Privacy Policy

1. Introduction

This Privacy Policy explains how ANGHEL DIGITAL SOLUTIONS S.R.L.("we", "us", "our"), the operator of MatchonAI ("Platform"), collects, uses, stores, and protects your personal data. We are registered in Romania (CUI 52188986, Nr. Reg. Com. J2025053838000) with our registered office at Str. Pitar Mos 27, Et. 5, Ap. 17, Cod 010452, Bucuresti, Romania.

As a Romanian/EU entity, we process personal data in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection legislation.

2. Data We Collect

We collect the following categories of personal data:

• Account Data — email address, display name, and authentication credentials (password hash). Stored securely in our cloud-hosted authentication system.
• Profile Data — optional avatar URL and display preferences you provide in your account settings.
• Usage & Analytics Data — actions you perform on the Platform (e.g., generating match analyses, viewing fixtures, clicking on features). These events are logged internally to measure feature engagement and improve the Service.
• Subscription & Payment Data — plan type, subscription status, and payment timestamps. Payment processing is handled entirely by Stripe; we do not store your credit card number or full payment details on our servers. We store only your Stripe customer ID for reference.
• AI Interaction Data — when you generate AI-powered match insights or post-match analyses, the prompts sent and responses received may be logged to improve quality and monitor usage.
• Device & Technical Data — IP address, browser type, operating system, screen resolution, and referring URL, collected automatically via cookies and analytics tools.

3. How We Collect Data

• Directly from you — when you register, update your profile, or interact with features.
• Automatically — through cookies, analytics scripts (Google Analytics, Hotjar), and server logs when you browse the Platform.
• From third parties — Stripe provides us with payment confirmation and subscription status updates via webhooks.

4. Purpose & Legal Basis

We process your data under the following legal bases:

• Contract Performance (Art. 6(1)(b) GDPR) — to create and manage your account, provide the Service, and process your subscription.
• Legitimate Interest (Art. 6(1)(f) GDPR) — to analyse usage patterns, improve features, monitor platform health, and prevent abuse. We balance our interest against your rights by minimising data collected and offering opt-outs.
• Consent (Art. 6(1)(a) GDPR) — for optional analytics cookies (Google Analytics, Hotjar). You may grant or withdraw consent at any time via our cookie consent banner.
• Legal Obligation (Art. 6(1)(c) GDPR) — to retain financial records as required by Romanian tax and accounting law.

5. Cookies & Tracking Technologies

We use the following categories of cookies:

You can change your cookie preferences at any time by clearing your browser's localStorage and refreshing the page, which will re-display the consent banner.

6. Third-Party Services & Data Processors

We share data with the following trusted processors:

• Supabase (Cloud Backend) — hosts our database, authentication, and backend functions. Data is stored on cloud infrastructure with encryption at rest and in transit. Supabase Privacy Policy
• Stripe — processes payments and manages subscriptions. Stripe is PCI-DSS Level 1 certified. We do not access or store your full card details. Stripe Privacy Policy
• Google Analytics — analyses website traffic and user behaviour (only with your consent). Google Privacy Policy
• Hotjar — provides session recordings and heatmaps for UX improvement (only with your consent). Hotjar Privacy Policy
• AI Model Providers — AI-powered features (Match IQ, Post-Match Analysis) send match data to third-party AI models via a secure gateway for inference. No personal user data (email, name) is included in AI prompts; only football statistics and match context are transmitted.

7. Data Storage & Security

Your data is stored on cloud infrastructure. All data in transit is protected by TLS (Transport Layer Security) encryption. Data at rest is encrypted using industry-standard algorithms.

Access to personal data is restricted to authorised personnel and systems only. We implement role-based access controls, audit logging, and regular security reviews to minimise risk.

Despite our best efforts, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password for your account.

8. Data Retention

• Account data — retained for as long as your account is active. If you delete your account, personal data is erased within 30 days, except where retention is required by law.
• Usage analytics — retained for up to 24 months, then automatically deleted or anonymised.
• Payment & subscription records — retained for the period required by Romanian fiscal legislation (currently 10 years for accounting documents).
• AI interaction logs — retained for up to 12 months for quality monitoring, then deleted.

9. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
• Restriction — request that we limit how we process your data in certain circumstances.
• Data Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdraw Consent — withdraw consent for optional cookies/tracking at any time without affecting prior lawful processing.

To exercise any of these rights, please email us at contact@matchonai.com. We will respond within 30 days as required by the GDPR.

10. International Data Transfers

Some of our third-party processors (Google, Stripe, AI model providers) may transfer and process data outside the European Economic Area (EEA). Where such transfers occur, they are safeguarded by:

• EU Standard Contractual Clauses (SCCs) adopted by the European Commission.
• Adequacy decisions where applicable.
• The processor's own binding corporate rules or certifications.

11. Children's Privacy

MatchonAI is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at contact@matchonai.com and we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or by email. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact & Supervisory Authority

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:

If you are not satisfied with our response, you have the right to lodge a complaint with the Romanian supervisory authority: