Legal
Privacy Policy
Last updated: December 2024
1. Introduction
This Privacy Policy explains how ScoutInstant ("we", "us", "our") collects, processes, stores, and protects personal data when users access or use the website scoutinstant.com and the ScoutInstant SaaS platform ("Service"). ScoutInstant is operated by a Greece-based company and complies with:
- EU General Data Protection Regulation (GDPR)
- Greek Law 4624/2019
- ePrivacy Directive
- Applicable global data protection standards
By using ScoutInstant, you agree to the practices described in this Privacy Policy.
2. Data Controller & Contact Information
Data Controller
ScoutInstant Email: info@scoutinstant.com
Supervisory Authority (GDPR)
Hellenic Data Protection Authority (HDPA) Website: https://www.dpa.gr
3. Types of Data We Collect
3.1 Account & Identity Data
Name, Email address, Account credentials, Organization/club/team details, Role (e.g., scout, analyst, coach)
3.2 Subscription & Billing Data
Processed via Viva Wallet (PSD2-compliant). We receive limited billing identifiers (payment status, invoice info). We do not store card details.
3.3 Usage & Platform Data
Dashboard interactions, Player searches, filters, match views, AI query logs, Generated report identifiers, Activity logs, IP address, Authentication logs, Device data
3.4 AI Interaction Logs
When using AI features, we may process: Prompts you enter, AI-generated responses, Metadata (timestamps, system usage, model type). AI Providers used: OpenAI, Anthropic. Processed solely to provide the service, improve model reliability, and maintain security.
3.5 Football Data (Non-Personal)
ScoutInstant processes: Public football match data, Player event data, Tactical and statistical data, Performance analytics. These are public domain or licensed datasets, not personal data under GDPR.
3.6 Support Communications
Emails, Chat messages, Bug reports
4. Special Categories of DataImportant
ScoutInstant does not process special category (Art. 9 GDPR) data, such as:
- Health/medical data
- Biometric identifiers
- Sensitive personal assessments
Users must not upload such data into the platform.
5. Legal Basis for Processing (Art. 6 GDPR)
We process data under the following lawful bases:
| Purpose | Legal Basis / Retention |
|---|---|
| Account creation & authentication | Contract (Art. 6(1)(b)) |
| Subscription & billing | Contract (Art. 6(1)(b)) |
| Platform operation & security | Legitimate interest (Art. 6(1)(f)) |
| AI insights & analytics generation | Contract (Art. 6(1)(b)) |
| Logging & fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Email communication | Legitimate interest or consent |
| Marketing communication | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
6. How We Use Your DataImportant
We use personal data to:
- Provide the ScoutInstant service
- Generate AI-driven reports, insights, summaries
- Authenticate and secure user accounts
- Deliver subscription services
- Analyze platform usage (internal, non-cookie analytics)
- Detect abuse and ensure service integrity
- Communicate support and product updates
- Improve model accuracy and feature quality
- Comply with legal obligations
We never sell personal data.
7. Data Sharing & Sub-Processors
We share personal data with essential service providers:
All sub-processors implement strong security and GDPR-compliant measures.
7.1 Hosting
Hetzner (EU/Germany) — servers, backups, operational hosting
7.2 Payments
Viva Wallet (EU) — subscription payments, invoices
7.3 Email Provider
Google Workspace — transactional emails
7.4 AI Providers
OpenAI, Anthropic
8. International Data Transfers
AI providers (OpenAI, Anthropic) may process data outside the EU. Where transfers occur, we rely on:
- Standard Contractual Clauses (SCCs)
- GDPR-compliant transfer safeguards
- Additional technical and contractual protections
9. Data Retention
We retain data only as long as needed:
| Purpose | Legal Basis / Retention |
|---|---|
| Account data | While account is active |
| Billing records | 10 years (Greek tax law) |
| AI logs | 12–24 months (security & quality) |
| Support communications | 24 months |
| Backups | Up to 30 days |
Users may request deletion at any time.
10. Security Measures (Art. 32 GDPR)
We implement:
- Encrypted databases (AES-256)
- HTTPS/TLS encryption
- Access control & role-based permissions
- 2FA for admin accounts
- Firewall & intrusion monitoring
- Regular vulnerability testing
- Data minimization practices
- Server isolation at Hetzner
11. User Rights (GDPR)
You have the following rights:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Data portability (Art. 20)
- Objection (Art. 21)
- Withdraw consent at any time
- Lodge complaint with HDPA
To exercise rights, email: info@scoutinstant.com
12. Children's Privacy
ScoutInstant is not intended for children under 16. We do not knowingly collect data from minors.
13. Updates to This Policy
We may update this Privacy Policy. Material changes will be announced on the website or via email.
