Scorebox
Legal

Privacy Policy

Last updated reflects the source document in the Scorebox repository.

SCOREBOX — PRIVACY POLICY v1.0.0

Effective Date: March 13, 2026 Last Updated: March 13, 2026

PLEASE READ THIS PRIVACY POLICY CAREFULLY. THIS PRIVACY POLICY DESCRIBES HOW SCOREBOX LLC COLLECTS, USES, DISCLOSES, AND PROTECTS YOUR PERSONAL INFORMATION WHEN YOU USE THE SCOREBOX MOBILE APPLICATION.

1. INTRODUCTION

This Privacy Policy ("Policy") is provided by Scorebox LLC, a Colorado limited liability company ("Scorebox," "Company," "we," "us," or "our"), and applies to Your use of the Scorebox mobile application, including all associated features, functionality, content, and services (collectively, the "Application" or "App").

By accessing or using the Application, You acknowledge that You have read, understood, and agree to the collection, use, and disclosure of Your information as described in this Policy. If You do not agree to this Policy, You must not access or use the Application.

This Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined herein shall have the meanings ascribed to them in the Terms of Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

(a) Account Information. When You create an account, we collect Your:

  • First and last name
  • Email address
  • Gamertag (display name)
  • Profile photograph (if provided)
  • Authentication credentials (managed by our authentication provider)

(b) Profile Information. You may voluntarily provide additional information, including a profile avatar and gamertag, which is publicly visible to all authenticated Users.

(c) Event and Match Data. When You participate in Matches and Events, we collect:

  • Match scores, results, and game-by-game records
  • Team compositions and player lineups
  • Dispute submissions (Red Flag) and resolution outcomes
  • Event registration details and Squad roster information

(d) Communications. When You use the Application's messaging features, we collect the content of Your direct messages, group messages, and event-related communications.

(e) Payment Information. When You make a payment through the Application (e.g., Event hosting fees, Event registration fees, Venue reservations), payment information is collected and processed directly by our third-party payment processor, Stripe, Inc. Scorebox does not collect, store, or have direct access to Your payment card numbers, bank account numbers, or other sensitive financial data.

(f) Referral Program Data. If You participate in the Commissioner Referral Program, we collect and store Your unique referral code, referral usage records (who referred whom), and referral credit balances (earned and redeemed amounts). This data is used to administer the program, prevent abuse, and apply credits to hosting fees.

(g) Venue Management Data. If You claim or manage a Venue, we collect information related to Your Venue, including Station configurations, session settings, and Stripe Connect onboarding details (processed by Stripe).

2.2 Information Collected Automatically

(a) Device Information. We automatically collect certain information about Your device, including device type, operating system version, and unique device identifiers, to ensure compatibility and improve the Application.

(b) Push Notification Tokens. When You grant notification permissions, we collect Your Apple Push Notification service (APNs) device token to deliver push notifications. This token is associated with Your user account and removed upon sign-out.

(c) Usage Data. We may collect information about how You interact with the Application, including features accessed, actions taken, and time spent within the Application.

2.3 Information Collected With Your Permission

(a) Location Data. The Application accesses Your device's location services only in the following limited circumstances:

  • Venue Waitlist (Remote Join): When You join a Venue waitlist remotely through the Application, we verify that You are within 200 meters of the Venue. This is a one-time proximity check; continuous location tracking does not occur.
  • Presence Confirmation: When confirming physical presence at a Venue via the Application (without QR scan), location is used for verification.
  • Location data is never collected during casual play, when claiming a Station via QR code scan, or for any purpose unrelated to Venue proximity verification.

(b) Camera Access. The Application accesses Your device camera only for:

  • Scanning Station QR codes to claim a Station
  • Scanning profile QR codes to navigate to another User's profile
  • Capturing or updating Your profile photograph
  • The camera is not accessed for any other purpose.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Core Application Functionality

  • To create, maintain, and authenticate Your account
  • To record and display Match scores, statistics, and results
  • To calculate and update Elo ratings, rankings, and competitive statistics
  • To facilitate Event management, registration, Squad rosters, and Match scheduling
  • To operate the dispute resolution system (Red Flag process)
  • To manage Station claiming, waitlists, sessions, and reservations
  • To deliver direct messages, group messages, and event communications

3.2 Payments and Financial Transactions

  • To process Event hosting fees, Event registration fees, and Venue reservation payments through Stripe
  • To validate and apply promotional codes and referral codes/credits to applicable fees
  • To administer the Commissioner Referral Program, including tracking referral usage, awarding credits, and preventing abuse
  • To manage escrow of registration fees pending Event verification
  • To process refunds in accordance with our Terms of Service

3.3 Communications

  • To deliver push notifications regarding Match disputes, roster decisions, Station session updates, Event updates, and other operational and user-configured alerts
  • To send system-level communications regarding Your account, security, or changes to our Terms or this Policy

3.4 AI-Generated Content

  • To generate match commentary using artificial intelligence services (Anthropic Claude)
  • To generate text-to-speech audio for match commentary (OpenAI)
  • Match data (scores, team names, sport type) may be transmitted to these providers to generate contextual commentary. No personally identifiable information beyond gamertags and team names is shared for this purpose.

