Bolão Elite
Legal document

Privacy Policy

This policy describes how Bolão Elite collects, uses, shares and protects your personal data, in compliance with the Brazilian General Data Protection Law (LGPD, Law 13,709/2018) and with the Google Play Store policies.

Last updated: April 21, 2026

The Brazilian Portuguese version of this policy is the reference version and prevails in case of any discrepancy with the translations.

1. Introduction and who we are

Bolão Elite is a football pool platform available via website (bolaoelite.com.br) and Android app. By using our services, you agree to this Privacy Policy.

Data controller: Bolão Elite — contact available in section 13.

2. Data we collect

We collect the following data to operate the service:

Account information:

  • Full name
  • E-mail address
  • Tax ID — CPF (optional — required only to receive Pix prizes)
  • Phone (optional)
  • Profile photo (avatar, optional)
  • Password (stored with a cryptographic hash)

Technical identifiers:

  • Anonymous external ID (UUID) generated by the system
  • Push notification token (FCM) for sending alerts
  • Access IP address
  • Device information: model, operating system, app version

Usage data:

  • Pools created and participations
  • Predictions made
  • Ranking and achievement history
  • Premium subscriptions purchased

Diagnostic data:

  • Crash reports via Sentry
  • Aggregated usage metrics via Firebase Analytics

We do not collect: the device's precise location, contacts, gallery photos (beyond the one you send as an avatar), microphone, camera or credit card financial data (those stay exclusively with our Asaas gateway).

3. Purposes — what we use your data for

  • Identification and authentication: name, email, password, UUID — to create and access your account.
  • Service operation: pool, prediction and ranking data — for the platform to work.
  • Notifications: FCM token and email — for prediction reminders, achievements and relevant announcements.
  • Free plan monetization: advertising identifiers — to display ads via Google AdMob.
  • Premium subscription: name, email, tax ID — to process billing via the Asaas gateway.
  • Official pool prizes: name and tax ID (when provided) — to transfer Pix prizes as per the Regulations.
  • Security and fraud detection: IP, device info, logs — to protect the account and the platform.
  • Continuous improvement: aggregated analytics and crash reports — to fix bugs and improve the service.

4. Legal basis (LGPD art. 7)

We process your data based on the following legal grounds:

  • Performance of a contract (art. 7, V) — operation of the account, pools, predictions and Premium subscription.
  • Compliance with a legal obligation (art. 7, II) — retention of fiscal and tax records.
  • Legitimate interest (art. 7, IX) — fraud prevention, security and non-identifiable aggregated analytics.
  • Consent (art. 7, I) — sending push notifications and marketing communications (where applicable, with an opt-out option).

5. Sharing with third parties

We share data only with services essential to the operation of the platform:

  • Google Firebase (FCM + Analytics) — push token and aggregated usage metrics. Purpose: sending notifications and improving the service. Policy: firebase.google.com/support/privacy.
  • Google AdMob — the device's advertising identifier. Purpose: displaying personalized ads for free-plan users. Policy: policies.google.com/privacy.
  • Sentry — error logs and device information. Purpose: diagnosing crashes and bugs. Policy: sentry.io/privacy.
  • Asaas (payment gateway) — name, email, tax ID and billing data. Purpose: processing Premium subscriptions. Policy: asaas.com/politica-de-privacidade.
  • Brevo (formerly Sendinblue) — name and email. Purpose: sending transactional emails (account confirmation, password recovery). Policy: brevo.com/legal/privacypolicy.

We do not sell, rent or transfer your personal data for the commercial purposes of third parties.

6. International data transfer

Some of the third-party services listed above (Firebase, AdMob, Sentry) keep servers outside Brazil, mainly in the United States. As per LGPD art. 33, this international transfer takes place to countries that provide an adequate level of protection or based on standard contractual clauses that ensure compliance with Brazilian law.

7. Data retention and deletion

We keep your data for the following periods:

  • While the account is active: all account, pool, prediction and ranking data.
  • After account deletion: personal data removed within 30 days.
  • Financial records of subscriptions and Pix prizes: 5 years, due to a fiscal obligation (Brazilian National Tax Code).
  • Anonymized access and security logs: 6 months, due to a legal obligation (Brazilian Internet Civil Framework, art. 15).
  • Crash reports (Sentry): 90 days, then discarded automatically.

To request account deletion at any time, go to bolaoelite.com.br/excluir-conta.

8. Your rights (LGPD art. 18)

You may, at any time, exercise the following rights:

  • Confirmation of the existence of processing — to know whether we process your data.
  • Access to the data — to obtain a copy of the data we keep about you.
  • Correction — to correct incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion — of unnecessary, excessive data or data processed in non-compliance.
  • Portability — to receive your data in a structured format.
  • Deletion — of data processed based on your consent.
  • Information about sharing — with whom we share your data (see section 5).
  • Withdrawal of consent — at any time.
  • Review of automated decisions — that affect your interests.

To exercise any of these rights, get in touch via the email suporte@bolaoelite.com.br. We will reply within 15 business days, as per LGPD art. 19.

9. Cookies and similar technologies

On the website we use essential technical cookies for operation (login session, preferences). We also use Firebase Analytics and Google AdMob (the latter only in the public, logged-out area), which may use third-party cookies for metrics and advertising.

In the Android app, we use the Advertising ID provided by the system for AdMob ad personalization (users can disable it via Android Settings → Google → Ads).

10. Minors

Bolão Elite is intended for users 18 years or older, as per our Terms of Use. In Brazil, the app is rated 14 years by the Indicative Rating Coordination (ClassInd) — a decision that considers the contest elements with Pix prizes present in official pools. In other regions the rating may be different (PEGI 3 in Europe, Everyone in the US).

We do not knowingly collect data from children under 14. If you are responsible for a child and believe they have provided us with data, get in touch via the email in section 13 for immediate deletion.

11. Data security

We apply reasonable technical and organizational measures:

  • Encryption in transit: all communication via HTTPS/TLS.
  • Encryption at rest on the device: authentication tokens stored in Keychain (iOS) / Keystore (Android) via expo-secure-store.
  • Password hashing: passwords are never stored in plain text.
  • Role-based authorization (RBAC): restricted access to administrative features.
  • Security monitoring: access logs and anomaly detection.
  • Optional biometric login: an additional layer of protection in the mobile app.

Despite these measures, no system is 100% secure. In the event of a security incident that may affect you, we will notify you as per LGPD art. 48.

12. Changes to this policy

This Policy may be updated periodically to reflect changes in our services or legal requirements. When there are material changes, we will notify you by email or a highlighted notice in the app and on the website. The "Last updated" date at the top indicates when the current version took effect.

13. Contact and data officer

To exercise your rights (LGPD art. 18), ask questions about this Policy or report incidents:

Contact channels:

See also our Terms of Use and the Regulations of the Prize Pools.