Privacy Policy

---

Privacy Policy for Best XI Fantasy
Effective date: 12 May 2025

1. Who we are

Best XI Fantasy (“Best XI”, “we”, “us”) is published by Best XI Fantasy LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you install or use the Best XI mobile application or visit related websites (collectively, the “Services”).

Contact:
Email — Bestxifantasy@gmail.com
Postal — Best XI Fantasy LLC, 1001 2ND Ave New Hyde Park, New York 11040-4979, United States

2. Information we collect

Category

Examples

Purpose

Account data

Display name, email address, password hash, age bracket thru birth year, favourite club, location ,avatar settings are used within App to provide personalised services along with core feature of the app . Create & secure your account, show profile, COPPA gating

Gameplay data

Squad selections, league membership, match points, Coins balance, boosters, chat messages

Run core fantasy game features, leaderboards, sync across devices

Device & log data

IP address, device model, OS version, app version, crash logs, Firebase Installation ID

App performance, diagnostics, fraud prevention

Usage analytics

Screens viewed, buttons tapped, session length (via Firebase Analytics)

Feature improvement, aggregate statistics

Push-notification tokens

FCM token, AWS SNS device ARN

Deliver real-time alerts (goals, deadlines)

Optional social data

Contacts you invite, social-media handle for sharing cards

Social features, referrals

Support data

Emails, screenshots, error descriptions

Respond to help requests

We do not collect government ID numbers, precise GPS location, biometric identifiers, or payment-card details (in-app purchases are processed by Google Play or Apple Pay; we receive a non-reversible transaction token only).

3. How we use information

Provide and maintain the fantasy-game platform

Authenticate users and secure sessions (TLS 1.3)
Sync your roster, Coins, and boosters across devices
Send opt-in push notifications for match events and app updates
Enforce our Terms of Service, detect cheating or abuse
Analyse anonymised usage to improve UX, stability, and accessibility
Comply with legal obligations (e.g., accounting, child-protection laws)
4. Legal bases (EU GDPR)

Contract performance — operating the fantasy game you requested
Legitimate interests — security, fraud prevention, service analytics
Consent — marketing emails, push notifications, under-13 parental approval
Legal obligation — bookkeeping, rights of data subjects
5. When we share information

We never sell personal data. We share only as needed:

Recipient

Reason

AWS (RDS PostgreSQL, S3, SNS, EventBridge)

Cloud hosting, authentication, notifications

Firebase (Analytics, Cloud Messaging, Crashlytics)

Usage statistics, push tokens, crash reports

Google Play Services

In-app purchase fulfilment

Service providers under NDA (e.g., customer-support platform)

Help-desk ticket handling

Law enforcement / regulators

When legally required or to protect rights, users, or property

All vendors process data strictly on our instructions and under data-processing agreements that contain EU-standard contractual clauses where applicable.

6. International transfers

Servers are hosted in AWS us-east-1 (N. Virginia, USA). If you reside outside the USA, your data will be transferred and stored there under appropriate safeguards (SCCs, encryption in transit and at rest).

7. Retention

Account data is kept while you hold an account plus 30 days after deletion (to allow recovery on request). Gameplay data becomes anonymous after 90 days. Crash logs are retained 24 months. Aggregated analytics may be stored indefinitely but cannot be traced back to you.

8. Security

We use industry-standard safeguards:

AES-256 encryption at rest
TLS 1.3/HTTPS in transit
Least-privilege IAM roles
Automated vulnerability scans & annual penetration testing
No method is 100 % secure, but we constantly review and improve our defences.
9. Your choices & rights

Profile controls — edit display name, avatar, favourite club inside the app.
Notifications — toggle push alerts in Settings or device OS controls.
Marketing — opt-out links in every email.
Data access/portability — request a CSV of your personal data.
Deletion — delete account in Settings; irreversible after 30 days.
GDPR / CCPA — right to rectify, restrict, object, or lodge a complaint with your local authority.
We honour signals sent via the “Do Not Sell or Share My Personal Information” toggle for California residents; Best XI does not sell or share data for cross-context advertising.
10. Children’s privacy (COPPA)

Best XI is rated Everyone 10+. Users under 13 require parental email verification and see restricted social features (no global chat, public avatar gallery, or outbound links). We delete under-13 data if parental consent is not obtained within 14 days.

11. Policy updates

We may update this Privacy Policy to reflect new features or legal requirements. We will post changes in-app and, if the update is material, email registered users at least 7 days before it takes effect. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

Have questions? Need to exercise a privacy right? Email us at Bestxifantasy@gmail.com