Privacy Policy
Last updated: 2026-06-04
1. Introduction
Insamlingsstiftelsen Bonito Foundation, a Swedish nonprofit organization with organization number 802482‑6136 ("Bonito", "we", "us", or "our"), is committed to protecting the privacy of our donors, supporters, community members, users, and website visitors.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws.
Bonito acts as the data controller for personal data processed in connection with https://bonito.football and Bonito Hub (https://hub.bonito.football).
If you have questions or want to exercise your rights, contact us at legal@bonito.football (see Section 13).
2. Scope
This Privacy Policy applies to:
- bonito.football — our public website, including content republished from Bonito Hub
- hub.bonito.football — Bonito Hub, our platform for people and organizations in football for good
- Bonito Community — our invitation‑only community hosted on Circle
- Newsletter, donations, and support — services we offer through third‑party providers
- Direct communications — when you contact us by email or other channels
A separate disclosure about the publishing certificate (utgivningsbevis) covering bonito.football appears in Section 9.
3. Information We Collect
3.1 Newsletter subscription
- Email address
3.2 Bonito Hub account
Required to create an account:
- Primary email address (used to sign in)
- First name
- Last name
- Birthdate (used to confirm you meet the minimum age of 16)
Special-category data:
- Gender identity — collected only if you choose to provide it when editing your profile. This is special category personal data under Article 9(1) of the GDPR. You can withdraw consent at any time by clearing the field in profile settings, after which we will delete the value.
Optional, added during onboarding or profile editing:
- Professional headline
- Workplace / Organization name
- Profile picture
- Location at the level of a country, state, or city. We store the place name, the country and state metadata, and the Google Places identifier and centroid coordinates that Google returns for the place you select. Our location search does not accept street addresses or precise points — you cannot give us a more granular location than a city. The location data is obtained from Google's Places API (see Section 7).
- One or more additional verified email addresses — used to match invitations sent to alternate addresses, to support identity verification, and to alert you if someone attempts to sign in via one of your additional addresses. Additional emails are not used for sign-in.
- Football profile classifications (e.g., role, program areas)
- Social and professional links (e.g., LinkedIn, personal website)
- Communication preferences (e.g., openness to volunteering, job opportunities)
From LinkedIn verification (optional):
- Verified first and last name
- LinkedIn profile picture
- LinkedIn profile URL (vanity name)
- LinkedIn‑verified email address
- LinkedIn user identifier (the OpenID Connect sub value) — a stable identifier that lets us recognize the same LinkedIn account across verification attempts and prevent abuse. We do not share this identifier outside Bonito. It is deleted when you disconnect LinkedIn or delete your account.
Collected automatically:
- IP address (retained for up to 30 days for activity tracking and up to 90 days in the security event log — see Section 11)
- Last active timestamp
- Browser and device metadata
- Pseudonymous internal identifier for analytics
3.3 Organization profiles
If you create or manage an Organization profile on Bonito Hub, we collect organization information you provide (description, mission, contact details, website, donation links, logos, classifications). Organization profiles are intended to be public directory entries.
3.4 Community platform
The Bonito Community on Circle is currently in a limited pre-launch with selected pilot users and will open to all Bonito Hub members in the third quarter of 2026. When you apply for and join the Community:
- First name
- Last name
- Email address
- Profile picture
- Location (country and city)
- Profile information you choose to share with the Community
3.5 Donor platform
When you click the donate button, the donation form is rendered by Fundraise Up directly in your browser. The data you enter — first name, last name, email address, donation amount, and payment details — is submitted directly to Fundraise Up; Bonito does not receive or store your payment details such as credit card information.
3.6 User support
When you contact us via support@bonito.football or in‑product support channels:
- Name
- Email address
- Content of your support inquiry
3.7 Organization verification documents
When an Organization on Bonito Hub uploads supporting documents to verify its legitimacy, we collect:
- The document file itself (PDF, JPEG, PNG, or WebP, up to 15 MB)
- The document type (certificate of registration, tax-exempt or charity status letter, annual report, governing document, or other)
- Optional document metadata (issue date, issuing authority, uploader notes)
- The identity of the uploading user and the timestamp
- Internal review notes and rejection reasons (where applicable), produced by Bonito staff during review
Verification documents may contain personal data about third parties (for example, directors named on a certificate of registration, or signatories on a governing document). The uploading Organization warrants that it has the legal basis and authority to share that data with us for verification purposes.
