Legal

Privacy Policy

Last updated: April 2026 · Applies to spectosport.com

1. Data Controller

Specto ("we", "us") is the data controller for your personal data. Contact: hej@spectosport.com

2. What Data We Collect

Data you provide:

Email address and username (when you register)
Password (stored as a bcrypt hash — we never see your plain-text password)
Tips and predictions you submit
Forum posts and comments
Profile preferences (favourite team, notification settings)

Data collected automatically:

Browser type and version (anonymised)
Pages visited and time spent (Vercel Analytics — anonymised, no personal identifiers)
Push notification subscription tokens (if you opt in)
Session cookie to keep you logged in

3. How We Use Your Data

Provide and personalise the Specto service
Send push notifications you have opted in to (match events, new AI analyses)
Improve the AI prediction model using aggregated, anonymised outcome data
Ensure platform security and prevent abuse
Comply with legal obligations

We never sell your personal data to third parties. We do not use your data for advertising profiling.

4. Cookies

We use only essential cookies — no tracking or advertising cookies.

Session cookie — keeps you logged in (expires when you log out or after 30 days)
Theme cookie — remembers your dark/light mode preference (1 year)
Locale cookie — remembers your language choice (1 year)

5. Third-Party Services

We share data with the following third parties only to the extent necessary to operate Specto:

Supabase (EU region) — database and authentication. Your account data is stored on Supabase servers.
Vercel (EU region preferred) — hosting and edge network. Anonymised access logs only.
API-Football (RapidAPI) — we send no personal data; we only receive public match data.
Anthropic (Claude) — AI text generation. Match context is sent (no personal identifiers).

6. Data Retention

Account data: retained while your account is active + 90 days after deletion
Forum posts: retained after account deletion in anonymised form unless you request full deletion
Push tokens: deleted immediately when you unsubscribe
Analytics data: aggregated and anonymised — no individual retention limit

7. Your Rights (GDPR)

Under the GDPR you have the right to:

Access — request a copy of the data we hold about you
Rectification — correct inaccurate data
Erasure — request deletion of your account and personal data
Portability — receive your data in a machine-readable format
Restriction — limit how we process your data in certain circumstances
Objection — object to processing based on legitimate interests

To exercise any right, email hej@spectosport.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

8. Security

All data is transmitted over HTTPS. Passwords are hashed. Database access is restricted by row-level security policies. We review our security practices regularly.

9. Contact

Questions about this policy? hej@spectosport.com

Svenska · Terms of Service

2. What Data We Collect

Data you provide:

Email address and username (when you register)

Password (stored as a bcrypt hash — we never see your plain-text password)

Tips and predictions you submit

Forum posts and comments

Profile preferences (favourite team, notification settings)

Data collected automatically:

Browser type and version (anonymised)

Pages visited and time spent (Vercel Analytics — anonymised, no personal identifiers)

Push notification subscription tokens (if you opt in)

Session cookie to keep you logged in

3. How We Use Your Data

Provide and personalise the Specto service

Send push notifications you have opted in to (match events, new AI analyses)

Improve the AI prediction model using aggregated, anonymised outcome data

Ensure platform security and prevent abuse

Comply with legal obligations

We never sell your personal data to third parties. We do not use your data for advertising profiling.

5. Third-Party Services

We share data with the following third parties only to the extent necessary to operate Specto:

Supabase (EU region) — database and authentication. Your account data is stored on Supabase servers.

Vercel (EU region preferred) — hosting and edge network. Anonymised access logs only.

API-Football (RapidAPI) — we send no personal data; we only receive public match data.

Anthropic (Claude) — AI text generation. Match context is sent (no personal identifiers).

6. Data Retention

Account data: retained while your account is active + 90 days after deletion

Forum posts: retained after account deletion in anonymised form unless you request full deletion

Push tokens: deleted immediately when you unsubscribe

Analytics data: aggregated and anonymised — no individual retention limit

7. Your Rights (GDPR)

Under the GDPR you have the right to:

Access — request a copy of the data we hold about you

Rectification — correct inaccurate data

Erasure — request deletion of your account and personal data

Portability — receive your data in a machine-readable format

Restriction — limit how we process your data in certain circumstances

Objection — object to processing based on legitimate interests

To exercise any right, email hej@spectosport.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.