Privacy Policy

We collect the following personal data when you use MatchPoint:

• Account data: name, email address, username
• Profile data: sport preferences, skill level, bio, city
• Location data: GPS coordinates (only when you enable nearby player search)
• Match data: challenge history, results, ELO ratings
• Booking data: court reservations and payment confirmations
• Messages: direct messages and match chat with other players
• Device data: FCM push token for notifications
• Usage data: app interactions for improving the service

Your data is used exclusively to provide the MatchPoint service:

• Matchmaking: helping you find and challenge nearby players
• Rankings: calculating and displaying ELO ratings
• Court booking: processing reservations and sending confirmations
• Notifications: alerting you to challenges, messages, and bookings
• Safety: enforcing community guidelines and resolving disputes

We do not use your data for advertising or sell it to third parties.

We share limited data only as required to provide the service:

• Other players: your name, ELO rating, and city are visible based on your privacy settings. Match results are shared with your opponents.
• Supabase: our database and auth provider (servers in EU region).
• Firebase: push notification delivery via Google Firebase Cloud Messaging.
• Stripe: payment processing for court bookings (we never store card data).

We never sell your personal data to third parties.

Your data is stored on Supabase servers with:

• Encryption at rest and in transit (TLS 1.3)
• EU-region hosting by default
• Row-level security policies restricting access
• Regular automated backups
• SOC 2 Type II certified infrastructure

Location access is entirely optional and controlled by you:

• Only requested when you tap "Find nearby players"
• Used to surface players within your chosen radius
• Never shared with other users — they only see your city, not coordinates
• Can be revoked at any time in your device settings

As a user in the European Union or EEA, you have the following rights:

• Access: request a copy of all personal data we hold about you
• Rectification: correct any inaccurate information
• Erasure: delete your account and all associated data
• Portability: export your data in a machine-readable format
• Restriction: limit how we process your data
• Objection: object to specific processing activities
• Complaint: lodge a complaint with your local data protection authority

Exercise these rights by emailing privacy@matchpoint.app.

MatchPoint is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has created an account, please contact us immediately at privacy@matchpoint.app and we will delete the account.

The MatchPoint mobile app does not use cookies. On the web version, we use only technically necessary session tokens. We do not use advertising cookies or third-party trackers.

If we make material changes to this policy, we will notify you via push notification and/or email at least 14 days before the changes take effect. Continued use of MatchPoint after that date constitutes acceptance of the updated policy.

MatchPoint is operated from Athens, Greece (EU).

• Privacy questions: privacy@matchpoint.app
• Data Protection Officer: dpo@matchpoint.app
• Response time: within 30 days (GDPR requirement)