Verification documents are stored in a separate private cloud storage bucket, are never served via our public content delivery network, and are accessible only to Bonito platform administrators for review.
4. Legal Bases for Processing
Under GDPR Article 6, we rely on the following legal bases:
| Processing | Legal basis |
|---|---|
| Creating and operating your Bonito Hub account | Contract (Art. 6(1)(b)) — necessary to provide the Services you've requested |
| Sending the newsletter | Consent (Art. 6(1)(a)) — given at sign‑up, withdrawable at any time |
| LinkedIn verification | Consent (Art. 6(1)(a)) — given by completing the LinkedIn authorisation flow |
| Community platform participation | Contract (Art. 6(1)(b)) — necessary to provide the Community |
| Processing donations | Contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) — accounting and tax law |
| User support | Legitimate interest (Art. 6(1)(f)) — responding to your inquiries |
| Product analytics and error monitoring | Legitimate interest (Art. 6(1)(f)) — operating and improving the Services |
| Security monitoring (IP logging, abuse prevention) | Legitimate interest (Art. 6(1)(f)) — protecting users and the Services |
| AI processing (see Section 6) | Legitimate interest (Art. 6(1)(f)) |
| Editorial publishing on bonito.football covered by our publishing certificate (utgivningsbevis) | Processing for journalistic purposes, which is exempted from GDPR by Article 85 GDPR as implemented in Sweden through the Freedom of the Press Act (tryckfrihetsförordningen) and Fundamental Law on Freedom of Expression (yttrandefrihetsgrundlagen), in conjunction with Chapter 1, Section 7 of the Swedish Data Protection Act (lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning). The Article 6 and Article 9 bases listed elsewhere in this Policy do not apply to that processing |
| Processing gender identity | Explicit consent (Art. 9(2)(a)) — given by your affirmative act of selecting a value in the optional gender field after reading the in-form description of why we collect it; withdrawable at any time by clearing the field. |
| Processing organization verification documents | Legitimate interest (Art. 6(1)(f)) — verifying that Organizations on Bonito Hub are legitimate, protecting other users and donors from fraud or misrepresentation |
You can ask for more details on our legitimate‑interest assessments by contacting legal@bonito.football.
5. How We Use Your Information
We use the information described above for the following purposes:
- Operating the Services — running your Bonito Hub account, maintaining Organization profiles, processing applications and invitations, providing the Community
- Communications — sending newsletters (with consent), responding to support inquiries, sending transactional emails (magic links, notifications)
- Trust and verification — confirming identity via LinkedIn, supporting the Organization's claim, preventing fraud and abuse
- Improvement and analysis — understanding how users interact with the Services, diagnosing errors, and improving features
- Editorial and storytelling — creating case studies, reports, and newsletter features about Organizations and programs (within the Services and, where appropriate, on bonito.football)
- Legal and safety — complying with legal obligations, responding to lawful requests from authorities, protecting Bonito and others from harm
- AI‑supported operations — see Section 6
6. AI Processing
Bonito uses AI tools to support its operations, including content creation (e.g., drafting newsletter and case‑study content), internal analysis (e.g., reviewing patterns across Organizations in the directory), and product features. Where AI processing touches your personal data, the legal basis is our legitimate interest in operating, analyzing, and improving the Services (GDPR Article 6(1)(f)).
We use the following AI providers:
- AWS Bedrock (Amazon Web Services EMEA SARL), hosted in the eu-north-1 (Stockholm) region. The foundation model invoked through Bedrock is Anthropic Claude. Bedrock invocations stay entirely within AWS infrastructure under our existing AWS Data Processing Agreement; the underlying model providers (including Anthropic) do not see or train on the data.
- Anthropic Claude (Anthropic, PBC) — used by Bonito staff for content creation and analysis. Anthropic is US‑based; transfers are protected by Standard Contractual Clauses. Anthropic does not train its models on data submitted through our account.
- OpenAI ChatGPT (OpenAI OpCo, LLC) — used by Bonito staff for content creation and analysis. OpenAI is US‑based; transfers are protected by Standard Contractual Clauses. OpenAI does not train its models on data submitted through our account.
