Skip to main content
UltimatePrediction

Legal

Privacy Policy

Last updated: 18 April 2026

Who we are

This Privacy Policy applies to the UltimatePrediction mobile application (“Application”) and the website at ultimateprediction.com (“Site”). The Application is provided by Michael Strong (“we”, “us”, or “Service Provider”), based in New Zealand, as a commercial service. The Application is provided “as is” alongside the commitments in this policy.

This policy is provided for transparency and to support app store requirements. It is not legal advice; consider independent review for your situation.

Scope

This policy covers personal information we collect through the Application, the Site (including the form to be notified when the app is available on the App Store and/or Google Play), and related infrastructure described below. It does not cover third-party sites or services that we do not control.

Information you provide

  • Account and profile: When you create or upgrade an account, we process information you submit (for example display name, first name, and surname when you provide them—all stored in Supabase with your profile—plus email address or authentication details from Sign in with Apple or email sign-in, depending on the options you choose).
  • Gameplay data: Predictions, league participation, and related activity you save in the Application are stored as described under Supabase below.
  • Launch list (Site): If you submit your email on the Site, we store that address only to send you a notification when UltimatePrediction becomes available on the Apple App Store, Google Play, or both (for example one email with store links when the app goes live). We do not use that email for any other reason (including general product updates, newsletters, unrelated marketing, or resale). We treat duplicate submissions as idempotent (we do not reveal whether an address was already on the list). We delete your address from the notify list after the launch notification has been sent. You may also ask us to remove it earlier—contact help@ultimateprediction.com and we will do so within a reasonable time.
  • Support and communications: If you contact us, we use your message and contact details to respond.

You may use parts of the Application without registering a full account. In that case the Application creates an anonymous session: you have a server-side user id (for example in Supabase) so predictions and profile data can be saved, but you have not signed in with email, Sign in with Apple, or another recoverable sign-in method we offer. Your ability to use the app as the same user on that install depends on session credentials stored on the device, as described under Data stored on your device below.

If you provide profile information such as display name, first name, or surname (for example during onboarding or account setup), we store it in Supabase with your profile. Some features may require signing in with a recoverable account.

Data stored on your device

The Application stores session and account-related credentials on your device using secure storage (for example the system keychain or platform secure storage) so you can stay signed in without entering your password every time. Uninstalling the Application or clearing the Application's data from your device removes that local information. Data we hold on our servers is still governed by the rest of this policy (including retention and deletion on request where applicable).

If you use the Application only with an anonymous session (you are not signed in with email, Sign in with Apple, or another recoverable sign-in we support), then after you uninstall the Application or delete its data from your device, you will no longer be able to access that same anonymous account—the credentials that identified you on that device are gone, and there is no separate sign-in to recover them. If you use a recoverable sign-in, you can usually install the Application again and sign back in to reach the data tied to that account.

Information collected automatically

In addition to what you enter, we and our service providers may process:

  • Device and app diagnostics: Such as device type, operating system, app version, and technical identifiers useful for security and troubleshooting.
  • Usage analytics: In-app events (for example screens viewed, gameplay actions, and onboarding steps) sent to PostHog as described below.
  • Error reports: Crashes and certain errors may be reported through PostHog to help us fix issues.
  • Optional session replay (mobile): When enabled in our build configuration, PostHog may record short session replays of the Application. We configure masking for text fields, images, and sandboxed views; replay may still include coarse interaction and timing data. You can stop all such collection by uninstalling the Application.
  • Network metadata: When session replay is enabled, our configuration may include network telemetry associated with replay. Standard internet communications also generate data such as IP addresses, which may appear in server or provider logs (for example on Vercel or Supabase).
  • Hashed identifiers in events: Some analytics events use a one-way hash of an email address (for example around password reset) rather than the raw email, to reduce direct exposure in analytics while still allowing funnel analysis.

Location

We do not collect precise real-time location from your device for tracking purposes. Coarse location may still be inferred from IP address by infrastructure or analytics providers.

