QuickSave

QuickSave ("we", "our", or "the app") is a mobile application designed to help hockey teams track shots, saves, and game statistics. Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights. This Privacy Policy forms an integral part of our Terms of Service.

Data Controller

1. Personal Data We Collect

Data provided directly by the User

Data collected automatically

Data imported from third-party services

Data we do NOT collect

2. How We Use Your Data

We use Personal Data exclusively to:

• Provide, maintain and improve the Service;
• Authenticate Users and secure accounts;
• Synchronize data across the User's devices;
• Display personalized performance analytics within the Application;
• Process payments, manage Subscriptions and issue invoices and receipts;
• Send account-related communications (signup confirmation, password reset, email change, payment confirmations, renewal notices);
• Respond to support requests;
• Comply with our legal and fiscal obligations;
• Protect our rights and prevent abuse.

We do not sell, rent or share Personal Data for advertising, marketing or profiling purposes.

3. Legal Bases for Processing (GDPR — Article 6)

For Users located in the European Economic Area (EEA), the United Kingdom or Switzerland:

4. Data Sharing and Disclosure

We share Personal Data only with the following recipients and only to the extent necessary:

User-Initiated Sharing. Users may choose to share a game's statistics via a public link. This action generates a unique link containing a random identifier (UUID) that provides read-only access to game data (score, shots, goalie statistics, team names). The link is accessible without authentication and expires automatically after 30 days. Users can revoke a share link at any time. This sharing is explicitly initiated by the User and does not constitute a sale or transfer of Personal Data to third parties by the Publisher.

We may also disclose Personal Data:

• In response to a court order, subpoena or other legal requirement;
• To protect the rights, property or safety of the Publisher, Users or the public;
• In connection with a merger, acquisition, reorganization or sale of assets (Users will be notified);
• With the User's explicit consent.

5. International Data Transfers

Personal Data is stored on Supabase servers located in the United States. Payment data is processed by Apple Inc. or Google LLC via their in-app purchase systems, whose servers are located in the United States. These transfers are necessary for the provision of the Service.

• EEA/UK/Switzerland: Transfers to the US are governed by Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework, in accordance with Chapter V of the GDPR.
• Québec: In accordance with Law 25, we ensure that data transferred outside Québec receives an adequate level of protection. A privacy impact assessment (PIA) has been conducted pursuant to section 17 of the Act respecting the protection of personal information in the private sector.

6. Data Security

Despite these measures, no method of electronic transmission or storage is completely secure. The Publisher cannot guarantee absolute data security.

In the event of a data breach likely to present a risk to the rights and freedoms of Users, the Publisher commits to notifying the competent supervisory authority within the time required by law (72 hours for GDPR, "as soon as possible" for Law 25) and to informing affected Users without undue delay when the breach presents a high risk.

7. Cookies and Tracking Technologies

The QuickSave mobile application uses no cookies, tracking pixels, web beacons or similar tracking technologies.

No third-party behavioral analytics or marketing services (Google Analytics, Firebase Analytics, Amplitude, Mixpanel, etc.) are integrated into the Application. Only an error monitoring and crash reporting service (Sentry) is used for app stability and debugging purposes. Sentry receives only diagnostic data (error traces, device type, OS/app version) and a pseudonymous user ID; no personally identifiable information (email, name, address) is transmitted. See Sentry's Privacy Policy.

8. Data Retention

Personal Data is retained as long as the User's account is active and as necessary for the purposes described in this policy.

Upon account deletion:

• Profile, teams, goalies, opponents, games, shots and logos are deleted within forty-eight (48) hours;
• Deletion records ("tombstones") are retained for synchronization consistency, then purged periodically;
• Session data is deleted immediately;
• Any active Pro Subscription is cancelled with the Apple App Store or Google Play Store.

Billing data and transaction history may be retained for up to seven (7) years in accordance with Canadian fiscal and accounting obligations. Payment data held by Apple or Google is subject to their respective retention policies. The User may manage their payment data directly via their Apple or Google account settings.

9. Québec (Law 25 / PPIPS)

This section applies to Users residing in Québec, in addition to the general provisions above.

Privacy Officer

Pursuant to section 3.1 of the PPIPS, the person responsible for the protection of personal information is:

Consent

In accordance with Law 25, User consent is obtained in a manifest, free and informed manner:

• Explicit for sensitive data or transfers outside Québec;
• Implicit for data necessary for the performance of the Service.

The User may withdraw consent at any time by contacting [email protected].

