ProviewVoltar ao Início
LEGAL & GDPR

Privacy Policy

Last updated: April 2026

Executive summary

Proview respects your privacy and complies with the GDPR. In short: we collect minimal data, we don't sell it, and you can exercise your rights at info@proview.es.

01. Introduction

Welcome to Proview, the platform for watching live games of professional League of Legends players.

This policy explains how we handle your information. In short: we collect minimal data, we don't sell it to third parties, and you can exercise your GDPR rights at info@proview.es.

Owner

Samuel Rodríguez Villaverde

Regulation

GDPR (EU) 2016/679 + LOPDGDD

Website

proview.es

02. Data we collect

Consent Data

Anonymized IP address (last octet removed), user-agent, anonymous session ID and cookie preferences. Retained for 13 months.

Analytics Data (with consent)

Pages visited, session time, device type — managed by Vercel Analytics and Google Analytics 4 (via GTM). GTM loads on every visit using Consent Mode v2: without consent, no cookies are set and no personal data is transferred to Google. GA4 data is transferred to Google LLC servers (USA), covered by the EU Standard Contractual Clauses.

Advertising Data (with consent)

If you accept marketing cookies, Google AdSense may use cookies and identifiers to show and measure ads, including personalization based on your visits. Without consent no ad script is loaded. Google acts as an independent controller for ad processing (ads policy at policies.google.com).

Riot Games API Data

Public data of professional players' ongoing games. This is not personal data.

What we do NOT collect

Proview does not require a paid account: we don't ask for passwords or banking details, and we don't store card data.

03. Purpose of processing

Operate the service

Show live games and statistics, and remember your preferences.

Analytics

Understand site usage in aggregate to improve it.

Advertising

Show and measure ads (only if you accept marketing cookies).

Security and anti-spam

Protect the site from abuse and rate-limit requests.

What we do NOT do

  • Sell your data to third parties for commercial purposes.
  • Build detailed personal profiles to sell them.
  • Share your information with marketing companies.

05. Data retention

Consent logs: 13 months.

Active match data: automatically expired after 90 minutes.

Polling logs: purged after 7 days.

Cookie consent: expires automatically after 12 months; after that you're asked again.

06. Legal information of the controller

The full identification details of the controller (owner, tax ID and location) are available in the Legal notice.

07. Sharing with third parties

We only share data with the providers needed to operate (data processors):

Supabase

Purpose: Database — consent and match data

Data shared: No personal data: consent (anonymized IP) and public match data.

Location: Ireland (EU)

Safeguards: Servers in the EU; GDPR compliance.

More info

Vercel

Purpose: Web hosting

Data shared: Technical access data (IP, browser) in temporary logs.

Location: Global (mainly US)

Safeguards: Standard Contractual Clauses; GDPR compliance.

More info

Upstash Redis

Purpose: Anti-spam rate limiting

Data shared: IP (temporary, for counting only) and anonymous session ID.

Location: Global (distributed nodes)

Safeguards: Temporary cache; not stored permanently.

More info

Vercel Analytics

Purpose: Web analytics (with consent only)

Data shared: Anonymous page metrics, no first-party cookies.

Location: Global

Safeguards: No persistent identifier.

More info

Google Tag Manager / GA4

Purpose: Advanced analytics (with consent only)

Data shared: Anonymized browsing data (only with consent).

Location: US

Safeguards: Consent Mode v2; IP anonymization; SCC.

More info

Google AdSense

Purpose: Display ads (with marketing consent only)

Data shared: Ad cookies/identifiers (only with marketing consent).

Location: US

Safeguards: Consent Mode v2; standard contractual clauses.

More info

Riot Games

Purpose: Public LoL data API

Data shared: We only consume their API; we don't send them your personal data.

Location: US

Safeguards: Public match data.

More info

08. International transfers

Some providers are located outside the European Economic Area (EEA), mainly in the US. These transfers are protected by:

Standard Contractual Clauses (SCC)

Contracts approved by the European Commission that ensure a level of protection equivalent to the EU's.

Providers' GDPR compliance

Our main providers (Vercel, Google, Upstash) have security measures and GDPR compliance.

Note: data managed by Supabase is hosted on servers in the European Union, with no international transfer for that data.

09. Security measures

HTTPS/TLS encryption

All traffic is encrypted in transit.

Per-user isolation (RLS)

Row Level Security in the database.

Rate limiting

Anti-spam and anti-abuse protection via rate limiting.

CSP with nonce

Strict Content Security Policy against script injection.

IP anonymization

We remove the last octet of the IP in logs.

Restricted access

Only authorized personnel, under confidentiality.

Security breaches: in the unlikely event of a breach affecting your data, we'll notify within 72 hours, as required by the GDPR.

10. Your rights (GDPR)

Access

Know what data we hold.

Rectification

Correct inaccurate data.

Erasure

“Right to be forgotten”.

Objection

Object to certain processing.

Restriction

Temporarily restrict processing.

Portability

Take your data to another service.

Withdraw consent

At any time.

How to exercise them

Send an email to info@proview.es stating the right you wish to exercise. We may ask you to verify your identity.

Response time: up to 30 calendar days (extendable to 60 in complex cases, with notice of the extension).

11. Cookies

Proview uses cookies and local storage to work and improve your experience. For full details, see our Cookie Policy.

12. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or in applicable law.

Minor changes: we update the “last updated” date at the top of the document.

Significant changes: we'll notify you with a prominent message on the site.

13. Contact and complaints

If you have questions about this Policy or about the processing of your data, write to us at info@proview.es.

We commit to responding within a maximum of 30 calendar days.

Complaint to the supervisory authority

If you believe the processing of your data infringes the GDPR, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

Agencia Española de Protección de Datos (AEPD)

Calle Jorge Juan, 6 — 28001 Madrid, España

Web: www.aepd.es

Tel.: 901 100 099 / 912 663 517

However, we'd appreciate it if you contacted us before going to the AEPD, so we can try to resolve any issue.