Privacy Policy
1. Controller
The controller responsible for the processing of personal data in connection with this app and website is:
[FULL NAME OR COMPANY NAME]
[STREET, HOUSE NUMBER]
[ZIP CODE, CITY, COUNTRY]
Email: [CONTACT EMAIL]
2. Data We Collect
When you use Slamify, we collect the following data:
- Account data — your email address, display name, and username, provided when you register via email or a social login provider (Google, Apple). Authentication is handled by Clerk.
- Profile picture — if you upload a profile photo, it is stored on Amazon S3.
- Match data — match results, scores, opponents, and timestamps that you enter in the app.
- ELO and ranking data — your calculated ELO rating and ranking positions across global, national, city, and club leaderboards.
- Location data (optional) — if you join a club or city league, your geographic region is stored to power local leaderboards. We do not track your real-time GPS location.
- Push notification tokens — if you grant permission, a device token is stored to send you match verification alerts.
- Usage data — standard server logs (IP address, request timestamps, user agent) for security and debugging purposes.
3. Purpose and Legal Basis
We process your data to:
- Provide the app's core functionality (match tracking, ELO calculation, leaderboards) — Art. 6(1)(b) GDPR (performance of a contract).
- Send push notifications for match confirmations and challenges — Art. 6(1)(a) GDPR (consent).
- Maintain security and prevent fraud — Art. 6(1)(f) GDPR (legitimate interest).
- Comply with legal obligations — Art. 6(1)(c) GDPR.
4. Third-Party Services
We use the following third-party services that may process your data:
- Clerk (authentication) — handles account creation and sign-in. Privacy policy: clerk.com/legal/privacy.
- Amazon Web Services (S3) — stores profile images. Privacy policy: aws.amazon.com/privacy.
- Expo / Expo Push — delivers push notifications to iOS and Android devices.
- Apple Push Notification Service (APNs) / Google Firebase Cloud Messaging (FCM) — platform-level push delivery.
5. Data Retention
Your data is retained for as long as your account is active. You may request the deletion of your account and all associated data at any time by contacting us at [CONTACT EMAIL].
Server logs are deleted after 30 days.
6. Your Rights
Under the GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — withdraw consent for push notifications at any time via your device settings.
7. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. The competent authority is determined by your country of residence. For Germany, this is the relevant state data protection authority (Landesdatenschutzbehörde).
8. Contact
For any privacy-related requests, please contact: [CONTACT EMAIL]