Your Rights under Law 25

• Right of access (s. 27): Obtain communication of personal information concerning you.
• Right of rectification (s. 28): Have inaccurate, incomplete or ambiguous information corrected.
• Right to deletion (right to be forgotten) (s. 28.1): Request deletion or cessation of dissemination, subject to legal exceptions.
• Right to portability (s. 27): Receive your information in a structured, commonly used technological format.
• Right to withdraw consent: Withdraw consent for certain processing activities.

We will respond within thirty (30) days, extendable by thirty (30) additional days for complex requests.

Complaints may be filed with the Commission d'accès à l'information du Québec (CAI): cai.gouv.qc.ca

10. European Union / EEA (GDPR)

This section applies to Users residing in the EEA, the United Kingdom or Switzerland.

Data Subject Rights (Articles 15–22)

• Right of access (art. 15): Obtain confirmation that your data is being processed and receive a copy.
• Right to rectification (art. 16): Have inaccurate or incomplete data corrected.
• Right to erasure ("right to be forgotten") (art. 17): Request deletion when data is no longer necessary, you withdraw consent, or processing is unlawful.
• Right to restriction of processing (art. 18): Obtain restriction in certain cases.
• Right to data portability (art. 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to object (art. 21): Object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right not to be subject to automated decision-making (art. 22): We do not engage in automated decision-making or profiling producing legal effects.

Requests may be sent to [email protected]. We will respond within one (1) month, extendable by two (2) additional months for complex requests, pursuant to Article 12(3) GDPR.

Complaints may be filed with the supervisory authority of your Member State of residence. The list of authorities is available at: edpb.europa.eu

EU Representative

Pursuant to Article 27 GDPR, if an EU representative is required, the Publisher will designate one and communicate the contact details to affected Users. As of the date of this policy, no EU representative has been designated. EEA Users may direct requests to: [email protected].

11. United States

California Residents (CCPA / CPRA)

Categories of Personal Information Collected

California Consumer Rights

• Right to know: Request the categories and specific pieces of personal information collected, the purposes, the sources, and the third parties with whom we share.
• Right to delete: Request deletion of your personal information, subject to legal exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination: You will not be discriminated against for exercising your rights.

Requests may be submitted by email to [email protected]. We will verify your identity before processing any request. We will respond within forty-five (45) days, extendable by forty-five (45) additional days if necessary.

Other US States

For residents of other US states with consumer privacy laws (Virginia, Colorado, Connecticut, Utah, etc.), we commit to honoring equivalent rights of access, deletion, correction and refusal of targeted profiling, to the extent applicable.

"AS IS" Disclaimer (US Law)

12. Children's Privacy

QuickSave is a statistical tracking application for hockey teams. While the Application is not specifically directed at children, the Publisher recognizes that hockey includes youth leagues and that data relating to minor players (goalie names) may be entered by coaches or parents using the Application.

COPPA (United States)

The Application is not directed at children under thirteen (13) years of age under COPPA (15 U.S.C. §§ 6501-6506). We do not knowingly collect Personal Data directly from children under 13. The Application is intended for use by adults (coaches, parents, adult goalies).

Data relating to minor goalies (first name, jersey number, catching side) is entered by the responsible adult User and constitutes User Content under that adult User's responsibility.

If a parent or legal guardian believes a child under 13 has created an account or provided Personal Data without required parental consent, please contact us immediately at [email protected]. We will promptly delete the data.

GDPR — Minors (Article 8)

For EEA Users, processing data of a child under 16 (or a lower age set by the Member State, minimum 13) based on consent is only lawful if authorized by the holder of parental responsibility. The Application requires the account-creating User to be an adult or to act with parental consent.

Law 25 (Québec) — Minors

Under Law 25 and the Québec Civil Code, consent for a minor under 14 must be given by the holder of parental authority. The Publisher does not knowingly collect personal information directly from minors under 14 without parental consent.

Recommendations for Adult Users

Coaches, parents and guardians entering data about minor players are encouraged to:

• Use only first names or initials when the full name is not necessary;
• Obtain appropriate consent from parents or legal guardians before entering data identifying a minor;
• Delete data relating to a minor player when it is no longer needed.

13. Changes to This Policy

We may update this Privacy Policy at any time. Changes take effect upon publication. For material changes, we will endeavor to notify Users by email or in-app notice at least thirty (30) days before the changes take effect. Continued use of the Application after publication constitutes acceptance of the revised policy.

14. Contact Us

For any question, rights exercise request, complaint or concern regarding this Privacy Policy, please contact: