Privacy Policy

We have not appointed a Data Protection Officer because the statutory thresholds in Art. 37 GDPR / §38 BDSG do not apply. For privacy enquiries please contact us at the email above.

The data we hold falls into two buckets. Voluntarily provided data is what you knowingly give us — for example when you register, contact support, or subscribe to updates. Automatically collected data is sent by your devices in the course of accessing the Service: log data, error data, and analytics events.

We use a small number of first-party cookies and similar storage. Strictly necessary cookies (authentication, CSRF protection, language and tweaks preferences) are set on the basis of Art. 6(1)(b) and do not require consent. Marketing and product-improvement cookies are set only after you opt in via the cookie banner shown on your first visit. You can change your choice at any time using the button below or via your browser settings; refusing optional cookies does not affect the core functionality of the service.

We share personal data only with carefully selected processors who support core functions of the service — for example payment processing, email delivery, hosting, and website analytics. Each processor is bound by a data-processing agreement (Art. 28 GDPR). Where transfers to third countries are involved we rely on EU adequacy decisions or, where none is available, on the EU Standard Contractual Clauses with appropriate supplementary measures. The website-analytics processor we currently use is listed below; details of other processors are available on request.

If you join the Partner Program we additionally process the contact details and payout information you provide (typically an email address, an IBAN or SEPA reference, your country of residence, and the promotional channels you intend to use). Referrals are linked to your Partner ID for the purpose of attributing eligible commissions; they remain linked even if a referred user cancels and re-subscribes later. Legal basis: Art. 6(1)(b) — performance of the partner contract — and Art. 6(1)(c) for tax-related retention. Payout data is retained for the statutory accounting period.

If we are acquired, merged, or — in the unlikely event — enter insolvency, your personal data may form part of the assets transferred to a successor. We will inform you in advance of any such transfer where required by law, and the successor will be bound to honour this Privacy Policy unless you receive notice of changes.

The GSS AI commentary engine uses third-party large-language-model inference under enterprise terms. Match commentary, value-bet explanations and the in-app Copilot may include AI-generated text. We do not allow the model provider to use your prompts or our content for model training, and prompts are not retained beyond the operational caches needed for delivery.

None of our automated processing produces legal effects on you or significantly affects you within the meaning of Art. 22 GDPR. Predictions concern football matches, not individuals; pricing and account decisions are reviewed by humans where any human-effect threshold could apply.

We retain personal data only as long as necessary for the purposes described above. Account data is kept for the lifetime of the account plus the statutory retention periods that apply afterwards (typically up to 10 years for invoice and tax records under §147 AO / Companies Act). Security logs are kept for 30 days, anonymised analytics for up to 26 months, support ticket history for 24 months unless you ask for earlier deletion.

Subject to applicable law you have the right to (a) request a copy of the personal data we hold about you (Art. 15), (b) ask us to correct inaccurate data (Art. 16), (c) ask us to erase your data (Art. 17), (d) restrict processing (Art. 18), (e) receive your data in a portable format (Art. 20), (f) object to processing based on legitimate interests (Art. 21), and (g) withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, write to info@gss-analytics.com. We will respond within one month. You also have the right to lodge a complaint with a supervisory authority — primarily the Information Commissioner's Office (ICO) (https://ico.org.uk). EU and EEA users may also lodge a complaint with the supervisory authority of their habitual residence.

The GSS Analytics platform is for adults only. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has created an account, contact us and we will delete the data without undue delay.

We protect personal data with measures appropriate to the risk: TLS for all transport, password hashing with modern KDFs, scoped access tokens, role-based access control, regular dependency patching, encrypted backups, and monitoring of administrative actions. No method of online transmission or storage is fully secure; you remain responsible for safeguarding your account credentials.

Some processors are located outside the EEA / UK. Such transfers take place under EU adequacy decisions where available, otherwise under the European Commission’s Standard Contractual Clauses with technical and organisational supplementary measures.

We may update this Privacy Policy to reflect product changes, new processors, or legal developments. The current version is identified by the “last updated” date at the top. Material changes will be announced in-app and, where required, by email. Continued use of the service after the update constitutes acceptance of the revised policy.