Bonito does not sell your Content to AI providers, license it as a stand‑alone dataset, or permit AI providers to use your Content to train their own general‑purpose models. We restrict by internal policy what categories of personal data may be processed through consumer AI tools. We do not send raw personal data — names, email addresses, or individual profile records — to the AI providers.
7. Service Providers and International Transfers
We work with the following service providers in connection with the Services. Most of them process personal data on Bonito's behalf as our processors, under written data processing agreements. A small number of providers also act as independent controllers for some of their own operational uses of personal data (for example, payment-service compliance or platform-security intelligence) in addition to processing data on our behalf. Where this applies, we identify the provider in Section 7.5.
Some providers are based outside the European Economic Area (EEA); for those, we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework (DPF) to safeguard your data.
7.1 EU‑based providers (no international transfer)
| Provider | Purpose | Location | More information |
|---|---|---|---|
| Microsoft Azure | Application hosting | Sweden Central | azure.microsoft.com/privacy |
| Neon | Database | EU | neon.com/privacy-policy |
| AWS S3 | File storage (profile pictures, logos) | eu-north-1 (Stockholm) | aws.amazon.com/privacy |
| AWS Bedrock | AI processing | eu-north-1 (Stockholm) | aws.amazon.com/privacy |
| Lettermint | Transactional email (magic links, notifications) | EU | lettermint.co |
| TwicPics | Image CDN and transformation | France | twicpics.com/privacy |
| Algolia | Search index for content published on bonito.football and Organization data from Bonito Hub | EU | algolia.com/policies/privacy |
| Plausible Analytics | Anonymous web analytics | Germany | plausible.io/data-policy |
| PostHog | Product analytics (pseudonymized) | EU | posthog.com/privacy |
| Sentry | Application error monitoring | EU | sentry.io/privacy |
| Platform.sh SAS | Application hosting | EU | upsun.com/trust-center/privacy/privacy-notice/ |
| New Relic | Application performance monitoring (response times, throughput, error rates) | EU | newrelic.com/termsandconditions/services-notices |
7.2 Non‑EU providers (with safeguards)
| Provider | Purpose | Location | Safeguards | More information |
|---|---|---|---|---|
| Mailchimp | Newsletter | US | SCCs, DPF | mailchimp.com/legal |
| Circle.so | Community platform | US | SCCs | circle.so/privacy, circle.so/dpa |
| Fundraise Up | Donations | US | SCCs | fundraiseup.com/privacy |
| Intercom | User support | US | SCCs, DPF | intercom.com/legal/privacy |
| Cloudflare | DNS, CDN, web‑application firewall, Turnstile bot protection | US HQ, EU edge | SCCs | cloudflare.com/privacypolicy |
| Anthropic | AI tools (Claude) used by staff | US | SCCs | anthropic.com/legal/privacy |
| OpenAI | AI tools (ChatGPT) used by staff | US | SCCs | openai.com/policies/privacy-policy |
| Userback | In-product feedback widget — captures the user's feedback message, optional screenshot, browser and device metadata, and the URL of the page where feedback was given | Australia | SCCs (UK IDTA-equivalent / Australian APP cross-border safeguards) | userback.io/privacy |
| Google (Maps Platform — Places API) | Location autocomplete in profile and Organization forms; the user's browser sends typed location queries directly to Google | US | SCCs, DPF | policies.google.com/privacy |
7.3 Provider details
PostHog is configured not to receive directly identifying information: Bonito Hub users are identified to PostHog only by a pseudonymous internal identifier, not by name, email, or other contact details. The PostHog client runs in memory-only mode and does not write cookies or other storage to your device; the pseudonymous identifier exists only in your browser's JavaScript memory for the duration of the page. Bonito can still link this identifier to a Bonito Hub user account internally, so the resulting analytics data remains personal data under GDPR Article 4(5).
Sentry is configured to minimize personal data collection: fields that directly identify users are not sent in error reports. Sentry may still process limited technical data, including IP addresses, browser information, and request metadata, as required to diagnose errors.
Cloudflare processes IP addresses, request metadata, and (where enabled) request bodies as required to provide caching, security inspection, bot detection, and rate limiting. EU traffic is served from Cloudflare's EU edge infrastructure; some operational logs and metadata may be processed at Cloudflare locations outside the EU. The legal basis is our legitimate interest in maintaining the security and availability of the Services.
