Scorpii Score respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use: The Scorpii Score iOS application The Scorpii Score Android application The web application available at https://scorpiiscore.com 1. Data Controller Scorpii Score is operated by: Calgra Group Holdings Limited Registered in: United Kingdom Company Number: [SC837895] Contact Email: callum@calgra.com For the purposes of UK GDPR and EU GDPR, Calgra Group Holdings Limited is the Data Controller of your personal data. 2. Scope This Privacy Policy applies to all Scorpii Score applications and services. It does not apply to third-party websites or services that may be linked from within the app. 3. Personal Data We Collect A. Information You Provide We may collect: Username Email address Gender (optional) Country of residence (optional – localisation purposes) Favourite football club (optional – content personalisation) Communications you send to us Communications submitted to the in-app AI Chatbot Registration is optional; however, certain features require an account. B. Automatically Collected Information We may automatically collect: Device type Operating system Unique device identifiers (e.g., IDFA, GAID) IP address Browser type (web users) Usage patterns and interaction data Crash diagnostics C. Cookies & Tracking Technologies We use: Browser cookies (web users) SDK-based tracking technologies (mobile users) Analytics providers such as Google Firebase You can control cookies via browser settings and certain tracking via device privacy settings. 4. Legal Bases for Processing We process personal data under the following lawful bases: Contract Performance To: Create and manage your account Deliver app functionality Provide AI chatbot responses Consent To: Send marketing communications (if opted in) Enable optional personalisation features Use certain tracking technologies You may withdraw consent at any time. Legal Obligation To comply with applicable legal and regulatory requirements. Legitimate Interests To: Improve app performance Enhance AI system functionality Analyse anonymised usage trends Prevent fraud and misuse Maintain system security Where relying on legitimate interests, we conduct a balancing assessment. You have the right to object to processing based on legitimate interests. 5. How We Use Your Data We use personal data to: Operate and maintain the app Provide support services Personalise in-app content Improve system performance Monitor usage trends Deliver AI-powered assistance Prevent fraud or misuse Send marketing communications (where consented) We do not use personal data for unrelated purposes. 6. In-App AI Chatbot Scorpii Score includes an AI-powered chatbot feature designed to assist users. Data Collected When interacting with the AI Chatbot, we collect: Messages you submit AI-generated responses Interaction timestamps Session-level technical metadata External AI Processing Provider The AI Chatbot uses an external API provider. We use one or more of the following providers; Anthropic, Google Gemini or OpenAI. When you interact with the chatbot: Your submitted messages may be transmitted securely to the external AI provider The provider processes the request and returns a response Data is transmitted using encrypted channels The AI provider does not use submitted data to train its general models. The external provider acts as a data processor under contractual data protection obligations. Purpose of Processing We process chatbot interaction data to: Provide AI-driven responses Improve response quality and contextual relevance Monitor system performance Prevent misuse or abuse Data Security & Access Chatbot communications are encrypted in transit and at rest Stored chatbot logs are secured within UK/EU infrastructure Access is restricted to authorised personnel only Data is not accessible at a personal level for profiling or commercial exploitation Model Improvement & Retention Chatbot interaction data may be: Logged Stored Used to improve chatbot accuracy Where feasible, interaction data is aggregated, pseudonymised, or anonymised. Retention period for chatbot interaction logs: until account deletion and/or within 12 months. The AI Chatbot does not make automated decisions producing legal or similarly significant effects. 7. Proprietary Business Intelligence System Scorpii Score operates a proprietary internal Business Intelligence (“BI”) system. Nature of Data Used The BI system processes: Aggregated usage statistics Anonymised behavioural metrics Feature interaction data System performance indicators Personal data is anonymised or pseudonymised before analysis where appropriate. Purpose The BI system is used exclusively for: Product improvement Feature optimisation Performance monitoring Strategic development Data Protection Measures BI data outputs do not identify individual users The BI system is encrypted and hosted within secure UK/EU infrastructure BI insights are accessible only to authorised internal personnel BI-derived insights are not sold, licensed, or shared with third parties 8. Data Retention We retain personal data: While your account remains active For up to 12 months after deletion Longer if required by law After this period, data is securely deleted or anonymised. 9. International Data Transfers Primary storage occurs in: The United Kingdom The European Union Where personal data is transferred outside these regions (e.g., to AI or analytics providers), we rely on: UK International Data Transfer Agreements (IDTA) EU Standard Contractual Clauses (SCCs) Adequacy decisions 10. Third-Party Service Providers We may share data with: Cloud hosting providers; Amazon Web Services, Microsoft Azure, Google Cloud, Hetzner and Hostinger Analytics providers; Google Firebase AI processing provider: Anthropic, Google Gemini, OpenAI Email communication providers: Twilio SendGrid Payment processors (if applicable: Apple in-app purchase (iOS only), Android in-app purchase (Android only), Stripe (web app only) All third parties are contractually bound to process data only under our instructions. We do not sell personal data. 11. Security Measures We implement: Encryption (TLS/SSL) Encryption at rest Role-based access controls Regular security audits Vulnerability testing No system can guarantee absolute security. 12. Data Breach Procedures In the event of a breach: We will investigate and mitigate risks Notify regulators where required Inform affected users where legally required 13. Children’s Privacy Scorpii Score is not intended for children under 13 years of age. We do not knowingly collect data from children under 13. For users in the EEA, the applicable age threshold may be up to 16 depending on local law. 14. Your Data Protection Rights (UK/EU) You have the right to: Access Rectification Erasure Restrict processing Object to processing Data portability Withdraw consent To exercise your rights: callum@calgra.com We respond within 30 days. 15. Right to Lodge a Complaint UK residents may complain to: Information Commissioner’s Office (ICO) https://ico.org.uk EEA residents may contact their local supervisory authority. 16. California Privacy Rights California residents may have rights under CCPA/CPRA, including: Right to know Right to delete Right to correct Right to opt out of sale/sharing Scorpii Score does not sell personal information. To exercise California rights: callum@calgra.com 17. Marketing Communications You may opt out of marketing communications at any time via: The unsubscribe link Contacting privacy@scorpiiscore.com Service-related communications cannot be opted out of. 18. Changes to This Policy We may update this policy periodically. Material changes will be communicated via: In-app notification Email (if appropriate) The updated version will always display the “Last Updated” date.