3.5 Venue Discovery

  • To provide Venue search and discovery features using Google Places API
  • Venue search queries (text-based) are transmitted to Google to return relevant results. Your personal information is not included in these queries.

3.6 Safety and Integrity

  • To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
  • To enforce our Terms of Service, including the prohibition on stat manipulation and smurfing
  • To maintain the integrity of the competitive ecosystem

3.7 Improvement and Development

  • To analyze usage patterns and improve Application features, performance, and user experience
  • To diagnose technical issues and maintain Application stability

4. HOW WE SHARE YOUR INFORMATION

4.1 Publicly Visible Information

By design, the following information is publicly visible to all authenticated Users of the Application:

  • Your display name, gamertag, and profile photograph
  • Your aggregated Match statistics, win/loss records, and Elo ratings
  • Your follower and following counts
  • Your Event participation (Squad membership, event rosters)

There is no private profile mode. By creating an account, You acknowledge and consent to the public visibility of the foregoing information.

4.2 Other Users

  • Match Opponents: Your name, gamertag, statistics, and Match results are shared with opponents and other participants in Your Matches and Events.
  • Commissioners: Event Commissioners can view roster information, Match results, and dispute details for Events they manage.
  • Messaging: Message content is shared with the intended recipient(s) of each conversation.

4.3 Third-Party Service Providers

We share information with the following third-party service providers who assist us in operating the Application:

Provider Purpose Data Shared
Supabase Pty Ltd Backend infrastructure, database, authentication, real-time subscriptions, file storage Account data, Match data, all application data
Stripe, Inc. Payment processing, Apple Pay, Stripe Connect onboarding Payment details (collected directly by Stripe), transaction metadata
Apple Inc. Sign In with Apple, Apple Pay, Push Notifications (APNs) Authentication tokens, device push tokens, payment authorization
Google LLC Google OAuth, Google Places API (venue discovery), venue photo retrieval Authentication tokens, venue search queries
Anthropic PBC AI match commentary generation (Claude) Match scores, team names, sport type, gamertags
OpenAI, Inc. Text-to-speech for match commentary Generated commentary text
Cloudflare, Inc. Web hosting, universal links, CDN Web request data for profile and event landing pages
Resend, Inc. Transactional email delivery (admin notifications) Admin notification content (not user-facing emails)
Have I Been Pwned (Troy Hunt) Breach-list password check during sign-up First 5 characters of the SHA-1 hash of the password entered into the sign-up form (k-anonymity protocol). The full password and full hash never leave the device.

Each third-party provider processes data in accordance with its own privacy policy and terms of service. We require our service providers to use Your information only as necessary to provide services to us.

4.4 Legal Requirements

We may disclose Your information if required to do so by law or in response to valid legal process, including:

  • Court orders, subpoenas, or government requests
  • To protect the rights, property, or safety of Scorebox, our Users, or the public
  • To enforce our Terms of Service
  • To detect, prevent, or address fraud, security, or technical issues

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, Your information may be transferred as part of that transaction. We will notify You of any such transfer and any choices You may have regarding Your information.

4.6 No Sale of Personal Information

Scorebox does not sell, rent, or trade Your personal information to third parties for their marketing purposes.

5. DATA RETENTION

5.1 Active Accounts

We retain Your information for as long as Your account remains active or as needed to provide You with the Application's services.

5.2 Match and Statistical Data

Match history, scores, statistical records, and Elo ratings may be retained indefinitely to maintain the integrity and continuity of the competitive ecosystem, even after account termination.

5.3 Communications

Message content is retained for the duration of the conversation and is not automatically deleted. You cannot selectively delete individual messages.

5.4 Account Deletion

Upon account deletion:

  • Your profile information (name, gamertag, avatar, email) will be removed
  • Your push notification tokens will be removed
  • Match history and statistical records may be retained in anonymized or aggregated form to preserve the integrity of historical results and other Users' records
  • Payment records may be retained as required by applicable financial regulations

5.5 Legal Obligations

We may retain certain information as required by law, regulation, or legal process, or to resolve disputes and enforce our agreements.