Algolia powers search across content published on bonito.football (see https://bonito.football/search). We index editorial content from bonito.football and Organization profile data from Bonito Hub. Algolia processes search queries against that index. Search queries from end users are proxied through our internal API, so Algolia does not receive end users' IP addresses or other identifying request metadata directly from your browser. Algolia is a French company (Algolia SAS); our index is hosted in their EU region.
New Relic receives application performance telemetry from our Container Apps in production. Where this telemetry includes request URLs or headers, those may contain identifiers (for example, a user ID in a URL path). We have configured New Relic to mask or exclude direct personal data where practical. Legal basis: legitimate interest in operating reliable Services.
Google Places API is loaded in the user's browser when typing in a location field. Google receives the search query (e.g. "Stockholm"), the user's IP address, and standard browser metadata. Google is an independent controller for its own use of this data — see Google's privacy policy linked above. We use Google's session-token mechanism so that autocomplete and place-detail requests within the same form interaction are billed and processed as a single session. We do not transmit account identifiers or any other Bonito profile data to Google.
7.4 LinkedIn (independent controller)
Bonito Hub offers an optional LinkedIn verification flow. When you choose to verify your account via LinkedIn, you authorize LinkedIn Ireland Unlimited Company to share the following data with us through its OAuth API:
- Your verified first and last name
- Your LinkedIn profile picture
- Your LinkedIn profile URL (vanity name)
- Your LinkedIn‑verified email address
- A LinkedIn user identifier (the OpenID Connect sub value)
We use this data to confirm your identity, support trust in the Organization claiming and Community access, and prevent fraud.
Bonito and LinkedIn are independent data controllers for this exchange. LinkedIn is not a sub‑processor of Bonito. Bonito does not transmit your Bonito Hub activity, contacts, or other personal data to LinkedIn. LinkedIn's own processing of the OAuth event is governed by LinkedIn's Privacy Policy (https://www.linkedin.com/legal/privacy-policy).
You may withdraw consent at any time by clearing LinkedIn‑verified data from your account settings.
7.5 Providers acting as independent controllers for some uses
The following providers are independent data controllers for parts of their own service operation, in addition to processing data on Bonito's behalf:
- Fundraise Up is an independent controller for processing your donation as a payment service — including anti-money-laundering checks, fraud screening, payment-network compliance, and statutory record-keeping obligations imposed on payment service providers. Its own privacy policy governs these uses. The donation widget loads directly in your browser and submits payment details directly to Fundraise Up; Bonito does not see, receive, or store your payment details.
- Cloudflare is an independent controller for the security and bot-detection intelligence it derives from request patterns across its global network. Traffic from Bonito Hub contributes to this intelligence in pseudonymized form.
8. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share personal data only:
- With service providers listed in Section 7, under written contracts that require them to process data on our behalf and protect it
- With Organizations on Bonito Hub, where you join, claim, or are invited to an Organization, your name, email, and role become visible to other members of that Organization
- As part of Organization profiles — information you submit for an Organization profile (for example, description, mission, contact details, website, donation links, and classifications) is visible publicly on Bonito Hub and may appear in directory listings, as Organization profiles are intended to be public directory entries.
- In editorial content — see Section 9
- When required by law, to comply with legal obligations, court orders, or lawful requests from authorities
- To protect rights and safety — to investigate or prevent fraud, abuse, harm to users, or violations of our Terms of Service
- With your consent, for any purpose not described above
9. Content Republished on bonito.football
Some content originating on Bonito Hub — for example, Organization case studies, profile features, or photos selected for editorial coverage — may be republished on bonito.football.
The bonito.football website is operated by Bonito as a journalistic publication under a Swedish publishing certificate ("utgivningsbevis") issued under yttrandefrihetsgrundlagen. Details of the certificate, including the certificate number, validity period, and the responsible publisher ("ansvarig utgivare"), are available at https://bonito.football/utgivningsbevis.
Processing of personal data that takes place exclusively for journalistic purposes within bonito.football, covered by this certificate, falls outside the scope of GDPR pursuant to Article 85 GDPR as implemented in Sweden — meaning that GDPR rights such as access, rectification, erasure, restriction, objection, and portability do not apply to that specific processing. This exemption is bounded: it applies only to processing carried out exclusively for journalistic purposes, and only on bonito.football, and only in respect of content covered by the certificate. It does not extend to:
- Processing of your personal data on Bonito Hub (hub.bonito.football), which remains fully subject to GDPR and to this Policy.
