Sport TrackingSign in
← Back to home

Privacy Policy

Last updated: 21 May 2025

1. Data Controller

Sport Tracking is the data controller responsible for the personal data processed through this Service. If you have questions about how your data is handled, please contact us at privacy@sporttracking.app.

This Privacy Policy applies to all users of the Service, including coaches, club administrators, parents, guardians, and athletes. It explains what data we collect, why we collect it, how we use it, and what rights you have.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (stored as a secure hash), and account status
  • Athlete profile data: name, date of birth, gender, sport disciplines, and a profile photo (optional)
  • Performance data: athletic test results, competition results, training session completions, and performance scores
  • Training data: assigned training programs, session records, and self-reported feedback (e.g. difficulty rating, energy level)
  • Usage data: log data, IP addresses, browser type, and pages visited, collected automatically when you use the Service

3. Special Category Data

Athletic performance data — including physical test results, injury notes, and training feedback — may in some contexts qualify as data concerning health under Article 9 of the GDPR. We treat all athlete performance data with an equivalent level of care and protection.

We process such data only to provide the Service as described in this policy, and we do not use it for profiling, advertising, or any purpose unrelated to sports performance tracking.

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract (Art. 6(1)(b) GDPR): Processing necessary to provide the Service you have signed up for, including account management and storing athlete results
  • Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests in operating and improving the Service, such as security monitoring and service analytics — balanced against your rights
  • Consent (Art. 6(1)(a) GDPR): Where we ask for your consent, such as for optional features or communications beyond the core service
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with applicable law

5. How We Use Your Data

We use collected data to:

  • Create and manage your account and authenticate your identity
  • Store and display athlete performance results and training records
  • Generate performance insights, trend analyses, and coaching recommendations
  • Enable the PIN-gated athlete self-service view for families
  • Send service-related communications such as account approvals and password resets
  • Maintain the security, stability, and integrity of the Service
  • Improve the Service and develop new features

We do not use your data for advertising, and we do not create advertising profiles based on your usage of the Service.

6. Data Sharing and Third Parties

We do not sell or rent your personal data to third parties. We share data only with the infrastructure providers necessary to operate the Service:

  • Supabase: Our database, authentication, and file storage provider. Data is stored on Supabase infrastructure in the EU.
  • Vercel: Our hosting and deployment provider. Processes web traffic and serves the application.
  • Resend: Our transactional email provider, used for account notifications and password reset emails.

All third-party providers are contractually bound to process data only on our instructions and in accordance with GDPR requirements.

We may disclose data if required to do so by law or in response to valid legal process from competent authorities.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it for longer by law.

Anonymised or aggregated data that cannot be linked back to you may be retained indefinitely for statistical and service improvement purposes.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): You can ask us to delete your personal data, subject to legal retention obligations
  • Right to data portability: You can request your data in a machine-readable format
  • Right to object: You can object to processing based on legitimate interest at any time
  • Right to restrict processing: You can ask us to limit how we use your data in certain circumstances
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@sporttracking.app. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at www.imy.se.

9. Children's Data

Sport Tracking is designed to be used by coaches, clubs, and parents to track athlete performance, including athletes under the age of 18. We do not knowingly collect personal data directly from children.

If you are a parent or guardian adding an athlete who is a minor, you confirm that you have the authority to provide their data and consent to its processing for the purposes described in this policy.

Athlete views accessible via PIN link are intentionally limited in scope and do not require the athlete to create an account or submit personal data independently.

10. Cookies

We use cookies and similar technologies for the following purposes:

  • Session cookies: Required to keep you logged in during your session. These are essential and are deleted when you close your browser.
  • Authentication cookies: Set by Supabase to maintain your authenticated session across page loads. These persist for the duration of your login session.

We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is shown because the only cookies we set are strictly necessary for the Service to function.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. These include encrypted data transmission (HTTPS), hashed password storage, row-level security policies in our database, and restricted access to production systems.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@sporttracking.app.

12. Contact and Data Protection

For all privacy-related enquiries, requests, or complaints, please contact us at:

privacy@sporttracking.app

We aim to respond to all requests within 30 days. For complex requests we may extend this period by a further two months, in which case we will inform you within the first 30 days.