6. DATA SECURITY

6.1 Security Measures

We implement commercially reasonable technical and organizational measures to protect Your information, including:

  • Encrypted data transmission (TLS/SSL) for all communications between the Application and our servers
  • Row-Level Security (RLS) policies on all database tables, ensuring Users can only access data they are authorized to view
  • Authentication via JSON Web Tokens (JWT) with secure session management
  • Server-side price determination for financial transactions (client never transmits payment amounts)
  • API key and secret management through secure environment configuration

6.2 No Absolute Security

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of Your information. You are responsible for maintaining the confidentiality of Your account credentials.

7. CHILDREN'S PRIVACY

7.1 Age Restrictions

The Application is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen (13) years of age. If we become aware that we have collected personal information from a child under thirteen (13), we will take steps to delete such information promptly.

7.2 Financial Features

Users must be at least eighteen (18) years of age to access financial features of the Application, including paid Event registration and Venue reservations.

7.3 Parental Notice

If You are a parent or guardian and believe that Your child under the age of thirteen (13) has provided personal information to us, please contact us at support@scoreboxapp.com so that we can take appropriate action.

8. YOUR RIGHTS AND CHOICES

8.1 Account Information

You may review and update Your account information at any time through the Application's settings, including Your name, gamertag, and profile photograph.

8.2 Push Notifications

You may manage Your notification preferences through the Application's notification settings. Certain operational notifications (dispute alerts, roster decisions, session updates) are always delivered regardless of Your preferences. You may disable all push notifications through Your device's system settings, but You accept responsibility for any consequences of missed time-sensitive alerts.

8.3 Location Services

You may enable or disable location services for the Application through Your device's system settings at any time. Disabling location services will prevent You from joining Venue waitlists remotely.

8.4 Camera Access

You may enable or disable camera access for the Application through Your device's system settings at any time. Disabling camera access will prevent You from scanning QR codes and updating Your profile photograph.

8.5 Account Deletion

You may delete Your account at any time from within the Application via Settings → Delete Account. You may alternatively request deletion by contacting us at support@scoreboxapp.com. Upon deletion, we will remove Your personal profile information (name, gamertag, avatar, email) and push notification tokens, subject to the retention provisions set forth in Section 5. Deletion cannot be completed while You have active paid Events as Commissioner or claimed Venues; You must resolve those commitments first.

8.6 Data Access and Portability

You may request a copy of the personal information we hold about You by contacting us at support@scoreboxapp.com. We will respond to verified requests within a reasonable timeframe and in accordance with applicable law.

9. STATE-SPECIFIC PRIVACY RIGHTS

9.1 California Residents (CCPA/CPRA)

If You are a California resident, You may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:

  • Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about You.
  • Right to Delete: The right to request deletion of Your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell Your personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against You for exercising Your privacy rights.

To exercise these rights, contact us at support@scoreboxapp.com.

9.2 Colorado Residents (CPA)

If You are a Colorado resident, You may have additional rights under the Colorado Privacy Act ("CPA"), including the right to access, correct, delete, and obtain a portable copy of Your personal data, as well as the right to opt out of targeted advertising and profiling. Scorebox does not engage in targeted advertising or profiling based on personal data.

To exercise these rights, contact us at support@scoreboxapp.com.

9.3 Other State Privacy Laws

Residents of other states with applicable privacy legislation (including Virginia, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights. Please contact us at support@scoreboxapp.com to exercise any applicable rights.

10. INTERNATIONAL DATA TRANSFERS

The Application is operated from the United States. If You access the Application from outside the United States, please be aware that Your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in Your jurisdiction. By using the Application, You consent to such transfer, storage, and processing.

11. THIRD-PARTY LINKS AND SERVICES

The Application may contain links to third-party websites or services that are not operated by Scorebox. We are not responsible for the privacy practices of such third parties. We encourage You to review the privacy policies of any third-party services You access.

12. COOKIES AND TRACKING TECHNOLOGIES

The Scorebox mobile application does not use cookies. Web pages hosted at scoreboxapp.com (profile landing pages, event join pages) do not use tracking cookies or third-party analytics trackers.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify You through the Application or by other means prior to the effective date of the changes. Your continued use of the Application following the effective date of any modifications constitutes Your acceptance of the updated Policy. We encourage You to review this Policy periodically.

14. CONTACT US

If You have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Scorebox LLC Email: support@scoreboxapp.com

This Privacy Policy was last updated on March 13, 2026.