Privacy Policy

Last updated: April 16, 2026

Effective date: April 16, 2026

FanClash, Inc. ("FanClash," "Company," "we," "us," or "our") operates the FanClash platform, a real-time sports debate arena available at fanclash.io, including all associated mobile applications and services (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you access or use the Service. It also explains your rights regarding your personal data under applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Children's Online Privacy Protection Act (COPPA).

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must not access or use the Service.

1. Information We Collect

1.1 Personal Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Create an account: Name, email address, username, and profile picture, provided during registration through Clerk (our authentication provider) or via third-party single sign-on providers (Google, Apple).
• Complete your profile: Sports preferences, favorite teams, biography, avatar image, and other optional information you choose to add.
• Participate in debates: Audio contributions during live debates, chat messages in debate rooms, and votes you cast on debate outcomes.
• Create or join teams: Team names, membership information, and team-related activity.
• Purchase a subscription: Billing name and address. Payment card details are collected and processed exclusively by our third-party payment processor; we do not receive or store full payment card numbers.
• Link third-party gaming accounts: If you link your FACEIT account, we store your FACEIT username, player ID, and retrieve gameplay statistics (skill level, ELO rating, win rate, K/D ratio, headshot percentage, and recent match history) from the FACEIT API. You can unlink your FACEIT account at any time from your profile settings, which removes all stored FACEIT data.
• Contact us: Name, email, and any information you include in support requests, feedback, or survey responses.

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect:

• Usage data: Pages viewed, features used, debates joined, votes cast, session duration, navigation paths, and interaction patterns.
• Device information: Browser type and version, operating system and version, device type, screen resolution, and unique device identifiers.
• Network data: Internet Protocol (IP) address, internet service provider, approximate geographic location derived from IP address (city/region level), and connection type.
• Log data: Server access logs including timestamps, pages requested, HTTP status codes, referring/exit URLs, and error data.
• Cookies and similar technologies: We use cookies, local storage, and similar technologies as described in our Cookie Policy.

1.3 Information from Third-Party Services

• Clerk (authentication): When you sign in via social login providers (Google, Apple), we receive your name, email address, and profile picture from those services. Clerk manages authentication sessions and token security on our behalf.
• LiveKit (real-time audio): Audio streams during live debates are processed in real time by LiveKit infrastructure. Audio is streamed to debate participants and is not permanently recorded or stored by FanClash unless explicitly disclosed for a specific feature.
• GetStream (chat messaging): Chat messages in debate rooms are processed and temporarily stored by GetStream to enable real-time messaging. Message history is retained for the duration of the debate and a reasonable period thereafter.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases:

• Contractual necessity (Art. 6(1)(b) GDPR): Processing necessary to perform our contract with you (providing the Service, managing your account, processing subscriptions).
• Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, including improving the Service, preventing fraud and abuse, enforcing our terms, and ensuring platform security. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a) GDPR): Where we process data based on your consent (e.g., marketing communications, non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Service: Create and manage your account, enable live audio debates, process votes, maintain leaderboards, deliver chat functionality, and manage team features.
• Personalize your experience: Display relevant debates based on your sports preferences, recommend teams, and customize content and notifications.
• Communicate with you: Send transactional notifications (debate invitations, team activity, voting results), platform updates, and — with your consent — marketing communications. You can manage notification preferences in Settings.
• Process payments: Handle subscription billing, renewals, cancellations, and related transactions through our payment processor.
• Improve and develop the Service: Analyze usage patterns, conduct internal research, identify and fix bugs, test new features, and improve platform performance.
• Ensure safety and security: Detect and prevent fraud, abuse, vote manipulation, unauthorized access, and violations of our Community Guidelines and Terms of Service.
• Comply with legal obligations: Respond to lawful requests from regulatory authorities, law enforcement, and courts.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may disclose your information in the following limited circumstances:

