App: Goaldash 26 — Football World Cup 2026 Companion
Bundle ID: com.swapps.goaldash
Version: v1.0
Last updated: 2026-06-03
This Privacy Policy explains how the Goaldash 26 mobile application (the "App") handles your information. It applies to all users who install or use the App on iPhone or iPad.
The App is provided by:
Sascha Wilms ("we", "us", "our")
Augustastraße 176, 45476 Mülheim an der Ruhr, Germany
Email: sas.wilms@gmail.com
We are the controller of personal data within the meaning of Art. 4 (7) GDPR.
If you have any questions about this policy or your data, contact us at sas.wilms@gmail.com.
1. Summary in Plain Language
- We do not require an account. You can use the App anonymously.
- We use Google AdMob to show ads. AdMob is a third-party advertising network operated by Google. With your consent, ads are personalized using your Apple advertising identifier (IDFA).
- We use api-football.com to fetch match data, standings, and player statistics. These requests contain no personal data.
- We use Apple StoreKit to sell the optional Goaldash 26 Pro subscription. Payment data stays with Apple. We never see your credit card or Apple ID password.
- Your favorite teams, settings, and notification preferences are stored locally on your device and do not leave it.
- We do not use analytics SDKs other than what AdMob requires.
- Crash reports are collected by Apple in an aggregated, non-tracking form when you opt in to share with developers in iOS Settings.
2. What Data We Process and Why
2.1 Apple Advertising Identifier (IDFA) — for Personalized Ads
What: A per-device, reset-able identifier provided by iOS (the IDFA).
When: Only after you explicitly grant permission via Apple's App Tracking Transparency (ATT) prompt.
Why: To allow Google AdMob to deliver personalized advertising. If you deny the prompt or have not been asked yet, AdMob receives no IDFA and may show only non-personalized contextual ads.
Legal basis: Your consent — Art. 6 (1)(a) GDPR. You can revoke consent at any time in iOS Settings → Privacy & Security → Tracking → Goaldash 26.
Recipients: Google Ireland Ltd. and Google LLC (United States). Google may transfer this data to countries outside the EEA under the EU–US Data Privacy Framework and / or Standard Contractual Clauses.
Tracking domains that AdMob may contact from your device:
googleads.g.doubleclick.netwww.googleadservices.compagead2.googlesyndication.com
For details on how Google processes ad data, see Google's Privacy Policy at https://policies.google.com/privacy and Google's overview of AdMob data at https://support.google.com/admob/answer/6128543.
2.2 In-App Purchases via Apple StoreKit
What: When you subscribe to Goaldash 26 Pro (com.swapps.goaldash.pro_yearly), Apple processes the purchase. We only receive a signed transaction receipt confirming that an active entitlement exists.
Why: To unlock the Pro features for your Apple ID across your devices.
Legal basis: Performance of contract — Art. 6 (1)(b) GDPR.
Recipients: Apple Inc. (United States). Apple's privacy policy applies to the payment data itself: https://www.apple.com/legal/privacy/.
Retention: Transaction receipts are validated in memory during a session; they are not stored on our servers because we do not operate any servers that receive them.
2.3 Match Data Requests to api-football.com
What: When the App fetches the schedule, standings, top scorers, squads, or live events, it sends HTTPS requests to v3.football.api-sports.io. These requests contain a non-personal API key and the league / season identifier. They do not contain your name, IDFA, IP-based profile, or favorite teams.
Why: To provide up-to-date match information.
Legal basis: Performance of the App's core functionality — Art. 6 (1)(b) GDPR; our legitimate interest in operating the App — Art. 6 (1)(f) GDPR.
Recipients: API-Sports (operated by API-Sports / api-football.com). Your IP address is necessarily transmitted to their server as part of any HTTPS connection.
Provider information: https://www.api-football.com/privacy.
2.4 Local Storage (SwiftData and UserDefaults)
What: Your favorite teams, language preference, ATT decision flag, and similar settings.
Where: Stored locally in SwiftData and Apple UserDefaults. The App declares the API access reason CA92.1 (access to user's own preferences) in its Privacy Manifest.
Sent off device: No. This data never leaves your device, and we never receive it.
Legal basis: Performance of the App's core functionality — Art. 6 (1)(b) GDPR.
2.5 Local Notifications (Kickoff Reminders)
What: When you mark a team as your favorite, the App can schedule local notifications one hour before each of that team's matches. Notifications are scheduled and triggered entirely on your device using Apple's UserNotifications framework. We do not register a push token with our servers.