Supabase

We use Supabase to host authentication, application data, and databases backing the Application and Site features. Categories of data typically held in Supabase include: account identifiers; session tokens (stored securely on your device); your display name, first name, and surname when you provide them, and other profile fields you provide; predictions and league data; and email addresses submitted through the Site notify form for app store launch notifications only.

Supabase processes this information as a processor/infrastructure provider according to their agreements and privacy policy. Data may be stored in the region configured for our Supabase project.

PostHog (analytics and diagnostics)

We use PostHog for product analytics, error reporting, and (when enabled) mobile session replay. Event data is sent to PostHog's service (we configure EU ingestion endpoints such as eu.i.posthog.com). PostHog receives event payloads and device-related metadata needed for analytics.

For more detail, see PostHog's privacy policy and data processing documentation.

Vercel (hosting and abuse protection)

We use Vercel to host the Site and to run server-side logic (for example the notify form). Vercel processes requests and associated metadata (such as IP addresses and headers) as part of hosting.

We use Vercel BotID on the Site to help protect forms (including POST requests to the homepage) from automated abuse. That may involve bot-related signals processed by Vercel as described in their documentation.

How we use information

We use personal information to:

  • Provide, operate, and improve the Application and Site;
  • Authenticate users, maintain sessions, and secure accounts;
  • Store and display your predictions and league activity;
  • Send app store launch notifications only to addresses that joined the Site notify list for that purpose (not for any other use);
  • Diagnose crashes, fix bugs, and understand feature usage;
  • Comply with law, enforce our terms, and protect rights and safety;
  • Communicate important notices about the service (for example security or policy changes).

We do not sell your personal information. We do not share it with advertisers for their own marketing.

When we share information

We share information with:

  • Service providers that process data on our behalf and are contractually or professionally bound to appropriate confidentiality and security obligations (including Supabase, PostHog, and Vercel as described above);
  • Authorities when required by law, legal process, or to protect vital interests, or when we reasonably believe disclosure is necessary to investigate fraud or abuse.

International transfers

Our service providers may process data in New Zealand, the European Union, the United States, or other countries where they operate. Those countries may have different data protection rules. Where required, we rely on appropriate safeguards described in provider documentation (such as standard contractual clauses).

Retention

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Analytics and diagnostic data may be retained according to PostHog settings and product documentation. Server logs on Vercel typically follow Vercel's retention practices.

You can stop collection from the Application by uninstalling it. Deleting your account or specific data may require a request as described below.

Email addresses on the Site notify list are deleted after the launch notification has been sent, or earlier if you request removal, as described under Launch list (Site) above.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. New Zealand residents may have privacy rights under the Privacy Act 2020. If you are in the EU or UK, GDPR or UK GDPR may apply to some processing.

To exercise rights, ask about your data, or get product help, email help@ultimateprediction.com. We will respond within a reasonable time.

Children and minimum age

UltimatePrediction is intended for users who are 13 years of age or older. If you are under 13, please do not use the Application or provide personal information to us. The Application is not directed at children under 13, and we do not knowingly solicit personal information from children for marketing. If you believe someone under 13 has provided us personal information, contact help@ultimateprediction.com and we will take appropriate steps.

If you are between 13 and the age of majority where you live, you should review these terms with a parent or guardian. If you are in a jurisdiction that requires a higher age for valid consent to processing (for example 16 in some countries), you must meet that requirement or have a parent or guardian act on your behalf where applicable law requires it.

Security

We use technical and organizational measures appropriate to the risk, including access controls and secure transport.

Cookies and local storage (Site)

The Site may use cookies, local storage, or similar technologies required for operation, security (including abuse protection), or preferences. Browser controls may limit some technologies.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the “Last updated” date. If changes are material, we will take additional steps where appropriate (for example a notice in the Application or by email for significant changes to how we use personal information).

Contact

Privacy questions, data requests, and general support: help@ultimateprediction.com