Privacy Policy
Last updated: 14 May 2026
This Policy explains how ScoreMatrix collects, uses, discloses, retains, and protects personal data in line with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA), transparency, data minimization, and security principles.
Short summary
We collect only what is reasonably needed for accounts, predictions, leaderboards, missions, rewards, affiliate tracking, security, and communications you choose. We do not sell personal data.
1. Data we collect
- Account data: username, email, encrypted password, language, country, birth year, favorite team, and profile data.
- Activity data: predictions, points, missions, achievements, leaderboards, affiliate activity, and redemption history.
- Technical data: IP address, device/browser, cookies, logs, sessions, and security events.
- Reward delivery data: recipient name, address, phone number, and necessary contact information.
2. Lawful bases
- Contract: account operation, predictions, scoring, rewards, and support.
- Consent: marketing communications or processing that legally requires consent.
- Legitimate interests: security, fraud prevention, service analytics, and product improvement.
- Legal obligation: compliance with lawful orders, accounting, tax, or regulatory requirements.
3. How we use data
- Provide accounts, prediction scoring, leaderboards, missions, affiliate features, and rewards.
- Detect cheating, bots, multi-account abuse, rule breaches, and security risks.
- Communicate service, account, legal, reward, and support updates.
- Create aggregate analytics to improve the product while reducing identifiability where practical.
4. Disclosure
We may share data with necessary processors such as hosting, analytics, email, payment, shipping, support, and fraud-prevention providers under confidentiality and data-processing terms. We may disclose data to authorities when legally required.
5. International transfer
Some providers may be outside Thailand. We use appropriate safeguards under the PDPA, such as contractual controls, security measures, or other legally recognized transfer mechanisms.
6. Retention and security
We retain data only as long as reasonably necessary for the purposes in this Policy, legal compliance, dispute resolution, and fraud prevention, then delete, destroy, or anonymize it. We apply technical and organizational security measures, but no system is 100% secure.
7. Your rights
- You may request access, copy, correction, portability, deletion, destruction, restriction, or objection under the PDPA.
- You may withdraw consent where processing is based on consent, without affecting prior lawful processing.
- You may complain to the Personal Data Protection Committee if you believe processing violates the law.
8. Children and minors
For minors, we may require parental or guardian consent under Thai law and may limit features to protect younger users.
9. Contact
Contact [email protected] for privacy requests. Please provide enough information for verification and request handling.