GDPR & your rights

• Contract — to create your account, run the prediction game, and deliver any prizes you win.
• Legitimate interests — to keep the Service secure, prevent fraud and abuse, and send you essential service messages.
• Consent — for optional marketing emails and non-essential analytics. You can withdraw consent at any time.
• Legal obligation — to retain limited records (e.g. tax, prize delivery) where law requires.

• Access — get a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data (you can also edit most of this from your settings).
• Erasure — delete your account and personal data, subject to legal retention exceptions.
• Restriction — pause certain processing while we resolve a dispute.
• Objection — object to processing based on legitimate interests.
• Portability — receive your data in a structured, machine-readable format (JSON).
• Withdraw consent — opt out of marketing or analytics at any time.
• No automated decisions — we do not make decisions about you with legal or significant effects using automated processing alone.

Email privacy@bracket26.example from the address on your account, with the right you wish to exercise. We respond within 30 days. For complex or volume requests, we may extend this by a further two months and will tell you why.

To protect your account, we may ask for additional information to verify your identity. We do not charge a fee unless a request is manifestly unfounded or excessive.

Our primary infrastructure is in the EU. Where a processor is located outside the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (and the UK IDTA where relevant), together with supplementary technical and organisational safeguards.

We delete personal data when it is no longer needed for the purposes it was collected. Specific retention periods are listed in our Privacy Policy. Backup copies are rotated and overwritten on a 30-day cycle.

You can lodge a complaint with the data protection authority in your country of residence at any time. In Ireland, this is the Data Protection Commission (dataprotection.ie). In the UK, the Information Commissioner's Office (ico.org.uk). We'd appreciate the chance to address your concern directly first.