LAST DANCE2026

Privacy Notice

Last updated: June 2026

1. Who we are

Last Dance 2026 ("we", "us") operates the website at lastdance2026.com and is the data controller for the personal data described in this Notice.

2. Data we collect

  • Account data: email address, password hash, first name, last name, country, chosen "legend".
  • Activity data: match predictions, prediction outcomes, leaderboard standing.
  • Purchase metadata: for Premium Legacy Card purchases — order ID, environment, amount, currency, status (active/revoked). Payment card data is collected and processed directly by Paddle; we never see it.
  • Technical data: IP address, device/browser type, log timestamps for security and abuse prevention.

3. Why we use it (legal bases)

  • To provide the Service (contract): account creation, saving predictions, generating your Legacy Card, unlocking Premium after purchase.
  • To keep the Service safe (legitimate interests): rate limiting, fraud and abuse detection, security logging.
  • To improve the Service (legitimate interests): aggregate, non-identifying analytics on usage.
  • To comply with law (legal obligation): responding to lawful requests.

4. Who we share it with

  • Paddle.com Inc. — our Merchant of Record. Paddle processes payments, calculates taxes, issues invoices and handles refund requests. See Paddle's privacy notice for details.
  • Hosting and infrastructure providers — Supabase (database, authentication) and Lovable / Cloudflare (hosting, edge runtime).
  • Authorities — where required to comply with applicable law.

5. Retention

We keep your account data while your account is active and for a reasonable period afterward to handle support and legal obligations. Purchase records are retained for at least 7 years for accounting purposes. You can request deletion of your account at any time (purchase records may be retained as required by law).

6. Your rights

Depending on your jurisdiction (including UK/EEA under GDPR) you have rights to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent where consent is the legal basis. You also have the right to complain to your national supervisory authority. We respond to requests within one month.

7. International transfers

Our service providers may store and process data outside your country. Where required by law (e.g. UK/EEA), we rely on appropriate safeguards such as Standard Contractual Clauses and adequacy decisions.

8. Security

We use industry-standard technical and organisational measures including encryption in transit, hashed passwords, row-level access controls, and least-privilege service credentials. No system is perfectly secure — please use a strong, unique password.

9. Cookies

We use only essential cookies and local storage required to keep you signed in and to remember your daily prediction streak. We do not use marketing or third-party tracking cookies.

10. Contact

For privacy questions or to exercise any of the rights above, contact us via our support channels listed on the homepage.