Zomba← Back

Privacy Policy

Last updated: May 2025

1. Who is responsible for your data?

Zomba (zomba.se) is responsible for the processing of your personal data. Contact us at info@zomba.se if you have questions about how we handle your data.

2. What data do we collect?

We collect the data you provide when creating an account and using the service:

  • Email address – used for login and communication.
  • Username – visible to other members in your leagues.
  • Profile picture – optional, visible to league members.
  • Name / nickname – optional, displayed depending on league settings.
  • Picks and points – your results within championships.
  • Chat messages – messages written in the league chat.
  • Technical data – login time, last seen (for online indicator).

3. Why do we process your data?

PurposeLegal basis
Provide the service (login, picks, chat)Contract (terms of service)
Show your results and stats to league membersContract
Send notifications about events in your leaguesLegitimate interest
Prevent abuse and cheatingLegitimate interest

4. Who can see your data?

Your data is not shared with external companies or third parties for marketing or other purposes.

  • League members – can see your username, profile picture, pick results, and chat messages.
  • League administrators – can manage your league membership.
  • Zomba administrators – have technical access for operations and support.
  • Sub-processors – we use Vercel (server hosting) and Neon (database), which process data on our behalf within the EU/EEA or with an adequate level of protection.

5. How long do we store your data?

We store your data for as long as your account is active. If you delete your account, your personal data (email, name, profile picture) will be removed within 30 days. Anonymised statistics (points, rankings) may be retained for historical league records.

6. Cookies

We only use technically necessary cookies to manage your login session. No tracking or advertising cookies are used. You cannot use the service without these cookies as they are required to keep you logged in.

CookiePurposeDuration
authjs.session-tokenKeeps you logged in90 days
authjs.csrf-tokenProtects against CSRF attacksSession

7. Your rights (GDPR)

You have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data (done via settings).
  • Delete your account and your data.
  • Object to processing based on legitimate interest.
  • Data portability – request your data in a machine-readable format.
  • Lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se if you believe we are in breach of GDPR.

Send your request to info@zomba.se. We respond within 30 days.

8. Security

All passwords are stored encrypted (bcrypt). Communication is conducted via HTTPS. The database is isolated and not publicly accessible. We follow industry standards for secure handling of personal data.

9. Changes to this policy

If we make significant changes, we will notify you by email or via a message in the app. The date of the last update is always shown at the top of this page.