This page is maintained by the Brain Foot team to answer common security and privacy questions about Brain Foot. It is editable project content and is not an independent certification or audit.
Brain Foot uses managed authentication with email/password and Google sign-in. Sessions are protected with industry-standard tokens and rotated automatically.
Access to subscription features is enforced server-side based on each user's plan; client-side checks are only used to improve UX.
User profile data (email, subscription plan, AI usage) is stored in our managed backend with row-level security so that each user can only access their own records.
Football data is fetched from third-party providers through a secured server gateway; we do not expose third-party API keys to the browser.
Brain Foot is hosted on the Lovable platform and uses Lovable Cloud for database, authentication, and serverless functions. Lovable provides the underlying infrastructure; the Brain Foot team is responsible for application configuration and content.
This page describes app-visible controls and is not a Lovable certification.
Account data is retained while your account is active. You can request deletion of your account and associated data by contacting us at the address below.
To report a security issue, request data deletion, or ask about privacy practices, contact the Brain Foot team via the support channels listed in your account.