Legal

Privacy notice

Last updated: June 7, 2026

Warning: The operator details on this page are still placeholders and must be replaced with the real details before launch.

Protecting your personal data matters to us. This notice informs you, pursuant to Art. 13 and 14 GDPR, which data we process, for what purpose, and what rights you have. Processing takes place exclusively on servers within the EU. We use no tracking, analytics or marketing tools whatsoever.

1. Controller

The controller within the meaning of the GDPR is:

[Vorname Nachname — VOR LAUNCH SETZEN][Straße Hausnr. — VOR LAUNCH SETZEN][PLZ] [Ort]Deutschland[E-Mail — VOR LAUNCH SETZEN]

We have not appointed a data protection officer, as there is no legal obligation to do so (§ 38 BDSG). For privacy questions, please use the contact address above.

2. What data we process

Account and master data

On registration and sign-in: name, email address, password (stored only as a cryptographic hash) and, optionally, a profile picture.

Session and log data

To authenticate and secure sign-in: session identifier, IP address, browser/device information (user agent) and timestamps.

Content data entered by users

As part of team management: player profiles (name, jersey number, position, date of birth, “minor” status, guardian email, notes), attendance, events (location, opponent), team-fine entries (amounts, reasons), tactic boards, lineups, drills and invitations.

We do not process special categories of personal data (Art. 9 GDPR); please do not enter such data into free-text fields.

3. Purposes and legal bases

Providing the account and service: Art. 6(1)(b) GDPR (performance of the usage relationship).
Management of team and player data by coaches and officials: Art. 6(1)(b) and (f) GDPR (legitimate interest in organising the team).
Data of minors: in addition, we always obtain the legal guardians' consent (Art. 6(1)(a) GDPR; for children below the consent age applicable in the respective member state in conjunction with Art. 8); consent can be withdrawn at any time with effect for the future.
Security, abuse prevention and logging: Art. 6(1)(f) GDPR.

4. Role regarding team data (processing on behalf)

For your account data we are the controller. Where coaches or clubs process third-party personal data (e.g. of players) via the service, they decide on the purposes and means; in that respect they are controllers and we process on their behalf. We provide a data-processing agreement pursuant to Art. 28 GDPR on request. Anyone entering third-party personal data must ensure there is a legal basis — for minors, in particular the consent of the legal guardians.

5. Recipients and processors

We share data only with carefully selected processors with whom an Art. 28 GDPR agreement exists. No data is shared for advertising purposes; we use no analytics, tracking or marketing services.

Vercel Inc.
Hosting and delivery of the web application — Servers in the EU (Frankfurt)
US parent company; safeguarded by a data-processing agreement (Art. 28 GDPR) and EU Standard Contractual Clauses / the EU-US Data Privacy Framework.
Supabase
Database and file storage — Servers in the EU (Frankfurt)
US parent company; safeguarded by a data-processing agreement (Art. 28 GDPR) and EU Standard Contractual Clauses / the EU-US Data Privacy Framework.

6. Transfers to third countries

Processing and storage take place on servers within the EU. Where access by US parent companies cannot be excluded for the providers used, it is safeguarded by EU Standard Contractual Clauses and — where certified — the EU-US Data Privacy Framework.

7. Minors

Minors do not appear in publicly visible lists (e.g. the “Strafenkönig” fine ranking) by default; if the team includes them, their names are anonymised to initials by default, and full names appear only with the legal guardians’ consent. We process minors’ data only with the consent of the legal guardians, which can be withdrawn at any time. We process as little data as possible.

8. Retention period

We store account data for as long as your account exists. When you delete your account (Art. 17 GDPR), account and sign-in data are deleted; you can choose to have your roster entry anonymised at the same time (a neutral placeholder instead of your name, personal details removed), for example when you leave the team entirely. Team-fine entries cannot be deleted, for reasons of auditable bookkeeping; like the attendance history, they are retained without any personal reference after anonymisation. Session and log data are deleted automatically after a short period.

9. Cookies

We use only strictly necessary cookies required for sign-in and secure operation (in particular a session cookie). We set no tracking, statistics or marketing cookies; a cookie banner is therefore not required.

10. Your rights

You have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). You may withdraw any consent given at any time with effect for the future. You can exercise access, portability and erasure directly in the app: when signed in, “My data” offers the JSON data export and account deletion. For everything else — or if you don't (or no longer) have an account — an informal message to [E-Mail — VOR LAUNCH SETZEN] is sufficient.

11. Right to lodge a complaint

Without prejudice to other remedies, you have the right to lodge a complaint with a data protection supervisory authority — in particular the authority competent for us or the authority of your habitual residence. The authority competent for us is: [Landesdatenschutzbehörde — VOR LAUNCH SETZEN].

12. Changes to this privacy notice

We update this notice when the service or the legal situation changes. The version published here applies; the “last updated” date is shown at the top of the page.