Padelgram – Privacy Policy (GDPR & EAA Compliant)

Last updated: January 3, 2026

1. Introduction

Welcome to Padelgram (“Padelgram”, “we”, “our”, or “us”). This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you access or use our mobile applications, websites, dashboards, APIs, and related services (the “Services”). By using the Services, you acknowledge that you have read, understood, and agreed to this policy.

2. Scope

This policy applies to:

Individual users (players, spectators, visitors)
Registered users (free or paid)
Clubs, organisations, and business accounts
Administrators and staff of clubs
Visitors to our website
Users of our APIs, dashboards, and internal tools

It applies regardless of whether the Services are accessed via mobile app, web browser, or third‑party integration.

3. Definitions

Controller: The legal entity that determines the purposes and means of processing personal data.
Processor: An entity that processes personal data on behalf of a controller.
Data subject: Any individual whose personal data is processed.
Personal data: Any information that relates to an identified or identifiable natural person.
Services: Padelgram mobile apps, websites, dashboards, APIs, and any related features.

4. Information We Collect

We may collect the following categories of data:

4.1 Personal Information

Full name, email address, and contact details
Username or profile name
Account identifiers and authentication tokens
Profile information you voluntarily provide

4.2 Business / Club Information

Club or organisation name
Business contact details
Location and operational information
Administrative user data
Billing or subscription metadata

4.3 Authentication & Account Data

Encrypted login credentials and authentication data
Identity provider information (e.g., email‑based login or third‑party providers)

4.4 Usage & Analytics Data

App interactions and events
Pages or screens viewed
Feature usage patterns
Date and time of access

4.5 Technical & Device Data

IP address
Browser type and version
Operating system and device identifiers
Crash logs and performance metrics

4.6 User‑Generated Content

Scores, matches, posts, comments, images, or other content submitted through the Services
Public or private profile data
Administrative configurations created by clubs

5. Legal Bases for Processing

Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following legal bases for processing personal data:

Performance of a contract: To provide, operate, and maintain the Services you have requested.
Legitimate interests: For purposes such as improving our Services, ensuring security, and preventing fraud.
Consent: When you have given us permission to process your data for specific purposes.
Compliance with legal obligations: To comply with applicable laws and regulatory requirements.

6. European Accessibility Act (EAA)

The European Accessibility Act requires that digital products and services be accessible to individuals with disabilities by June 28, 2025 (European Accessibility Act Compliance: What’s Next for GDPR). We are committed to designing and maintaining our Services in accordance with relevant accessibility standards (such as WCAG and EN 301 549) to ensure that all users can access and use Padelgram without barriers.

7. How We Use Your Information

We use personal data to:

Provide, operate, and maintain the Services
Authenticate users and manage accounts
Enable club and business functionality
Process subscriptions and usage-based features
Personalise user experience
Analyse usage and improve performance
Ensure platform security and prevent fraud
Communicate service updates and support messages
Comply with legal and regulatory obligations

8. Data Sharing & Disclosure

We do not sell personal data. We may share data only with:

Service providers (hosting, authentication, analytics, infrastructure) under appropriate agreements
Payment processors (if applicable)
Legal authorities when required by law or to protect rights
Business partners strictly as necessary to provide the Services

All third parties are contractually obligated to protect user data and adhere to relevant privacy laws.

9. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence. We apply appropriate safeguards (such as Standard Contractual Clauses) to ensure that international data transfers comply with GDPR requirements.

10. Data Retention

We retain personal data only as long as necessary to:

Provide the Services
Fulfil contractual obligations
Comply with legal requirements
Resolve disputes
Enforce agreements

Users may request deletion of their data, subject to legal or operational retention requirements.

11. Data Security

We implement industry-standard technical and organisational measures, including:

Secure authentication mechanisms
Encrypted data transmission
Access control and role-based permissions
Monitoring and logging of system access

No system is 100% secure; however, we work to protect your data against unauthorised access, alteration, disclosure, or destruction.

12. User Rights

Depending on your jurisdiction, you may have the right to:

Access your personal data
Rectify inaccurate data
Request data deletion
Restrict or object to processing
Request data portability
Withdraw consent at any time

To exercise these rights, contact us using the details below. We will respond in accordance with applicable laws.

13. Children’s Privacy

The Services are not intended for children under the age of 13. We do not knowingly collect personal data from children. If such data is identified, it will be deleted promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective upon publication with an updated “Last updated” date. Continued use of the Services constitutes acceptance of the updated policy.

15. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy, please contact us:
Email: support@padelgram.app
Website: https://padelgram.app

Enterprise Privacy Addendum

This addendum supplements the above Privacy Policy and applies when Padelgram engages with financial institutions, large enterprises, or regulated industries requiring enhanced privacy and security assurances.

E1. Roles and Responsibilities

Padelgram acts as a data processor for data supplied by enterprise clients and as a data controller for platform-level user data.
Enterprise clients are responsible for ensuring that any personal data they upload or manage through the Services is collected and processed in compliance with applicable laws.

E2. Data Classification and Handling

Enterprise data is classified according to sensitivity (e.g., public, internal, confidential, restricted).
Appropriate safeguards, encryption, and access controls are applied based on classification.

E3. Regulatory Compliance

The Services are designed to support compliance with GDPR, EAA, and other applicable regulations. Enterprise clients remain responsible for sector-specific requirements (e.g., financial regulations).
Upon request, we can provide documentation regarding our security posture and compliance controls.

E4. Subprocessors and Third Parties

We maintain a list of subprocessors used to deliver enterprise services. All subprocessors are bound by contractual obligations to protect data and comply with privacy laws.
Enterprise clients will be notified of any changes to subprocessors that may materially affect their data.

E5. Audits and Assessments

Enterprise clients may request information about our security controls and may perform reasonable audits subject to confidentiality agreements.
We regularly review our policies, procedures, and technical measures to ensure ongoing compliance.

E6. Incident Response

We maintain an incident response plan to detect, respond to, and mitigate data breaches or security incidents.
In the event of a data breach affecting enterprise data, we will notify affected clients without undue delay and provide relevant details in accordance with applicable laws.

E7. Limitation of Liability

Our liability for any privacy or data protection breaches is limited as outlined in our contractual agreements. Enterprise clients should ensure they understand and agree to these terms before engaging with our Services.

E8. Governing Law and Dispute Resolution

This addendum shall be governed by and construed in accordance with the laws specified in the governing contracts between Padelgram and the enterprise client.
Any disputes arising under this addendum shall be resolved through the mechanisms set out in the applicable agreements.

End of document.