- Administrative processing of your personal data by Bonito outside the publication itself (for example, account management, newsletter delivery, donation processing, or support communications).
- Content on bonito.football that has not been editorially reviewed by Bonito staff, which is marked as user-generated content and is presented separately from editorial content, in line with the requirements of Mediemyndigheten. For user-generated content, GDPR rights continue to apply where the user-generated content is identifiable to you.
If you believe content covered by the utgivningsbevis is factually inaccurate, defamatory, or otherwise raises a concern that the journalistic exemption cannot fairly cover, you may contact the responsible publisher via the channels listed at https://bonito.football/utgivningsbevis. The responsible publisher decides such matters under Swedish constitutional media law rather than under GDPR. For complaints about how Swedish media law is applied, you may contact Mediemyndigheten (mediemyndigheten.se).
10. Children's Data
Bonito Hub requires users to be at least 16 years old. Birthdate is collected during onboarding to confirm age, and accounts cannot be completed by users under the Minimum Age.
Bonito Hub is not designed for children to participate in programs or to serve as unsupervised volunteers in activities involving children.
Many Organizations on Bonito Hub work with children and young people. Where an Organization uploads Content (photos, video, stories, or other material) that depicts or describes identifiable children or other vulnerable individuals, the uploading Organization warrants in our Terms of Service that it has the appropriate legal basis and any necessary consents to do so. Bonito relies on that warranty as the framework for handling such Content.
Bonito will only use such Content in public-facing communications outside Bonito Hub (for example, in standalone case studies, campaign pages on bonito.football, or fundraising materials) where the uploading Organization has separately confirmed its right to authorize that specific use.
If consent to use an image or story depicting a child or other vulnerable individual is withdrawn — whether by a parent, guardian, the individual themselves, or the Organization that uploaded the Content — please contact us at safeguarding@bonito.football. We will remove the Content from Bonito Hub and from bonito.football where it appears in directory or profile contexts, and we will not use the Content in any new public communications. Where Content has been republished on bonito.football under our publishing certificate (utgivningsbevis), Swedish constitutional media law does not require removal. Bonito will nevertheless assess such requests in accordance with our Child Safeguarding Policy.
Bonito's overall approach to child protection is set out in our Child Safeguarding Policy, which is approved by the board and applies to all staff, consultants, volunteers, partners, and anyone acting on behalf of the Foundation.
For safeguarding concerns involving a child or vulnerable adult — including concerns about how a child is depicted, identified, or treated in connection with Bonito's activities — please contact our Safeguarding Lead at safeguarding@bonito.football. If a child is in immediate danger, contact local emergency services first.
For other content concerns — Terms of Service violations, copyright issues, or privacy complaints not involving safeguarding — please use abuse@bonito.football.
11. Data Retention
We retain personal data only as long as necessary for the purposes set out in this Policy.
| Data category | Retention |
| Account profile data (non-special-category) | While your account is active; anonymized upon account deletion |
| Account email address (primary) and login credentials | While your account is active; anonymized upon account deletion |
| Additional verified email addresses | While the additional email is attached to your account; deleted on removal or on account deletion |
| Email-change audit log (old and new email pairs) | 24 months from the date of change |
| LinkedIn verification data | While your account is active and LinkedIn is connected; cleared on disconnect or account deletion |
| Location data (place name, coordinates, place identifier) | While your account is active; anonymized upon account deletion |
| Gender identity (if you provide it) | While your consent is in force; deleted on consent withdrawal or account deletion |
| Last-known IP address (activity tracking) | 30 days from the last activity that updated it, or until account deletion if sooner |
| Security event log IP address and user agent | 90 days, after which the IP and user agent fields are nulled while the event record itself is retained for aggregate security analytics |
| Newsletter subscription | Until you unsubscribe; the unsubscribed status itself is retained in Mailchimp indefinitely to prevent accidental re-subscription |
| Donor records (Fundraise Up) | 7 years (Swedish accounting law); held by Fundraise Up on our behalf |
| Support inquiries — email conversations (Intercom) | 24 months after resolution |
| Organization profile data | While the Organization is published on Bonito Hub; archived after removal for journalistic and auditing purposes |
| Organization verification documents | Lifetime of the Organization on Bonito Hub; replaced or removed documents are kept as a non-public audit record |
| Content published on bonito.football under publishing certificate (“utgivningsbevis”) | Retained as required by Swedish constitutional media law (see Section 9) |
| Pseudonymous internal identifier (internalAlias) | Preserved indefinitely in PostHog after account anonymization; we no longer hold the linkage to your account, but the identifier remains in analytics events |
| Server backups | Up to 30 days, then automatically purged |
The internal pseudonymous identifier (internalAlias) is preserved in our product analytics provider (PostHog) after account anonymization. After account deletion, we no longer hold the link between this identifier and you; from our side, it becomes purely pseudonymous data that we cannot re-identify without re-creating an account-to-alias mapping that no longer exists. PostHog continues to hold events labelled with this identifier for the duration of our analytics retention configuration.
