Privacy Policy

Last updated: June 1, 2026

1. What we collect

When you install or use Office World Cup for Slack or Google Chat, we may collect and store:

  • Slack workspace IDs, Google Workspace domain IDs, team/company names, and the selected prediction channel or space
  • Platform user IDs and display names
  • Slack timezone offset and profile title (when available from Slack)
  • Selected or inferred department
  • Google Chat DM space names (so the bot can send prediction reminders after you message the bot)
  • Match predictions, tournament picks, scores, and prediction counts
  • Company and individual leaderboard opt-in preferences
  • Workspace billing tier and Stripe transaction references (we do not store card details)
  • Email addresses submitted through our website (e.g. waitlist or contact forms)

2. What we don't collect

  • We don't read your Slack or Google Chat messages outside direct interactions with the Office World Cup bot
  • We don't track your browsing activity across the web
  • We don't use advertising or tracking cookies on this website
  • We don't store payment card details (all payments are processed by Stripe)
  • We don't sell, rent, or trade your personal data to third parties

3. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance — processing necessary to deliver the prediction pool service you or your workspace signed up for (Article 6(1)(b))
  • Legitimate interests — improving the service, preventing fraud, ensuring security, and displaying aggregated leaderboards (Article 6(1)(f)). We balance these interests against your rights and do not use data in ways you would not reasonably expect.
  • Legal obligation — where we need to retain billing records or respond to lawful requests (Article 6(1)(c))
  • Consent — for optional features such as public individual leaderboard participation, which you can withdraw at any time (Article 6(1)(a))

4. How we use your data

Your data is used to: onboard players, send prediction reminders via DM, calculate and display scores and leaderboards, process tier upgrades, provide support, prevent fraud and abuse, display public leaderboards (where the workspace or player has opted in), and comply with legal obligations.

5. Public leaderboards

If your company or player profile is opted into public leaderboards, public pages may show display name, company name (or a private label if configured), points, prediction count, exact scores, World Cup winner pick, and Golden Boot pick. Public individual leaderboard participation is opt-in. You can opt out at any time from the bot or by contacting us, and your individual data will be removed from public pages.

6. Processors and subprocessors

We use the following categories of third-party providers to operate the service:

  • Messaging platforms — Slack (Salesforce) and Google Chat (Google) for delivering the bot experience
  • Database and hosting — Supabase (database), Railway and Vercel (application hosting)
  • Payments — Stripe for payment processing
  • Match data — football-data.org for live scores and fixtures

These providers process data only as necessary to deliver their respective services. Each has its own privacy policy and data processing terms.

7. International data transfers

Your data may be processed and stored in countries outside your own, including the United States and European Union, by us and our subprocessors listed above. Where data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission's standard contractual clauses (SCCs), adequacy decisions, or the provider's participation in recognised data transfer frameworks. By using the service, you acknowledge that your data may be transferred internationally as described here.

8. Data security

We take reasonable technical and organisational measures to protect your data, including: encryption of sensitive tokens at rest using AES-256-GCM, database-level row-level security policies, HTTPS for all data in transit, and access controls limiting who can access production systems. No system is perfectly secure, and we cannot guarantee absolute security, but we are committed to protecting your data to a standard appropriate for the nature of the service.

9. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected workspace administrators as soon as reasonably practicable and, where required by law, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

10. Google API data

Office World Cup's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google Chat data only to provide and improve the app's user-facing features. We do not use Google Workspace API data for advertising, and we do not sell or transfer Google user data except as necessary to provide the service, comply with law, or protect users.

11. Data retention

Prediction and gameplay data is retained for the duration of the 2026 FIFA World Cup and up to 90 days after the final match for leaderboard display. After that period, player data will be deleted or anonymised. Workspace records, billing status, and Stripe transaction references may be retained for up to 6 years where needed for accounting, tax, security, support, or legal purposes. Email addresses from waitlists or contact forms are retained until you unsubscribe or request deletion.

12. Children's data

Office World Cup is a workplace tool and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

13. Your rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent (e.g. public leaderboard participation), you may withdraw at any time

To exercise any of these rights, email hello@officeworldcup.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK, this is the Information Commissioner's Office).

Uninstalling the app from Slack or Google Chat removes the bot's access to your workspace, but it does not automatically delete historical game or billing records. To request full deletion, contact us.

14. Data processing enquiries

If your organisation requires information about our data processing practices for compliance purposes, contact us at hello@officeworldcup.com and we will do our best to assist.

15. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify affected workspaces via the bot or by email at least 7 days before the changes take effect, unless the change is required for legal compliance or security, in which case it may take effect immediately. The "last updated" date at the top reflects the most recent revision.

16. Data controller and contact

The data controller for Office World Cup is Ioan Djambov. For privacy questions or data requests, contact hello@officeworldcup.com.