Privacy Policy

  • Effective 7 April 2026
  • We collect only what we need to run the service.

Who we are

FormIndex.bet is a football data product providing fixtures, results, standings, odds, and saved favourites.

If you have questions about this policy or your personal data, contact admin@formindex.live.

What we collect

We try to keep the data footprint narrow and tied directly to operating the service.

Account data

When you create an account, we store your email address, encrypted password, and basic authentication and security data such as sign-in history, password reset tokens, and two-factor authentication settings if you enable them.

Connected sign-in providers

If you connect Google or Microsoft, we store the provider identifier needed to let you sign in or link that provider to your account. We may also store the email address returned by the provider where needed for account matching and identity management.

Saved favourites

Any leagues, teams, or countries you save as favourites are stored in our database so the product can surface them for you across sessions.

How we use your data

We use personal data only where it is needed to provide, secure, support, and improve the service.

  • To create and secure your account
  • To let you sign in, including through connected identity providers
  • To store and restore your saved favourites across sessions
  • To provide customer support
  • To detect misuse, protect the service, and investigate failures
  • To understand product usage if you consent to analytics cookies

Legal bases for processing

Where GDPR or similar laws apply, we rely on a limited set of legal bases depending on the activity involved.

  • Contract — to create your account, provide the service, and deliver core product functionality
  • Legitimate interests — to secure the service, prevent abuse, investigate failures, and operate the platform responsibly
  • Consent — for analytics and session replay technologies that only run after you accept analytics cookies
  • Legal obligation — where we need to retain or disclose limited information to comply with applicable law

Analytics, session replay, and consent

We use PostHog in an EU-hosted environment to understand how the product is used and to investigate product issues.

What runs only after consent

Analytics and session replay are loaded only after you accept analytics cookies. If you decline, PostHog is not loaded in the browser.

What PostHog receives

If analytics is enabled, PostHog may receive page views, navigation events, technical usage data, and session replay data. Session replay is configured with input masking so typed form values are not recorded in clear text.

How signed-in users are identified

In the browser, signed-in users are identified to PostHog by an internal user ID rather than by their email address. The application is also configured to strip common email and name fields from PostHog event properties before events are sent.

Error and exception context

We use telemetry and error reporting features to understand failures affecting the service. Those systems may include technical context linked to an internal account identifier so we can diagnose account-specific issues without relying on your email address in normal analytics events.

Cookies

We use a small number of cookies and try to keep them functional rather than intrusive.

  • Authentication cookies used to keep you signed in securely
  • A cookie storing your analytics consent choice
  • PostHog cookies only if you accept analytics cookies
  • Security-related cookies such as trusted device state for two-factor authentication where applicable

We do not use advertising cookies and we do not run cross-site behavioural advertising.

Third-party services

A limited number of external providers help us run the product.

Service Purpose Data involved Location
PostHog EU Cloud Analytics, session replay, and product telemetry Usage data, internal user ID, technical event context EU
Google, Microsoft Optional sign-in and account linking Authentication identifiers and basic account-matching data Per provider

Data retention

We keep data only for as long as it is needed to operate the service, meet legal obligations, and protect the platform.

Live account data

Account records, saved favourites, and connected sign-in records are retained while your account remains active.

After account deletion

When your account deletion request is processed, your account data is removed from the live application database. Some limited records may persist for a short period in backups, processor logs, or security and audit systems where operationally necessary or legally required.

Provider-specific deletion

If a connected sign-in provider is removed, we remove the provider integration data for that connection without automatically deleting the rest of your FormIndex account.

Your rights

If you are in the EU or another jurisdiction with equivalent protections, you may have rights over your personal data.

  • Access — ask what personal data we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — delete your account from account settings or ask us to help
  • Objection or restriction — object to or request restriction of certain processing where applicable
  • Consent withdrawal — withdraw analytics consent by changing your cookie choice

To exercise privacy rights, email admin@formindex.live with the subject line [GDPR REQUEST].

What we do not do

We try to keep the service restrained and predictable.

  • We do not sell your personal data
  • We do not run advertising profiles based on your activity
  • We do not store full payment card details ourselves
  • We do not treat your account data as advertising inventory

Changes to this policy

If we make material changes, we will update the effective date on this page and may notify users through the service or by email where appropriate.