Privacy Policy
Version 2026-06-16
1. Who is responsible for your data
Center-alfa is currently operated as an early-stage, pre-incorporation project by Rafael Carvalho, an individual based in Munich, Germany, who acts as the data controller for personal data processed through center-alfa.pro (the "Platform"). Center-alfa intends to incorporate a company to operate the Platform; this section will be updated with the company's legal name, registration number, and registered address once incorporation is complete. For any privacy question or to exercise your rights, contact rafael@center-alfa.pro.
2. Scope
This Policy explains how we process personal data of registered users (players, parents/guardians, scouts, agents, academy directors) and of the players whose profiles exist on the Platform, including minors whose profile is created and controlled by a parent or guardian.
3. What personal data we collect
- Account data: name, email address, password (stored as a hash), role, and authentication metadata.
- Player profile data, Tier 1 (visible to any signed-in user): first name, position, age, club, preferred foot, country of residence, minutes played, eligibility status, trust level.
- Player profile data, Tier 2 (hidden by default for minors, released only through an approved access request): full name, performance evidence and metrics, coach and mental assessments, contract details, agent/agency and sponsor information, social media handles, exact residence, height and weight, media, formation history.
- Guardian-relationship data: which adult account is the parent/guardian or owner of which player profile.
- Access-request data: who requested access to a minor's Tier 2 data, the decision, and how many times the data was viewed.
- Technical and usage data collected through cookies and similar technologies (see Section 12).
4. Children's data
Some player profiles belong to children under 18. We process a child's personal data only on the basis of the consent of the parent or legal guardian who creates the account, obtained before the profile is created, in line with Article 8 GDPR and Article 14 of Brazil's LGPD (Law No. 13,709/2018). We do not knowingly allow a child to create their own account.
5. Purposes and legal bases
- Providing the Platform's core functionality (profiles, search, comparison, access requests): performance of our contract with you, or, for a child's data, parental consent.
- Releasing Tier 2 data of a minor to a Requester: each time, the specific, informed authorisation of the Guardian, on a request-by-request and view-limited basis.
- Security, fraud prevention, and enforcing these Terms: our legitimate interest, and the legitimate interest in protecting minors using the Platform.
- Analytics cookies (Google Analytics, Microsoft Clarity): your consent, given or refused through the cookie banner.
- Compliance with legal obligations (e.g. responding to a lawful authority request).
7. International data transfers
Our hosting, database, and analytics providers may process data outside Brazil and outside the European Economic Area. Where this happens, we rely on appropriate safeguards, such as standard contractual clauses, to protect the data to the standard required by GDPR and LGPD.
8. Data retention
We keep account and profile data for as long as the account is active. If a Guardian withdraws consent for a child's profile, or deletes the account, we delete or anonymise the corresponding personal data within a reasonable period, unless we are required to keep it for a legal obligation (for example, to defend against a legal claim). Access-request logs are kept for as long as needed to demonstrate that access to a minor's data was properly authorised.
9. Your rights
Subject to applicable law, you (or, for a child, the Guardian acting on the child's behalf) have the right to: access the personal data we hold about you; correct inaccurate data; delete data ("right to be forgotten"); restrict or object to certain processing; receive your data in a portable format; and withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
Withdrawing consent for a child's data results in the prompt deletion or deactivation of that child's profile.
10. How to exercise your rights
Send your request to rafael@center-alfa.pro. We may need to verify your identity, or the Guardian's relationship to the child, before acting on the request. We act on deletion ("right to be forgotten") requests within 24 hours of verifying the request, except for data we are legally required to retain. An in-app option to delete your account directly may also be offered as the Platform develops.
11. Security
We use technical measures such as row-level access control and server-side data masking to ensure that Tier 2 data of a minor is only readable by the Guardian or by a Requester with an active, approved, and unexhausted access grant. No system is completely secure, and we encourage you to use a strong, unique password.
13. Specific protections for children
A child's Tier 2 data is never shown to a Requester without a specific, view-limited approval from the Guardian. The Guardian may revoke an approval, deny future requests, or delete the child's profile entirely at any time. When the player turns 18, control over their data passes to the player themself.
15. Changes to this Policy
We may update this Policy from time to time. We will indicate the current version date below and, for material changes, ask you to accept the updated Policy again.
16. Contact
Questions about this Policy can be sent to rafael@center-alfa.pro.