Privacy Policy

Global Flag Recruit ("we", "us", "our") is a global recruitment and networking platform for the flag football community. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services at globalflagrecruit.com.

**Account Data:** Email address and password (encrypted), name, nationality, country, city, date of birth and gender (optional), profile photo. **Profile Data:** Entity type (athlete, team, coach, etc.), sports-related information, bio, social media links, highlight videos. **Activity Data:** Messages sent and received, job postings and applications, shortlisted profiles and notes. **Technical Data:** IP address, browser type, device information, cookies and session data for authentication. **Future — Payment Data:** When subscription plans are available, payments will be processed by a PCI-DSS compliant provider (e.g., Stripe). We will never store your full credit card number, CVV, or banking credentials on our servers.

• To create and maintain your account and profile • To enable communication between users (messaging, job applications) • To display your profile to other users for recruitment purposes • To send transactional emails (notifications, password resets) • To improve our platform and fix issues • To process payments and manage subscriptions (future) • To comply with legal obligations

**Consent:** You provide consent when creating an account and agreeing to these terms. **Contract performance:** Processing necessary to provide our services. **Legitimate interest:** Platform security, fraud prevention, and service improvement. **Legal obligation:** Compliance with applicable laws.

We do not sell your personal data. We may share data with: • **Other users:** Your profile information is visible to registered users for recruitment purposes. • **Service providers:** Supabase (authentication/database), Resend (email), Vercel (hosting), and future payment processors. • **Legal authorities:** When required by law or to protect our rights.

• Data is stored on servers in the United States (Supabase / AWS). • Passwords are hashed and never stored in plain text. • All connections use HTTPS/TLS encryption. • Authentication uses secure session tokens with automatic expiration. • Profile photos are stored in encrypted cloud storage with access controls.

Under LGPD (Brazil), GDPR (EU), and similar laws, you have the right to: • **Access:** Request a copy of all data we hold about you. • **Correction:** Update or correct your personal data via your profile. • **Deletion:** Request permanent deletion of your account and all associated data. • **Portability:** Export your data in a machine-readable format. • **Withdrawal of consent:** Withdraw consent at any time by deleting your account. • **Objection:** Object to data processing based on legitimate interest. To exercise these rights, use the account settings in your profile or contact us at globalflagnetwork@gmail.com.

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies.

You must be at least 16 years old to create an account. If you are between 16 and 18, you confirm that you have parental or guardian consent. We do not knowingly collect data from children under 16.

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days, except where retention is required by law.

Your data may be transferred to and processed in countries outside your country of residence (including the United States). We ensure appropriate safeguards are in place in compliance with LGPD and GDPR.

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the platform. Continued use after changes constitutes acceptance.

For questions, requests, or complaints regarding your data, contact our Data Protection Officer at: **Email:** globalflagnetwork@gmail.com