Official privacy policy

Copa Fut Privacy Policy

This Privacy Policy explains how Copa Fut processes personal data in accounts, authentication, competitions, teams, athletes, refereeing, registrations, public pages, media, notifications, and legal-acceptance records. Copa Fut may share data with providers needed to operate the service, such as social-login, file storage, push notifications, email delivery, and technical infrastructure providers, as well as with authorities when required by law or for the regular exercise of rights. Data is kept for as long as necessary for the purposes described, service security, preservation of sports history, and compliance with legal obligations. You may exercise the rights available under the LGPD, including access, correction, anonymization, blocking, deletion, portability where applicable, information about sharing, objection, and withdrawal of consent when relevant, through `suporte@copafut.com.br`.

Copa Fut Privacy Policy Document version: 2026-04-18 Last updated: April 18, 2026 Product: Copa Fut Public domain: https://www.copafut.com.br Contact: suporte@copafut.com.br

1. Introduction

This Privacy Policy explains how Copa Fut processes personal data in the context of football and futsal league and championship management, including user accounts, authentication, sessions, teams, athletes, refereeing, matches, registrations, posts, media, notifications, and public pages.

This policy uses the Brazilian General Data Protection Law (LGPD, Law No. 13.709/2018) as its main reference.

When we use the term “you” in this policy, it may refer both to the user who directly accesses Copa Fut and to the person whose data is entered into the platform by leagues, organizers, teams, guardians, or other authorized users in the context of a competition.

2. Scope of this policy

This policy applies to personal data processing carried out in:

  • Copa Fut public pages and public links;
  • web and mobile applications;
  • account creation, authentication, and security flows;
  • management of leagues, championships, teams, athletes, refereeing, matches, media, and posts;
  • public and authenticated registration flows;
  • notifications and transactional communications;
  • support flows;
  • legal-document acceptance records.

3. Personal data we may process

Depending on the feature used, Copa Fut may process categories of data such as:

  • account and registration data, such as name, username, email address, password in hashed form, profile picture, bio, CPF, phone or WhatsApp number, date of birth, authentication provider, identifier associated with Google login, email-verification status, and last-access information;
  • authentication and session data, such as session identifiers, refresh token, expiration timestamps, IP address, user agent, and authentication and security events;
  • device and notification data, such as push token, device platform, and operational notification preferences;
  • sports and operational data, such as leagues, championships, teams, rosters, staff, matches, standings, refereeing, suspensions, reports, statistics, posts, and media;
  • athlete data, such as name, nickname, position, photo, date of birth, CPF, RG, federation registration, sports category, team links, and sports history;
  • refereeing data, such as name, photo, phone number, email address, match history, certifications, and, where applicable, links and files related to certification documents;
  • registration and public-page data, such as guardian/contact name, email, phone number, rule acceptance, registration token, and other data submitted through public or authenticated flows;
  • support and communication data, such as messages, support records, and transactional emails;
  • usage and audit data, such as event timestamps, action origin, technical request identifiers, operational logs, and records needed for security, support, and legal-acceptance history;
  • files and media, such as avatars, photos, logos, crests, and other uploaded files.

In this version, Copa Fut does not describe standard collection of biometric data, facial recognition, or cross-site behavioral advertising as a confirmed product practice.

4. How data may be collected

Data may be collected:

  • directly from you, when you create an account, log in, edit your profile, use product features, upload files, request support, or accept legal documents;
  • from third parties chosen by you or required by the service, such as Google in social login;
  • automatically, through technical, session, security, infrastructure, notification, and application-operation logs;
  • from other users, administrators, organizers, teams, or guardians who create or update data related to competitions, athletes, refereeing, media, and registrations.

5. Processing purposes and legal bases

Copa Fut may process personal data to:

  • create, authenticate, and maintain user accounts;
  • enable local login, Google login, password reset, and session maintenance;
  • operate leagues, championships, teams, athletes, refereeing, matches, reports, posts, media, and other administrative and sports features of the product;
  • send transactional and operational communications, such as password reset messages, security confirmations, service-related notices, and push notifications when enabled;
  • store and deliver files and media needed for the operation of the product;
  • record security events, abuse prevention, incident detection, technical traceability, and legal defense;
  • record legal-document acceptances and maintain an audit history of those acceptances;
  • comply with legal, regulatory, contractual obligations and valid authority requests.

The applicable legal bases may include, depending on the case, contract performance and pre-contractual steps related to the service, legitimate interest, legal or regulatory obligation, regular exercise of rights, and, where required, consent.

Where consent is the appropriate legal basis, it should be obtained in a manner compatible with the LGPD and with the context of the relevant feature.

