal data to people or systems that need it
  • using reputable hosting and service providers

No online service can guarantee absolute security. If we become aware of a personal-data breach that requires notification under applicable law, we will notify affected users and/or the relevant supervisory authority as required.

9. Your GDPR rights

Under GDPR, you may have the right to:

  • access a copy of the personal data we hold about you
  • correct inaccurate or incomplete data
  • request deletion of your personal data
  • restrict processing in certain cases
  • receive your data in a machine-readable format
  • object to processing based on legitimate interests
  • withdraw consent where processing is based on consent
  • lodge a complaint with a data protection authority

To exercise your rights, please submit a request through our contact form and pick the Data request (GDPR) subject.

We aim to respond within 30 days.

If you are in Poland, the supervisory authority is the President of the Personal Data Protection Office, known as UODO. If you are in another EU or EEA country, you may contact your local data protection authority.

10. Children

The Service is intended for users aged 18 or older.

We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a person under 18, we will take reasonable steps to delete it.

11. Links to other websites

The Service may contain links to third-party websites, including football data providers, betting operators, media websites or partner pages.

We are not responsible for the privacy practices of third-party websites. You should read their privacy policies before providing them with personal data.

12. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in law, technology, third-party services or Prognosist features.

If we make material changes, we may notify registered users in-app, by email or through a notice on the website.

The "Last updated" date at the top of this page shows when the policy was most recently changed.

Please also read our Terms of Use, Disclaimer and Responsible Gambling pages.