• Publicly visible information: Your username, profile picture, team affiliations, debate participation history, win/loss record, leaderboard rank, and XP are visible to other users of the Service. This is integral to the platform experience.
• Service providers (data processors): We share data with trusted third-party companies that process data on our behalf to help us operate the Service. These processors are contractually obligated to use your data only as instructed by us and to maintain appropriate security measures:
  • Clerk — authentication and account management
  • Stripe — payment processing and subscription management
  • LiveKit — real-time audio streaming infrastructure
  • GetStream — real-time chat messaging and video calls
  • PlanetScale — database hosting
  • Upstash — caching and real-time data processing
  • Cloudflare — content delivery network and file storage
  • Sentry — error monitoring and performance tracking
  • Resend — transactional email delivery
  • FACEIT — gaming statistics (only when you link your account)
  • Vercel / Railway — application hosting
• Legal requirements: We may disclose information when required by law, subpoena, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or use of your personal information.
• With your consent: We may share your information for purposes not described in this policy when we have obtained your explicit consent.

5. Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to operate the Service, remember your preferences, and analyze usage. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:

• Account data: Retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
• Debate content: Chat messages and debate metadata (participants, votes, outcomes) are retained to maintain leaderboard integrity and historical records. Audio streams are processed in real time and are not permanently stored by FanClash.
• Usage and analytics data: Retained in aggregated, anonymized form for up to 24 months for service improvement.
• Payment records: Transaction records are retained as required by applicable tax and financial regulations.
• Legal holds: Data may be retained longer if required for ongoing legal proceedings, regulatory compliance, or dispute resolution.

7. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect your personal information, including:

• Encryption of data in transit using TLS/SSL and encryption at rest where applicable
• Token-based authentication via Clerk (no passwords stored on our servers)
• Rate limiting and abuse prevention on all API endpoints
• HTTP security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy)
• Regular security reviews and vulnerability assessments
• Role-based access controls limiting employee access to personal data on a need-to-know basis

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and applicable authorities as required by law.

8. Your Privacy Rights

Depending on your jurisdiction, applicable data protection laws may provide you with the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal exceptions.
• Right to data portability: Request your personal data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request that we limit how we process your personal data in certain circumstances.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, email us at privacy@fanclash.io. We will respond within 30 days (or sooner as required by applicable law). We may request identity verification before processing your request. We will not charge a fee for processing reasonable requests, except as permitted by law.

8.1 Managing Communications

You can manage notification preferences through the Settings page. You may unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email. Please note that even if you opt out of marketing communications, we may still send you transactional communications related to your account and use of the Service.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, provides you with the following additional rights:

• Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting the information, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request deletion of personal information we have collected from you, subject to certain legal exceptions.
• Right to correct: You have the right to request correction of inaccurate personal information.
• Right to opt out of sale/sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA.
• Right to limit use of sensitive personal information: You have the right to limit the use of sensitive personal information to purposes necessary to provide the Service.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at privacy@fanclash.io or use the account deletion feature in Settings. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

9.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, username, IP address, unique device identifiers
• Internet or network activity: Browsing history on the Service, interaction data, search queries
• Geolocation data: Approximate location derived from IP address
• Audio information: Audio streams during live debates (processed in real time, not permanently stored)
• Inferences: Preferences and characteristics derived from your activity on the Service

10. Additional U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws may have similar rights to those described in Sections 8 and 9 above, including the right to access, correct, delete, and obtain a copy of personal data, and the right to opt out of targeted advertising, profiling, and sale of personal data.

To exercise your rights under applicable state privacy laws, contact us at privacy@fanclash.io. If we decline your request, you may have the right to appeal our decision by contacting us at the same address.

11. International Data Transfers

FanClash is operated from the United States. If you access the Service from outside the United States, your personal data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

For users in the EEA, UK, or Switzerland, we rely on the following transfer mechanisms to ensure adequate protection for cross-border data transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with our service providers that include appropriate safeguards
• Adequacy decisions where applicable

12. Children's Privacy (COPPA)

The Service is not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or 16 in the European Economic Area). We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws.

If we become aware that we have inadvertently collected personal information from a child under these ages without verifiable parental consent, we will take immediate steps to delete such information from our systems. If you believe a child under the applicable age has provided us with personal information, please contact us immediately at privacy@fanclash.io.

13. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" and "Effective date" at the top of this page
• Post the revised policy on the Service
• For material changes, provide notice via email or in-app notification at least 30 days before the changes take effect

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may request deletion of your account.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

• Email: privacy@fanclash.io
• Website: fanclash.io

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).