Legal · Privacy

Privacy Policy

What Copa 2026 collects, why, who it goes to, and what rights you have. Written in plain English.

Effective May 29, 2026 · Version 1.0

The short version

Copa 2026 is a personal editorial blog covering the 2026 FIFA World Cup. It is operated by an individual, not a company. The site has no accounts, no purchases, and no newsletter.

The site logs basic visit information through standard hosting infrastructure. It uses your browser's local storage to remember things like your cookie preferences. If you consent, third-party advertising and analytics tools may set cookies. The site does not sell your personal information.

You have rights under GDPR, UK-GDPR, and CCPA, including the right to ask what is held, to delete it, and to opt out of targeted advertising. Email admin@copa26.news with any request.

1. Who operates this site

Copa 2026 (the "site") is operated by an individual ("we," "us," "our") as a personal editorial project. We are based in Florida, United States, and are not a registered business entity. The site is not affiliated with FIFA, US Soccer, Concacaf, or any participating federation.

For data-protection purposes under the EU General Data Protection Regulation ("GDPR"), the UK General Data Protection Regulation ("UK-GDPR"), and similar laws, the operator of Copa 2026 is the data controller. The best way to reach us is by email at admin@copa26.news.

2. What information we collect

We try to collect as little as possible. Here is the complete list.

2.1 Information collected automatically when you visit

The site is hosted on GitHub Pages. Like any web server, GitHub's infrastructure records a basic access log for every request, including:

• Your IP address
• Your browser type, version, and operating system (from the User-Agent header)
• The page you requested and the page that referred you (if any)
• The date and time of your visit

These logs are kept and processed by GitHub, Inc. under GitHub's Privacy Statement. We do not have direct access to these logs and do not retain them ourselves.

2.2 Information stored in your browser

The site uses your browser's localStorage to remember a small amount of state between visits. This data is stored on your device only and is never sent to us. Specifically:

• wc_consent_v1, your cookie-consent choice, so we don't ask again on every visit
• Other keys may be added for new features. Each is documented in the Cookie Notice.

You can clear this data at any time by clearing your browser's site data for this domain.

2.3 Information collected by third parties (with your consent)

If you consent to non-essential cookies via our cookie banner, the following third parties may set cookies on your device and collect information about your visit:

• Google AdSense or Ezoic, advertising. May set cookies to serve relevant ads, measure ad performance, and prevent fraud. May include behavioral profiling for personalized advertising.
• Microsoft Clarity, analytics. May record anonymized session interactions (clicks, scrolls, mouse movements) to help us understand how visitors use the site.
• Cloudflare Web Analytics, basic traffic measurement. Operates without cookies and runs regardless of consent.

See the Cookie Notice for the full per-cookie breakdown.

2.4 Information we do not collect

For clarity, the site does not collect:

• Account information (the site has no accounts)
• Payment information (the site sells nothing)
• Email addresses (the site has no newsletter)
• Names, phone numbers, or postal addresses
• Sensitive personal information (race, religion, health, sexual orientation, biometric data, precise geolocation, etc.)
• Information from children under 13

3. Why we collect it (legal basis under GDPR)

Under GDPR and UK-GDPR, every processing activity must have a lawful basis. Ours are:

• Legitimate interest (Article 6(1)(f)), for the basic server logs that keep the site running and let us see if it's working. The interest is operating a working website; the impact on you is minimal.
• Consent (Article 6(1)(a)), for any non-essential cookies (advertising, behavioral analytics). You give consent through the cookie banner on first visit and can withdraw it at any time.
• No contract or legal obligation applies here, the site is not selling you anything and is not legally required to collect anything else.

4. Who we share it with

We do not sell your personal information. We do not share it for cross-context behavioral advertising except as described in §2.3 above (only with your consent).

The following service providers process information on our behalf or as independent controllers in connection with running the site:

• GitHub, Inc. (United States), hosting. Receives server-log data automatically.
• ESPN, Inc. (United States), scoreboard data. When the site fetches live scores, your browser contacts ESPN's public scoreboard API, which sees your IP address.
• flagcdn.com, country flag images. Your browser contacts this CDN to load flag images.
• Unsplash (United States), placeholder photography. Your browser contacts Unsplash to load images.
• Google fonts (Google LLC, United States), typography. Your browser contacts Google's font CDN.
• Google AdSense or Ezoic, advertising, only if you consent. See §2.3.
• Microsoft Corporation (United States), Clarity analytics, only if you consent. See §2.3.
• Cloudflare, Inc. (United States), Web Analytics (cookieless) and, if used, CDN/DNS services.

