Draft — pending legal review

This page is a placeholder. Final wording will be reviewed by counsel before launch.

Privacy Policy

Last updated:

This Privacy Policy explains what data the GSM Sports platform (the “Service”) collects, why, and what rights you have over it. It applies to anyone who uses the Service — athletes, organizers, operators, and visitors.

1. Data we collect

  • Account data — email, phone, name, country, optional profile photo; stored when you register.
  • Athlete data — date of birth, weight, hand preference, ranking history, tournament results.
  • Tournament data — entries, weigh-ins, match results, audit trail of who entered what.
  • Technical data — IP address, browser type, error reports (via Sentry when enabled), aggregate usage logs. We do not use third-party advertising trackers.

2. Lawful basis (GDPR Art. 6)

Account and tournament data are processed under contract (you registered to use the Service). Technical / error data are processed under legitimate interest (running the platform). Marketing emails — if any — are sent only with your explicit consent, which you can withdraw at any time.

3. How long we keep it

  • Account profile: until you delete the account.
  • Tournament results: indefinitely, as part of the public sporting record.
  • Server logs: 30 days.
  • Backups: 90 days, encrypted at rest.

4. Who we share with

Tournament organizers see the entries and personal data of athletes registered to their events. Operators see only the events they're assigned to. We do not sell personal data. Sub-processors used to operate the Service:

  • Hosting provider (Railway / Render / Hetzner — set at deploy time)
  • Sentry (error reporting) — when enabled
  • Email provider (Resend / SendGrid) — when enabled
  • Telegram (notifications & account recovery) — opt-in per user

5. Your rights

You can access, correct, or delete your account data from the Profile page at any time. You can request a machine-readable export of all data tied to your account by emailing hello@gsmarm.com. You can lodge a complaint with your local data-protection authority.

6. Cookies

We use a small number of strictly necessary cookies — session token, language preference, cookie-banner dismissal. We don't set advertising or cross-site tracking cookies.

7. Security

Passwords are hashed with bcrypt. Tokens are signed with a server-side secret rotated on a regular basis. Production traffic is over HTTPS only. We follow defence-in-depth practices but no system is 100% secure.

8. Children

Accounts for athletes under 14 require a parent or guardian to register on their behalf. We do not knowingly collect data directly from children under 14.

9. Contact

Privacy questions: hello@gsmarm.com

Privacy Policy · GSM Sports · GSM Sports