Go home

League Rules

Last updated June 2026

Global Pub League is a worldwide football-prediction championship between pubs. The rules below mirror what is actually enforced by the platform — authentication, check-in, scoring, rewards and anti-cheat are implemented in the codebase and database.

Eligibility

You must be of legal drinking age in your country to participate at a venue. No real-money wagering of any kind: rewards are limited to in-app Nectar.

  • One person, one account.
  • Bots, scripts and automated clients are forbidden.
  • We may decline registrations from territories where the service is restricted.

Account

Sign-up requires a unique nickname, a valid email and a password. Email confirmation is required before you can sign in.

  • Nickname: 3–32 characters, letters/digits/._- only, case-insensitive uniqueness.
  • Password recovery is performed via the registered email.
  • Sign-in uses nickname + password; the email tied to the nickname is resolved server-side.
  • Keep your credentials private — you are responsible for activity on your account.

Fair Play

The league only works if results reflect genuine skill and presence in pubs. Any attempt to fake activity is grounds for removal.

  • No multi-accounting, vote-trading or collusion between users or pubs.
  • No exploitation of bugs; report them to the team instead.
  • Falsifying location, check-ins or predictions is a permanent-ban offence.

Predictions

Predictions are locked at kickoff and cannot be edited afterwards. Scoring is computed automatically when the final result is recorded.

  • Correct outcome: 10 points.
  • Correct goal difference: 10 points.
  • Exact score: 30 points.
  • In-pub bonus (placed while checked in): +5 points.
  • 10 Nectar credited when a prediction is placed; 50 Nectar credited when it wins.
  • Predictions placed during an active Gold session pay out in Golden Nectar.

Check-ins

A check-in proves you are physically present at a participating venue. It unlocks the in-pub bonus and starts your Gold session.

  • Geo check-in is valid only within ~10 m of the venue coordinates.
  • Alternatively, scan the venue's QR code at the bar.
  • Check-ins cannot be transferred between users or venues.

QR Validation

Venue QR codes are rotated regularly and validated server-side.

  • Each QR token is valid for up to 3 hours after issuance.
  • Expired, reused or forged tokens are rejected automatically.
  • Distributing a venue's QR outside the venue is prohibited.

Rewards & Nectar

Nectar is the in-app currency. It has no cash value and cannot be transferred between accounts.

  • Purple Nectar — earned at any time from predictions and activity.
  • Golden Nectar — earned during the 3-hour Gold session that starts at check-in.
  • Conversion reference: 1 Golden Nectar = 100 Purple Nectar.
  • Adding a new approved venue grants +5 Golden Nectar (once per venue).
  • Duplicate or fraudulent transactions are blocked by unique database constraints.

Venue Participation

Anyone can submit a pub. Submissions must include real coordinates (geocoded automatically) or they cannot be saved.

  • User-added venues appear on the map, leaderboard and venue page only after approval (status = approved).
  • Editing an existing pub does not grant additional Nectar.
  • Duplicates are filtered out before insertion.

Leaderboards

Pub and player rankings are rebuilt from real predictions, check-ins and Nectar transactions.

  • Distance shown next to each venue is computed from your current GPS position.
  • Ranking can be recalculated retroactively after results corrections.
  • Administrators may adjust standings to remove cheated points.

Anti-Cheat

Several layers prevent inflated balances and fake activity.

  • Unique partial indexes prevent more than one reward per (user, match) or per added venue.
  • Server-side triggers are the only writers of Nectar balances.
  • Row-Level Security on every user-data table; admin checks use a separate user_roles table and a security-definer function.

Suspensions & Bans

We may suspend or close an account that violates these rules. Where possible we contact the user first.

  • Temporary suspension: feature lock-out and Nectar freeze.
  • Permanent ban: account closed, balances voided, removal from leaderboards.
  • Appeals are handled by writing to the contact address below.

Moderator Rights

Administrators have read/write access to settings, match results, venue approvals and audit logs.

  • All admin actions are recorded in an audit log.
  • Admin status is granted via the server-only user_roles table; it cannot be obtained client-side.

Geographic Availability

The service is offered worldwide where lawful. Specific tournaments may be limited to certain regions or venue lists.

  • We may restrict access from sanctioned jurisdictions.
  • Local laws on alcohol promotion and competitions take precedence over these rules.

Privacy Policy

Last updated June 2026

We collect only the data needed to run the league: authentication, predictions, check-ins, venue submissions, and the geolocation used to validate a check-in. We never sell personal data.

Account Data

When you register we store a nickname, an email address and an authentication hash. The email is used for sign-in lookup, email confirmation and password recovery.

Profile Information

Your public profile may include a display name, avatar URL and your home pub. You can edit or remove these at any time from your profile page.

Check-in Data

Each check-in records the user, venue and timestamp. We use the GPS position only to validate proximity (~10 m) at the moment of check-in.

  • Raw GPS coordinates are not stored as a permanent location history.
  • QR check-ins are validated against short-lived tokens (up to 3 h).

Prediction Data

Predictions, the match they target, the result and the Nectar awarded are stored to keep leaderboards accurate and to settle disputes.

User-Submitted Venues

When you submit a pub we store the data you provide (name, address, country) plus the geocoded coordinates and your submitter ID, so we can attribute the +5 Golden Nectar reward and contact you if the submission needs correction.

Device & Technical Data

Basic technical data (IP address, browser, language) is processed to deliver the app, detect abuse and aggregate anonymous analytics.

Geolocation

Geolocation is requested only when you ask the app to compute distances to venues or to perform a geo check-in. Permission can be revoked at any time in your browser settings; the app then falls back to non-distance views.

Cookies & Local Storage

We use the storage strictly required to keep you signed in (Supabase auth session), to remember your language preference and to cache UI state. We do not use third-party advertising cookies.

Authentication Providers

Authentication is handled by Supabase Auth (Lovable Cloud). Passwords are never stored in plain text and are hashed by the auth provider.

Data Retention

Account, predictions and check-in data are retained for as long as your account exists. On account deletion, personal data is removed; anonymized aggregates may be retained for league statistics.

Data Sharing

We share data only with the infrastructure providers needed to operate the service (database, authentication, image storage) and with administrators acting on the platform's behalf. No marketing transfers.

Security

All user-data tables enforce Row-Level Security. Admin actions are audit-logged. Service-role keys are kept server-side only and never reach the browser.

Your Rights

You can access, correct or delete your data at any time by writing to the address below. Where applicable (GDPR/CCPA) you may also request portability or restriction of processing.

Contact

For privacy questions, write to privacy@globalpubleague.com. We respond within 30 days.