Skip to main content
PLAYSPORTMATE
05

Privacy Policy

Last updated · 4 June 2026 · Version 2.0

1. Data Controller

The data controller is PlaySportMate, reachable at [email protected].

2. Data collected

We collect the following personal data:

  • Registration data: first name, last name, email address, password (hashed)
  • Profile data: sports practised, skill level, city of residence (no precise GPS coordinates), profile photo (optional)
  • Tournament registration data: name, email, phone (optional), message (optional)
  • Navigation data: access logs, IP address, browser type (for security and aggregate statistics)

We do not collect precise GPS coordinates. Geolocation is limited to city/area.

3. Purposes of processing

Your data is used to:

  • Provide the athlete matching service
  • Manage amateur tournament registrations
  • Send notifications related to platform activity
  • Ensure security and prevent abuse
  • Improve the service through anonymous aggregate statistics

4. Legal basis

Processing is based on the contract (service provision, Art. 6(1)(b) GDPR) and the legitimate interest of the controller for platform security (Art. 6(1)(f) GDPR). For marketing communications, the legal basis is explicit consent (Art. 6(1)(a) GDPR).

5. Data retention

Account data is retained until the profile is deleted. Navigation data (logs) is deleted within 90 days. Tournament registration data is retained for 2 years for accounting and security obligations.

6. Data sharing

Your data is shared only with:

  • Supabase (database and authentication) — servers in Europe (Frankfurt, eu-central-1)
  • Vercel (hosting) — with GDPR compliance guarantees
  • Sports clubs — only the registration data for their tournaments, explicitly provided by you
  • Google (Google Analytics 4, via Google Tag Manager) — anonymous usage statistics, enabled only with your prior consent (Consent Mode v2). Details in the Cookie Policy

We never sell your data to third parties.

7. Your rights (GDPR)

You have the right to:

  • Access: request a copy of your data
  • Rectification: correct inaccurate data
  • Erasure (right to be forgotten): delete your account and all associated data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing for marketing purposes
  • Restriction: request suspension of processing in certain cases

To exercise these rights, write to [email protected]. We will respond within 30 days.

8. Cookies

We use technical cookies necessary for the operation of the site (authentication, session). For full details, see our Cookie Policy.

9. Security

We adopt appropriate technical and organisational measures to protect your data: encryption in transit (HTTPS), secure authentication, Row Level Security on all data, limited access to authorised personnel.

10. Complaints

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

11. Changes

We may update this policy. In case of material changes, we will notify you by email or via a notice on the platform.

Privacy PolicyTerms of ServiceCookie Policy