Why: To remind you about matches you care about.
Legal basis: Your consent given via the iOS notification permission prompt — Art. 6 (1)(a) GDPR.
Recipients: None. Notifications never leave the device.
2.6 Remote Notifications Capability
The App is technically configured for Apple Push Notifications (the aps-environment capability is enabled for future use). As of v1.0 we do not send any remote push notifications and do not collect device push tokens. If we ever activate remote pushes, we will update this policy first and ask for your consent again where required.
2.7 Live Activities
Goaldash 26 may display Live Activities (Lock Screen / Dynamic Island widgets) for matches you follow. Live Activities run entirely on your device through Apple's ActivityKit. No personal data is sent to us.
2.8 Crash Data
If you have opted in to share diagnostics with app developers (iOS Settings → Privacy & Security → Analytics & Improvements → Share with App Developers), Apple may share anonymized, aggregated crash reports with us through App Store Connect. These reports do not contain personally identifiable information and are not used for tracking. This is declared in our Privacy Manifest as CrashData for AppFunctionality.
3. Data We Do Not Collect
We want to be explicit about what is not happening in Goaldash 26:
- We do not require accounts, email addresses, names, or passwords.
- We do not collect contacts, photos, location, calendar, microphone, or camera data.
- We do not run our own analytics SDK (Firebase Analytics, Mixpanel, etc.).
- We do not sell, rent, or trade personal data.
- We do not profile users for purposes beyond AdMob personalized ads (subject to your ATT consent).
4. Children
Goaldash 26 is rated 4+ in the App Store and is suitable for general audiences. We do not knowingly collect personal data from children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided personal data through our App, please contact us so we can take appropriate action.
5. Data Retention
- On-device data (favorites, settings, notification preferences): retained until you delete them in the App, uninstall the App, or reset iOS.
- Transaction receipts processed by StoreKit: handled in memory during a session; not persisted by us.
- Crash data shared via Apple: retained by Apple per Apple's own policies.
- Ad-related identifiers processed by Google AdMob: retained by Google per Google's own policies.
We do not operate servers that store personal data about you.
6. International Data Transfers
Some third parties involved in serving ads and processing payments (Google, Apple) are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), the recipients participate in the EU–US Data Privacy Framework or rely on Standard Contractual Clauses approved by the European Commission. You can request a copy of the relevant safeguards by contacting us.
7. Your Rights Under the GDPR
If the GDPR applies to you, you have the right to:
- Access the personal data we process about you (Art. 15 GDPR).
- Rectify inaccurate data (Art. 16 GDPR).
- Erase data ("right to be forgotten") (Art. 17 GDPR).
- Restrict processing (Art. 18 GDPR).
- Data portability (Art. 20 GDPR).
- Object to processing based on legitimate interests (Art. 21 GDPR).
- Withdraw consent at any time, including consent given through the ATT prompt or notification prompt (Art. 7 (3) GDPR). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Lodge a complaint with a supervisory authority (Art. 77 GDPR). In Germany, the competent authority is the data protection authority of the state in which we are based.
To exercise these rights, write to sas.wilms@gmail.com. We respond within one month and ask for reasonable proof of identity where necessary.
Because we do not maintain user accounts or server-side profiles, the practical scope of an access or deletion request is limited to:
- Data Google holds about ad serving on your device — please contact Google directly via https://policies.google.com/privacy.
- Data Apple holds about your purchases — please use Apple's privacy tools at https://privacy.apple.com.
8. Your Rights Under Other Laws
If you are a California resident, the California Consumer Privacy Act (CCPA / CPRA) gives you similar rights to access, deletion, and opting out of "sale" or "sharing" of personal information. We do not sell personal information in the traditional sense, but the use of advertising identifiers with Google AdMob may qualify as "sharing" under California law. You can opt out at any time by denying or revoking ATT permission in iOS Settings, which prevents the IDFA from being transmitted.
9. Security
All network requests from the App use HTTPS. The App enables Apple's App Transport Security with NSAllowsArbitraryLoads = false. Sensitive operations such as in-app purchases rely on Apple's signed StoreKit infrastructure.
10. Changes to This Policy
We may update this policy when the App or applicable law changes. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted in the App or in the release notes for the next App Store update.
11. Contact
For any privacy-related question, data subject request, or complaint:
Email: sas.wilms@gmail.com
Postal address: Sascha Wilms, Augustastraße 176, 45476 Mülheim an der Ruhr, Germany
End of Privacy Policy v1.0 — Goaldash 26.