We may also disclose information if required by law, court order, or to enforce our rights. We will resist overbroad requests and notify you if legally permitted to do so.

5. International data transfers

The site is operated from the United States and most of its service providers are also based in the United States. If you are visiting from the European Economic Area, the United Kingdom, or another jurisdiction with data-localization rules, your information may be transferred to and processed in the United States.

Where applicable, these transfers rely on:

• The EU-US Data Privacy Framework (for providers certified under it, such as Google and Microsoft)
• Standard Contractual Clauses adopted by the European Commission
• Your explicit consent, where required

6. How long we keep it

• Server logs, retained by GitHub Pages under their policy (currently up to 30 days for raw logs). We do not retain them ourselves.
• localStorage on your device, kept until you clear your browser data. We cannot delete it remotely.
• Cookies set by third parties, vary by provider; see the Cookie Notice for each.
• Information you send us by email (such as a data-rights request), kept only as long as needed to respond, plus a reasonable record-keeping period (typically 12 months).

7. Your rights under GDPR and UK-GDPR

If you are in the European Economic Area or the United Kingdom, you have the following rights with respect to your personal data:

• Right of access, ask what we hold about you
• Right to rectification, ask us to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten"), ask us to delete your data, subject to limited exceptions
• Right to restrict processing, ask us to pause processing while a dispute is resolved
• Right to data portability, receive your data in a machine-readable format
• Right to object, object to processing based on legitimate interest, including direct marketing
• Right to withdraw consent, withdraw any consent you previously gave, at any time, without affecting prior lawful processing
• Right to lodge a complaint, file a complaint with your local data protection authority (in the UK, the Information Commissioner's Office; in EU member states, your national supervisory authority)

To exercise any of these rights, email admin@copa26.news. We will respond within 30 days. There is no charge for routine requests.

8. Your rights under CCPA / CPRA (California)

If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") gives you the following rights:

• Right to know, what categories of personal information we collect, the purposes, the categories of sources, and the categories of third parties with whom we share it (all disclosed above in §2 and §4)
• Right to delete, ask us to delete personal information we hold about you, subject to limited exceptions
• Right to correct, ask us to correct inaccurate personal information
• Right to opt out of sale or sharing, opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information; if advertising cookies are set with your consent, you can opt out at any time by withdrawing consent in the cookie banner
• Right to limit use of sensitive personal information, we do not collect sensitive personal information
• Right to non-discrimination, we will not treat you differently for exercising any of these rights

To exercise any of these rights, email admin@copa26.news. We may need to verify your identity in a manner proportionate to the sensitivity of the request.

9. Children's privacy

The site is intended for a general audience and is not directed to children under the age of 13 in the United States, or to children under the relevant minimum age in their jurisdiction (16 in most of the European Economic Area; this varies by country).

We do not knowingly collect personal information from children under those ages. If we become aware that we have collected personal information from a child under those ages without verifiable parental consent, we will delete it as quickly as practicable. If you believe we may have such information, please email admin@copa26.news.

10. Security

The site is a static website served over HTTPS via GitHub Pages and (where applicable) Cloudflare. We do not maintain a server-side database, do not store passwords, and do not handle payment information. The attack surface is genuinely small.

That said, no website is perfectly secure. We make no warranty that the site or any service connected to it is free from vulnerabilities. If you discover a security issue, please email admin@copa26.news and we will respond promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time, for example, if we add a new third-party service or a relevant law changes. When we do, we will:

• Update the "Effective" date at the top of this page
• Bump the version number
• For material changes (those that meaningfully affect your rights or the information collected), post a prominent notice on the site for at least 30 days before the change takes effect

Your continued use of the site after the new effective date means you have read and understood the updated policy. If you do not agree with a change, your remedy is to stop using the site and, if you wish, to exercise your right to deletion.

12. How to contact us

For any question about this policy, any data-rights request, any privacy concern, or just to flag something we got wrong:

• Email: admin@copa26.news

We aim to respond to all data-rights requests within 30 days. For general inquiries, please allow up to 14 days.