When you delete your Bonito Hub account, your personal account data is immediately anonymized — we replace identifying fields with non‑identifying values rather than holding it pending deletion. Certain non‑identifying records may be retained for security, legal, and statistical purposes.
Content you or your Organization submitted may continue to appear in materials Bonito has already published (newsletters, reports, case studies). After account closure, we will not use your Content in new public communications, except where retention or further use is required by law or where removing it would involve disproportionate effort.
12. Your Rights
Under GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data (subject to legal and editorial limits — see Section 9)
- Restriction — request that we limit how we use your data
- Objection — object to processing based on legitimate interest
- Portability — receive your data in a portable format, or have it transferred to another controller, where technically feasible
- Withdraw consent — for processing based on consent (newsletter, LinkedIn verification, gender identity), at any time
- Lodge a complaint — with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at https://www.imy.se/
How to exercise your rights
You can exercise most rights directly in Bonito Hub:
- Edit or delete your account — in account settings
- Unsubscribe from the newsletter — using the link in any newsletter email or in account settings
- Modify Community profile — within Circle settings
- Update donor information — within Fundraise Up
For any request we cannot resolve through the product interface, contact us at legal@bonito.football. We will respond within one month of receiving your request, as required by GDPR Article 12(3). If a request is complex or we receive many requests from you, we may extend this period by a further two months and will inform you of the extension and the reasons.
We will not charge a fee unless your request is manifestly unfounded or excessive. We may ask for additional information to verify your identity before responding.
13. Contact
For privacy questions, requests to exercise your rights, or concerns about how we handle your data:
Bonito Foundation c/o Norrsken House Birger Jarlsgatan 57C 113 56 Stockholm Sweden
- Privacy contact: legal@bonito.football
- User support: support@bonito.football
- Safeguarding concerns (children or vulnerable adults): safeguarding@bonito.football
- Content takedown, Terms of Service violations, copyright: abuse@bonito.football
- Editor-in-Chief and Responsible Publisher for bonito.football: see https://bonito.football/utgivningsbevis
Swedish Authority for Privacy Protection (IMY): Box 8114, 104 20 Stockholm https://www.imy.se/
14. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (HTTPS) and at rest, where applicable
- Restricted access to personal data on a need‑to‑know basis
- Magic‑link authentication (no passwords stored)
- Pseudonymization of analytics identifiers
- Configuration of error‑monitoring tools to minimize the collection of personal data
- An internal policy restricting what categories of personal data may be processed through consumer AI tools
- Regular review of service providers and sub‑processors
- Logging and monitoring for unusual activity
No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and IMY in accordance with GDPR Articles 33 and 34.
15. Cookies and Storage on Your Device
Bonito Hub does not use advertising trackers, marketing cookies, or non-essential analytics that store data on your device without your interaction. We do not display a cookie consent banner because we do not set any storage on your device that requires one under the Swedish Electronic Communications Act (lag (2022:482) om elektronisk kommunikation, which implements the EU ePrivacy Directive).
The storage we do place on your device is strictly necessary to provide the Services or to deliver something you have specifically requested. It falls under the exemption from consent in Article 5(3) of the ePrivacy Directive.
What we set
- Authentication and session cookies (set by Bonito). Used to keep you signed in as you navigate Bonito Hub, to protect the security of your session, and to prevent cross-site request forgery. Expire when you sign out or when the session expires.
