Privacy Policy

Last updated: February 2026

1. Who We Are

World Cup Sweepstake 2026 is operated by GiftLode. We are the data controller for personal information collected through this service. You can contact us at hello@giftlode.com.

2. What We Collect

We collect the following personal information:

  • Organisers: Name, email address
  • Participants: Name, email address, phone number, profile photo (optional)
  • Payment data: Processed securely by Stripe. We do not store card numbers — only a reference to the Stripe PaymentIntent.
  • Usage data: Pages visited, device type, and IP address (for rate limiting and security).

3. How We Use Your Data

  • To run and manage your sweepstake (team allocations, eliminations, redraws)
  • To send you SMS notifications about your teams and match results (via Twilio)
  • To send you email updates with detailed information (via SendGrid)
  • To process your entry fee payment (via Stripe)
  • To deliver prizes to winners (via gift card providers)
  • To prevent fraud and abuse (rate limiting, CAPTCHA verification)

4. Third-Party Services

We share data with the following processors:

  • Stripe — Payment processing (name, email, payment details)
  • Twilio — SMS notifications (phone number)
  • SendGrid — Email notifications (email address, name)
  • Google Firebase — Database and file storage (all participant data)
  • Cloudflare — CAPTCHA verification (IP address, browser data)

All processors are GDPR-compliant and process data under data processing agreements.

5. Data Retention

We retain sweepstake data (including draw history) for 12 months after the tournament ends to allow participants to review results. Payment records are retained for 7 years as required by UK tax regulations. You can request deletion of your personal data at any time by contacting us.

6. Your Rights (GDPR)

Under UK/EU data protection law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, email us at hello@giftlode.com.

7. Cookies

We use essential cookies only (session management, admin authentication). We do not use advertising or tracking cookies. Cloudflare Turnstile may set a cookie for CAPTCHA functionality.

8. Security

All data is encrypted in transit (TLS) and at rest (Firebase encryption). Payments use 3D Secure authentication. API endpoints are rate-limited and protected by CAPTCHA. We conduct regular security reviews of our infrastructure.

9. Changes

We may update this policy from time to time. Material changes will be communicated via email. The “Last updated” date at the top indicates when the policy was last revised.