Last Updated: December 14, 2024
Privacy Policy
This Privacy Policy explains how QickBackBall ("we," "us," or "our") collects, uses, and protects your personal data when you use our QickBackBall mobile application (the "App").
The App is intended for users aged 13 years and older. For users located in countries where the legal age of digital consent is higher than 13, use of the App may require consent from a parent or legal guardian, in accordance with applicable local laws.
QBB Sport AB is the data controller responsible for processing your personal data under GDPR.
1. Information We Collect
1.1 Information You Provide Directly
When you register for an account, we collect:
- Username: Your chosen display name
- Email address: Used for account management and communications
- Country: To identify your location
- Profile avatar: An optional profile picture you upload
- Password: Securely stored by our authentication provider (Auth0)
1.2 Information Collected Automatically
When you use the App, we automatically collect:
- Game results: Your scores, game duration, and timestamps
- Authentication data: Secure tokens managed by Auth0 to keep you logged in
1.3 Audio and Video Data Processing (On-Device Only)
The App processes audio and video data entirely on your device:
- Audio analysis: The App uses machine learning to detect kick sounds from your microphone. Audio data is never sent to our servers.
- Video recording: If you choose to record gameplay videos, they are saved locally to your photo library and are never automatically uploaded to our servers. If you share videos, this is done through your device's native sharing functionality (which we do not control).
2. How We Use Your Information
We use the collected information to:
- Provide and maintain the App: Enable core functionality including user authentication and game tracking
- Improve the App: Enhance performance and user experience
- Communicate with you: Send important updates about your account or the App
- Ensure security: Detect and prevent fraud, abuse, and technical issues
- Comply with legal obligations: Meet regulatory requirements under Swedish and EU law
3. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on:
- Contract performance: Processing necessary to provide the App services you signed up for
- Legitimate interests: Improving the App, ensuring security, and preventing fraud
- Consent: Where we ask for your explicit consent (e.g., recording videos, accessing camera/microphone)
- Legal compliance: Meeting our obligations under Swedish and EU law
4. Device Permissions
The App requests the following device permissions:
| Permission | Purpose | Platform |
|---|---|---|
| Camera | Scan QR codes during registration and optionally record gameplay videos locally | iOS & Android |
| Microphone | Detect kick sounds during gameplay using on-device AI | iOS & Android |
| Media Library | Save recorded gameplay videos to your device's local storage | iOS & Android |
You can deny these permissions, but certain features may not be available. Audio detection will not work without microphone access, and video recording requires camera access. All audio and video processing happens entirely on your device - no audio or video data is sent to our servers.
5. Data Storage and Security
5.1 Where We Store Your Data
Your data is stored in the following locations:
- Authentication data: Managed by Auth0, a certified authentication service provider
- User profiles, game results, and avatars: Stored securely in Microsoft Azure data centers located in the European Union
- Gameplay videos: Stored locally on your device only (not uploaded to our servers)
5.2 Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest in Azure storage
- Secure authentication tokens (OAuth 2.0 / OpenID Connect)
- Access controls and monitoring
- Regular security assessments
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Sharing and Third Parties
We share your information only with the following trusted service providers:
6.1 Service Providers
- Auth0 (Okta, Inc.): Provides authentication and identity management services. Auth0 processes your email, password, and authentication tokens. Auth0 Privacy Policy
- Microsoft Azure: Provides cloud infrastructure for data storage and hosting. Azure stores your profile data, game results, and profile avatars. Microsoft Privacy Policy
6.2 No Marketing or Analytics Sharing
We do not share your personal information with:
- Advertising networks
- Marketing platforms
- Analytics services (beyond basic Azure/Auth0 technical logs)
- Social media companies
- Data brokers
6.3 Legal Requirements
We may disclose your information if required by law, such as:
- Responding to valid legal processes (court orders, subpoenas)
- Protecting our rights, property, or safety
- Investigating fraud or security issues
- Complying with regulatory authorities
7. Data Retention
We retain your information as follows:
- Account data: Retained while your account is active
- Game results: Retained while your account is active and for legitimate statistical purposes. Upon account deletion, personal identifiers are removed and data may be retained in anonymized form for statistical analysis
- Authentication logs: Retained by Auth0 according to their retention policy (typically 30 days)
- Backup data: May be retained for up to 30 days in encrypted backups for disaster recovery
- Gameplay videos: Stored locally on your device only; we do not retain videos on our servers
8. Your Rights Under GDPR
As a user in the European Union (including Sweden), you have the following rights:
8.1 Right to Access
You can request a copy of all personal data we hold about you. Contact us at contact@qickbackball.com to make a request.
8.2 Right to Rectification
You can update your username, email, country, and avatar directly in the App. Contact us if you need assistance.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your account at any time. Important: When you delete your account:
- Your username, email, and avatar are permanently removed
- Your game results are anonymized (your personal information is removed, but the scores may be retained for statistical purposes)
- Some data may remain in encrypted backups for up to 30 days
- Note: Gameplay videos stored on your device are managed by you and are not affected by account deletion
8.4 Right to Data Portability
You can request a machine-readable copy of your data (JSON format) by contacting us.
8.5 Right to Restriction of Processing
You can request that we limit how we process your data in certain circumstances.
8.6 Right to Object
You can object to processing based on legitimate interests. We will comply unless we have compelling legitimate grounds.
8.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time by:
- Revoking camera/microphone permissions in your device settings
- Deleting your account
- Contacting us at contact@qickbackball.com
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:
Swedish Authority for Privacy Protection (IMY)
Website: https://www.imy.se
Email: imy@imy.se
9. Age Requirement
The App is intended for users aged 13 years and older.
For users located in countries where the legal age of digital consent is higher than 13, use of the App may require consent from a parent or legal guardian, in accordance with applicable local laws.
We do not knowingly collect personal data from users below the applicable age of consent without such consent.
9.1 Discovery of Underage Users
If we become aware that we have collected personal information from a user below the applicable age of consent without proper authorization, we will take steps to delete that information as quickly as possible.
9.2 Parental Notification
If you are a parent or guardian and believe that your child has provided personal information to us without appropriate consent, please contact us immediately at contact@qickbackball.com, and we will delete such information from our systems.
10. International Data Transfers and EU Focus
We primarily serve users in the European Union and store data within the EU:
- User data and game results are stored in Microsoft Azure data centers located in the European Union
- Auth0 (our authentication provider) is a US-based company that may process authentication data in the United States under Standard Contractual Clauses (SCCs) approved by the European Commission
- All data transfers outside the EU comply with GDPR requirements through appropriate safeguards including SCCs and adequacy decisions
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date at the top of this policy
- Sending an email notification for material changes (if we have your email address)
Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: contact@qickbackball.com
Postal Address:
QBB Sport AB
Slånbärsgatan 24
703 60 Örebro
Sweden
Data Protection Contact: contact@qickbackball.com
13. Cookies and Tracking Technologies
The App does not use cookies or tracking technologies. Authentication is handled through secure tokens managed by Auth0.