Pick & Go
Pick & Go
Rugby Prediction Markets

Draft — pending legal review

This page contains placeholder copy written by the engineering team. It is not legal advice and has not been reviewed by an attorney. The final version will be prepared by qualified legal counsel before launch.

Privacy Policy

Last updated: 21 April 2026

This Privacy Policy explains how Up and Under Fantasy Sports (Pty) Ltd (“we”, “us”) handles personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).

1. Information we collect

  • Account information: email address, chosen display name.
  • Profile preferences: favourite teams, competitions followed, experience level (captured during onboarding).
  • Gameplay data: slips you build, picks, XP balance, settlement history.
  • Device and usage data: IP address, browser, device type, pages visited, referrer (only if you grant analytics consent).
  • Referral data: your referral code and the codes of users who referred you.

2. How we use your information

  • Deliver the service (authentication, slip settlement, leaderboards).
  • Send transactional emails (settlement notifications, password resets).
  • Analyse product usage to improve the platform (only with your consent).
  • Prevent abuse and enforce our Terms.

3. Third-party processors

We share data with the following service providers, each of whom processes information on our behalf under appropriate data-processing agreements:

  • Supabase (hosting, authentication, database)
  • Vercel (application hosting)
  • Resend (transactional email delivery)
  • PostHog (product analytics — only if you grant analytics consent)
  • Oval Insights (rugby fixture and player data — flowing into us, not from us)

4. Cookies and similar technologies

We use cookies for essential service functionality (authentication, session management) and, with your consent, for product analytics. See our Cookie Policy for the complete list and how to manage preferences.

5. Data retention

We retain account data for as long as your account is active. After account deletion, we retain minimal records (user ID, settlement ledger entries) for up to seven years to meet financial and audit obligations, after which the records are anonymised.

6. Your POPIA rights

Under POPIA you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information (subject to our retention obligations).
  • Object to processing based on legitimate interest.
  • Lodge a complaint with the Information Regulator.

To exercise these rights email privacy@upandunder.co.za. We will respond within 30 days.

7. Children

The service is restricted to users aged 18 and over. We do not knowingly collect information from children. If you believe a child has created an account, contact us and we will delete it.

8. International transfers

Some of our processors (Vercel, Supabase, PostHog) operate data centres outside South Africa. Where data is transferred internationally, we rely on standard contractual safeguards to ensure equivalent protection.

9. Security

We protect personal information using encryption in transit, role-based access controls, and audit logging. No system is perfectly secure — you should also use a unique password and keep your email account protected.

10. Changes

We may update this policy from time to time. Material changes will be notified via email or in-app notice.