Privacy Policy

1. Introduction

Atletiq ("we", "us", or "our") is committed to protecting the privacy of all users of our youth sports club management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

As a platform that handles data relating to children (youth players), we take our responsibilities under the General Data Protection Regulation (GDPR) and other applicable data protection laws extremely seriously.

2. Data Controller

The data controller for the Atletiq platform is:

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, phone number, organization details
• Staff Information: Names, contact details, roles, certifications, employment information
• Player Information: Names, dates of birth, contact details, emergency contacts, positions, jersey numbers
• Guardian Information: Names, relationship to player, contact details
• Medical Information: Allergies, medical conditions, medications (stored with enhanced encryption)
• Payment Information: Billing details processed securely via Stripe

3.2 Information Collected Automatically

• Device and browser information
• IP addresses
• Usage data and analytics
• Cookies and similar technologies

4. Children's Data (GDPR Article 8)

Our platform processes personal data of children (youth athletes). We recognize the special protections required for children's data under GDPR Article 8 and other child protection regulations.

• We require parental/guardian consent before processing children's personal data
• Parents/guardians can review, modify, or request deletion of their child's data at any time
• We implement enhanced security measures for children's data
• We only collect data that is necessary for the operation of youth sports activities
• Medical data for children is encrypted and access is restricted to authorized personnel only

5. How We Use Your Information

We use the information we collect to:

• Provide and maintain our sports club management service
• Manage team rosters, training sessions, and match schedules
• Track attendance and player development
• Facilitate communication between staff, players, and guardians
• Process payments and manage subscriptions
• Ensure player safety through medical information access during emergencies
• Comply with legal obligations including safeguarding requirements
• Improve our services and develop new features

6. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract: Processing necessary for the performance of our service agreement
• Consent: Where you have given explicit consent, particularly for children's data and marketing communications
• Legitimate Interests: For improving our services and ensuring security
• Legal Obligation: To comply with safeguarding requirements and other legal obligations

7. Data Sharing and Third Parties

We may share your information with:

• Auth0: Authentication services (EU data center)
• Stripe: Payment processing (PCI-DSS compliant)
• MailerSend: Email communications
• Google Cloud: Cloud infrastructure (EU region)

All third-party processors are GDPR-compliant and have signed Data Processing Agreements (DPAs) with us.

8. Data Security

We implement robust security measures including:

• AES-256 encryption for sensitive data (messages, medical information)
• Secure password hashing using bcrypt
• Role-based access control (RBAC) with field-level permissions
• Multi-tenant data isolation
• Regular security audits and updates
• HTTPS encryption for all data in transit

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Active account data: Retained while your account is active
• After account deletion: Data is deleted within 30 days
• Legal requirements: Some data may be retained longer if required by law
• Backup data: Removed from backups within 90 days of deletion request

10. Your Rights (GDPR Articles 15-22)

Under GDPR, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate personal data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restrict Processing (Article 18): Limit how we use your data
• Right to Data Portability (Article 20): Receive your data in a portable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@atletiq.io.

11. International Data Transfers

Your data is primarily stored and processed within the European Union. Where data transfers outside the EU are necessary, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions where applicable
• Binding Corporate Rules for third-party processors

12. Cookies

We use cookies and similar technologies to provide and improve our service. Essential cookies are required for the platform to function. We may use analytics cookies to understand how our service is used.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

15. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your local authority at https://edpb.europa.eu.