14. Cookie Policy
This section explains how ScoutInstant uses cookies and similar technologies on scoutinstant.com, in compliance with GDPR, ePrivacy Directive, and Greek Law 3471/2006.
You may withdraw consent anytime via Cookie settings panel or clearing cookies in your browser.
14.1 What Are Cookies?
Cookies are small text files stored on your device to help websites function, improve performance, or remember user preferences. We use only a minimal set of cookies.
14.2 Strictly Necessary Cookies
Required for: Login & authentication, Session management, Security, Subscription management. These do not require consent.
14.3 Analytics Cookies
ScoutInstant uses internal analytics only (Python logs), not third-party tracking cookies. No Google Analytics, no marketing pixels.
14.4 Preference Cookies
Used for: Language or locale preferences, UI settings.
14.5 Marketing Cookies
ScoutInstant currently uses no marketing or advertising cookies.
15. Data Processing Agreement (DPA)
Compliant with Art. 28 GDPR. This Data Processing Agreement is between the Controller (Client using ScoutInstant) and Processor (ScoutInstant, Greece-based).
15.1 Nature & Purpose of Processing
Processing includes: Account management, Subscription access, Analytics & AI insights, Report generation, Security logging.
15.2 Categories of Data Subjects
Users (scouts, analysts, staff), Club/team representatives.
15.3 Processor Obligations
ScoutInstant agrees to: Process data only on documented instructions, Maintain confidentiality, Implement TOMs, Assist Controller with data subject rights, Notify breaches within 48 hours, Delete or return data at contract end, Allow audits (reasonable, scheduled).
15.4 Authorized Sub-Processors
Hetzner (EU hosting), Viva Wallet (billing), Google Workspace (email), OpenAI (AI processing), Anthropic (AI processing).
15.5 End-of-Contract Deletion
Upon termination, ScoutInstant deletes or returns all personal data within 60 days unless legally required to retain some records.
16. Refund Policy
ScoutInstant is a subscription-based SaaS. Payments are handled through Viva Wallet.
16.1 Free Trials
If offered, free trials allow evaluation before purchase. Once a subscription starts, charges apply.
16.2 Refund Eligibility
Refunds are provided only when legally required, especially under EU Consumer Rights Directive and Greek consumer protection law.
16.3 Non-Refundable
Refunds are not granted for: Partial use, User error, Change of mind after renewal, Unused time in a billing period, AI outputs being inaccurate or incomplete.
16.4 EU Consumer Right of Withdrawal
If you are an EU consumer (non-business): You may withdraw within 14 days, unless you explicitly agree to immediate access. If you start using the service, the withdrawal right may no longer apply.
16.5 Billing Disputes
Contact us within 30 days if you believe a billing error occurred.
17. Acceptable Use Policy (AUP)Required
This AUP ensures safe, lawful, and respectful use of the ScoutInstant platform.
17.1 Prohibited Activities
Users must not: Scrape or extract data, Copy or clone the platform, Reverse engineer or bypass security, Share login credentials, Overload, attack, or stress-test the service, Resell, sub-license, or redistribute without permission, Inject malicious code, Upload unlawful or harmful content, Attempt to access data of other users.
17.2 Football-Specific Restrictions
Users must not use ScoutInstant for: Gambling, Betting, Match-fixing, Illegal competitive manipulation.
17.3 AI Usage Rules
You may not: Input confidential player medical data, Attempt to extract model weights or system prompts, Abuse AI features for spam or malicious activity.
17.4 API Usage (If enabled)
Respect rate limits. No third-party redistribution. No automated extraction of underlying datasets.
17.5 Consequences
Violations may result in: Suspension, Permanent termination, Legal action, IP blocking.
18. Service Level Agreement (SLA)
ScoutInstant targets 99% uptime per calendar month.
18.1 Covered Services
Dashboard, API (if enabled), AI analytics, Real-time event feeds, Reporting tools.
18.2 Exclusions
The SLA does not cover outages caused by: Force majeure, Internet provider issues, Hetzner outages, Maintenance windows, Integrations (OpenAI, Anthropic), DDoS attacks, User misuse.
18.3 Maintenance Windows
Planned maintenance: Announced at least 24 hours in advance, Typically during low-traffic hours. Emergency maintenance may occur without notice.
18.4 Support Response Times
Critical outage: < 4 hours, Major issue: < 12 hours, Standard issue: < 24 hours, Minor inquiry: < 48 hours.
18.5 Service Credits
If uptime drops below 99%: 98%–99% = 5% credit, 95%–98% = 10% credit, < 95% = 25% credit. Credits apply to next billing cycle. No cash refunds.
18.6 Enterprise Add-Ons
Enterprise customers may request: Custom SLA, Dedicated support, Custom data integrations, Higher uptime commitments.
19. Contact Information
For privacy inquiries, data requests, or support: