Privacy Policy
Last updated: February 13, 2026
FieldFinder ("we", "us", "our") operates the website at www.fieldfinder.xyz ("the Service"). This Privacy Policy explains how we collect, use, and protect your personal information.
1. Information We Collect
1.1 Account Information
When you sign in with Google OAuth, we receive and store your name, email address, and profile picture from your Google account.
1.2 Profile Information
You may optionally provide additional information such as a bio, preferred sports, and skill level. This information is visible to other users on your public profile.
1.3 Location Data
With your permission, we collect your approximate location through your browser's geolocation API. This is used to show nearby matches and fields. Location data is not stored on our servers — it is only used in real-time to sort and display results.
1.4 Usage Data
We automatically collect information about how you interact with the Service, including pages visited, matches joined, and chat messages sent. This data helps us improve the platform.
1.5 Payment Information
Payment information (such as credit card details) is collected and processed directly by Stripe. We do not store your payment card details on our servers. We receive only a confirmation of payment status and transaction identifiers from Stripe.
2. How We Use Your Information
We use your information to:
- Create and manage your account
- Display your profile to other users
- Show you relevant matches and fields based on your location
- Send notifications about matches you've joined (email and push notifications, with your consent)
- Process payments for paid matches
- Calculate and display your reliability score based on attendance
- Moderate content and enforce our Terms of Service
- Improve and maintain the Service
3. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Authentication | Name, email, profile picture |
| Stripe | Payment processing | Payment details, transaction info |
| Neon (PostgreSQL) | Database hosting | All stored user data |
| Cloudinary | Image storage | Uploaded profile images |
| Resend | Email delivery | Email address, notification content |
| Vercel | Hosting | Request logs, IP addresses |
Each third-party service has its own privacy policy. We encourage you to review them.
4. Cookies and Local Storage
We use the following browser storage technologies:
- Session cookies: To maintain your authentication state while signed in.
- Local storage: To save your theme preference (dark or light mode) and PWA installation state.
We do not use tracking cookies or third-party advertising cookies.
5. Push Notifications
With your explicit consent, we may send push notifications to your device about upcoming matches and other updates. You can manage or revoke push notification permissions at any time through your browser settings or the FieldFinder settings page. Your push subscription endpoint is stored in our database and deleted when you unsubscribe.
6. Data Retention
We retain your account data for as long as your account is active. Chat messages and match participation records are kept for the lifetime of the associated match. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
7. Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update or correct your profile information through the settings page.
- Deletion: Delete your account and all associated data. Contact us at support@fieldfinder.xyz to request account deletion.
- Data portability: Request an export of your data in a machine-readable format.
- Withdraw consent: Opt out of notifications or revoke location permissions at any time.
8. Data Security
We take reasonable measures to protect your data, including:
- Encrypted database connections (TLS/SSL)
- Secure authentication via OAuth 2.0
- Content Security Policy headers to prevent cross-site scripting
- Input sanitization and rate limiting on API endpoints
No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
FieldFinder is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it promptly.
10. International Users
Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your data to the United States. If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under GDPR — please contact us to exercise them.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting an updated version on this page with a revised "Last updated" date. Continued use of the Service constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at support@fieldfinder.xyz.
See also our Terms of Service.