Privacy Policy

Version 1.0.0 · Last updated: April 22, 2026

Introduction

Gelotto ("we," "our," or "us") operates the ScoreFace Apple Watch application (the "App"). This Privacy Policy explains what information the App and its supporting backend collect, how that information is used, and the rights you have over it. By installing or using the App, you agree to the practices described here.

What we collect

ScoreFace is designed to collect as little information as technically possible. There are no accounts, no sign-in, no email, and no name. We do not collect your location, contacts, health data, advertising identifiers, or any analytics events.

The App collects and transmits the following, plus minimal technical metadata (such as the app bundle identifier) required to route push notifications to your device:

Anonymous user identifier. A randomly-generated UUID created on your device and stored in the iOS Keychain. It is not derived from and never linked to your Apple ID, email, phone number, or any other personal identifier. It persists across reinstalls so that your push-notification subscription is not duplicated.
Apple Push Notification service (APNs) device token. Collected only if you enable push notifications in the App. The token is a device-specific identifier issued by Apple; we use it solely to deliver notifications you have asked for.
Notification preferences. Which teams you have pinned and which event types (game start, close game, final score) you want notifications for. Sent to our backend so we know which notifications to send to your device.

This data is sent over HTTPS to our notification service at api.scoreface.gelotto.io and stored in a private database keyed by the anonymous UUID. We do not store IP addresses beyond the duration of an individual HTTP request.

What we do not collect

Name, email address, phone number, or postal address.
Location, GPS, or motion data.
HealthKit data.
Contacts, calendar, or photos.
Advertising identifiers (IDFA) or any cross-app tracking signals.
Crash reports or analytics sent to any third party.
Your pinned teams or preferences, unless you enable push notifications.

Third parties

The App interacts with the following external services:

ESPN public scoreboard API (espn.com) — used to fetch game scores. Requests from the App contain no personal information; ESPN receives only a standard HTTP request for public sports data.
Apple Push Notification service (APNs) — the transport Apple provides for sending notifications to your device. Governed by Apple's privacy policy.
Apple App Store & StoreKit — handle the one-time in-app purchase. Apple processes payment; we receive only a transaction receipt confirming the unlock was purchased. We do not see your payment details.

We do not use any third-party analytics SDKs, advertising networks, tracking pixels, or crash-reporting services.

Retention and deletion

If you have enabled push notifications and later disable them in the App's Settings, your subscription record (anonymous UUID, device token, and preferences) is deleted from our backend. The same applies if Apple reports your device token as invalid, expired, or unregistered — our backend deletes the row automatically.

If you never enable push notifications, we never receive any data from you and have nothing to delete.

Your rights

Because we do not collect personally identifiable information, we cannot identify you from any record we hold. To exercise a right of deletion under the GDPR, CCPA, or similar law, disabling push notifications in the App removes the only record that exists. If you would like written confirmation or have any question, email us at the address below.

Children's privacy

The App is rated 4+ and is not directed at children under 13. We do not knowingly collect any data from children under 13. If you believe a child has used the App in a way that caused data to be transmitted, contact us and we will delete any record on request.

Security

All data in transit is protected by TLS. Our backend database is accessible only to Gelotto-controlled infrastructure. Because the data we hold is not personally identifying, the impact of a breach would be limited to invalid APNs tokens.

Changes to this policy

We may update this Privacy Policy from time to time. The version and last-updated date at the top of this page will always reflect the current version. Material changes will be accompanied by a version bump.

Contact

Questions about this Privacy Policy can be directed to admin@gelotto.io.