BelmundoToday →

Privacy

This is the short, honest version. The legal long-form will land before the public launch (≤ 2026-06-10) — what's below describes the actual behavior of the app today.

What Belmundo collects

  • Your chosen handle and, if you sign in, your email address from Google, Apple, or magic-link.
  • Your predictions, scores, streaks, badges, and leaderboard rank.
  • A coarse country / region you pick once for the Regional mode. We don't ask for GPS unless you opt in to a future location-based feature.
  • Anonymized product analytics via PostHog (which screens load, which features get used) and crash reports via Sentry. Neither sees your name or your picks.
  • Web Push subscription tokens (only after you tap Enable on /profile) so we can fire the full-time buzz notifications.

What Belmundo never collects

  • Payment information for predictions. There's nothing to pay for a call — we never take wagers and never give cash prizes.
  • Your contacts, calendar, or any data outside the app.
  • Precise location unless you explicitly grant it for a Regional feature in the future.

Where your data lives

  • Player profile, calls, leagues, badges → Supabase (EU region).
  • Payment data for Pro subscribers → Stripe.
  • Email (magic-link, account emails) → Resend for delivery; the actual email address sits in Supabase Auth.
  • Analytics → PostHog (EU region).
  • Crash reports → Sentry.

All of these are GDPR-compliant subprocessors with European hosting where available.

What you can do

  • Change your handle, mode, or region/profile, edit inline.
  • Disable push notifications/profile → "Reminders" or your browser settings.
  • Sign out/profile → Account → Sign out.
  • Delete your account/profile → Account → Delete. Wipes your handle, calls, badges, streaks, push subscriptions, and referral code. We keep an anonymized aggregate ("a player existed with N calls") for product stats; nothing tied to you.

Cookies

  • Supabase session cookie — first-party, needed for sign-in to work. Set after you sign in (or after we create an anonymous guest session on first visit to /today).
  • PostHog — first-party, only set when NEXT_PUBLIC_POSTHOG_KEY is configured. Anonymized device id, never your name.
  • No advertising cookies. No third-party tracking pixels.

Children

Belmundo is built for adults. We don't knowingly accept users under 13 (or under 16 in regions where that's the GDPR floor). If we learn a child has signed up, we delete the account.

Contact

Email [email protected] for anything privacy-related — including data export and "right to be forgotten" requests under GDPR.

Privacy · Belmundo