6. Data sharing

Copa Fut may share personal data with:

  • Google, when you choose social login or when Google login validation is required;
  • storage, file-delivery, and cloud infrastructure providers, including Cloudflare R2 and related services;
  • Expo and related services, for push-notification delivery;
  • email providers and SMTP infrastructure, for transactional and operational communications;
  • hosting, security, observability, technical-support, and service-continuity providers, always on a need-to-know basis;
  • public, administrative, or judicial authorities, where there is a legal obligation, a valid order, or a need for the regular exercise of rights.

7. International transfers

Some providers and processors used by Copa Fut may process data outside Brazil, including operations related to Google login, cloud infrastructure, push notifications, web analytics and performance measurement, and email delivery.

In these cases, Copa Fut seeks to adopt contractual, organizational, and security measures compatible with applicable law.

8. Public pages and public sharing

Copa Fut has public pages, public links, and public-sharing features related to leagues, championships, teams, matches, standings, posts, registrations, and other content connected to sports operations.

When these features are used, data and content related to the competition may become accessible outside authenticated areas of the platform.

Depending on the feature context and the data entered into the platform, this may include sports, operational, registration, and media information related to competitions, teams, athletes, refereeing, registrations, and published content.

Anyone who enters, updates, or publishes personal data of third parties on Copa Fut is responsible for ensuring they have authorization, representation, or another applicable legal basis for that processing and for any public disclosure of that data.

9. Legal-document acceptance

Copa Fut maintains published legal documents and records acceptances in signup flows and, where applicable, in authenticated contractual-update flows.

These acceptance records may include, depending on the applicable flow:

  • the type and identifier of the accepted document;
  • the document version;
  • the corresponding public URL;
  • the date and time of acceptance;
  • the event origin;
  • the displayed language;
  • the request correlationId;
  • the user agent;
  • a cryptographic representation of the IP address.

Copa Fut keeps these records for audit, security, traceability, and the regular exercise of rights.

10. Retention, deletion, and anonymization

Copa Fut may keep personal data for as long as necessary to:

  • operate the account and available features;
  • preserve sports history and the operational integrity of the service;
  • maintain technical, security, and legal-defense records;
  • comply with legal, regulatory, and contractual obligations.

When an account is deleted through the product’s own flow, Copa Fut currently adopts measures such as anonymizing core profile fields, invalidating persisted sessions, and deactivating linked push devices.

At the same time:

  • historical relationships tied to sports operations may remain;
  • certain files, backups, and technical traces may follow their own operational retention and deletion cycles.

11. Security

Copa Fut adopts technical and organizational measures compatible with the nature of the service, including authentication and access controls, password storage in hashed form, authenticated-session management, backend validations, permission-based segregation, and technical and operational records for investigation and support.

No system is completely invulnerable. For that reason, although Copa Fut seeks to reduce the risks of unauthorized access, loss, alteration, or improper disclosure, absolute security cannot be guaranteed.

12. Cookies, similar technologies, and notifications

In the web environment, Copa Fut may use cookies and similar technologies to maintain interface preferences, measure performance, understand service usage, and support platform operations.

In the mobile application, Copa Fut may use permissions and technical identifiers needed for app functionality, such as authenticated sessions and push notifications.

You can manage cookies in your browser and device permissions in your device settings. Disabling certain technologies may affect service functionality.

13. Children and teenagers

Copa Fut may be used to manage competitions involving children and teenagers.

In these cases, personal data may be entered and managed by leagues, organizers, teams, guardians, or other authorized users in the context of the competition.

Processing of this data must comply with applicable law and, in the case of children, with the child’s best interests. Where the law requires specific guardian consent or another valid form of legal representation, this must take place before the data is submitted to the platform.

14. Data-subject rights

Under the LGPD, and subject to applicable legal limitations, you may request:

  • confirmation that processing exists;
  • access to personal data;
  • correction of incomplete, inaccurate, or outdated data;
  • anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
  • portability, where applicable and subject to regulation;
  • information about sharing with public and private entities;
  • information about the possibility of refusing consent and the consequences of refusal, where consent is the legal basis;
  • withdrawal of consent, where applicable;
  • objection to unlawful processing;
  • petition before the ANPD.

To exercise your rights or send privacy-related requests, contact suporte@copafut.com.br.

15. Contact

Questions about this Privacy Policy and requests related to personal data may be sent to suporte@copafut.com.br.

16. Changes to this policy

Copa Fut may update this Privacy Policy to reflect legal, regulatory, operational, technical, or product changes.

Where applicable, a new version may be published with a new document version, and the product may require renewed acceptance in specific flows.