- Security cookies (set by Cloudflare). The __cf_bm cookie helps Cloudflare protect Bonito Hub from automated abuse and bots; it expires within 30 minutes of your last request. Where Cloudflare presents a security challenge, a cf_clearance cookie may be set after you pass the challenge.
- CAPTCHA cookies (Cloudflare Turnstile, on authentication pages only). Used to confirm that you are a human when signing in. Set only during authentication flows; expires shortly after the check completes.
- Donation widget storage (Fundraise Up). When you click the donate button, Fundraise Up loads its widget in your browser. The widget may set cookies on the Fundraise Up domain for session continuity, abandoned-donation recovery, and fraud prevention. These are set only on your explicit action.
- Feedback widget storage (Userback). When you click the feedback button, Userback loads its widget in your browser. The widget may set cookies on the Userback domain for widget state. Set only on your explicit action.
What we don't set
- Product analytics (PostHog). PostHog runs in memory-only mode on Bonito Hub. It does not write cookies, localStorage, or IndexedDB to your device. Any session identifier exists only in your browser's JavaScript memory and is regenerated on each page load.
- Web analytics (Plausible). Plausible is cookieless by design — it does not store anything on your device.
- Advertising, marketing, or third-party tracking pixels. None. We do not run Google Analytics, Meta Pixel, advertising tags, retargeting trackers, or similar technologies.
Managing cookies in your browser
Strictly-necessary cookies cannot be disabled without breaking core functionality of Bonito Hub — you will not be able to sign in if you block them. You can clear all cookies stored by Bonito Hub at any time using your browser settings, which will sign you out.
Third-party embedded content
Some of our pages include content hosted by other companies — for example, videos and social posts from YouTube, Vimeo, X (Twitter), Instagram, TikTok, and Twitch. We embed this so you can watch or read it without leaving our site.
We don't load it until you choose to. To protect your privacy, embedded content is not loaded automatically. Where an embed would appear, you'll first see a placeholder with a short notice and a "Load content" button. Until you load it, no data is sent to the provider. They can't set cookies or see that you visited the page.
One choice covers all providers. When you load an embed, you consent to embedded content from all the providers we use, across the site, not just the one in front of you, so you only have to decide once. The providers and their privacy policies are:
- Facebook: https://www.facebook.com/privacy/policy
- Instagram: https://privacycenter.instagram.com/policy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Pinterest: https://policy.pinterest.com/en/privacy-policy
- TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en
- Twitch: https://legal.twitch.com/en/legal/privacy-notice
- Vimeo: https://vimeo.com/legal/privacy/policy
- X: https://x.com/en/privacy
- YouTube: https://policies.google.com/privacy
What happens when you load it. Once you consent and an embed loads, the provider receives your IP address and information about your device and browser, and may set its own cookies and track your activity in line with its own privacy policy. These companies act as independent controllers of any data they collect, and some are based outside the EU/EEA, so your data may be transferred internationally. We have no control over their cookies or tracking — please see their privacy policies above.
Remembering your choice. To remember your decision we store a single first-party cookie.
Cookie name: embed-consent
Purpose: Remembers whether you've agreed to load third-party embedded content
Contents: granted or denied only
Duration: ~12 months
This is a functional cookie: it holds only your preference, contains no personal data, and is not used to track you. It is set for .bonito.football so your choice is remembered across our sites (e.g. bonito.football and hub.bonito.football).
Your consent, and how to change your mind. We load third-party embedded content only with your consent (the lawful basis under Article 6(1)(a) GDPR). You can withdraw consent at any time via the button or switch in the site footer; this clears the cookie and restores the "Load content" placeholders. Withdrawing consent doesn't affect content you've already loaded or processing the providers carried out beforehand.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we make changes, we will post the updated Policy on this page and update the "Last updated" date at the top.
If the changes are material — for example, new categories of processing, new service providers handling significant personal data, or changes that materially affect your rights — we will take reasonable steps to notify you, for example by email or by displaying a prominent notice in the Services, in line with our Bonito Hub Terms of Service.
This Privacy Policy forms part of our Bonito Hub Terms of Service (https://hub.bonito.football/terms). In the event of a conflict between the two, the Bonito Hub Terms of Service govern the contractual relationship, and this Privacy Policy governs the handling of your personal data.