Privacy Policy

Effective date: August 17, 2025

Last updated: August 17, 2025

Welcome to Squadin ("we", "us", or "our"). We are committed to protecting your privacy. This Policy explains how we collect, use, and share data when you use our website, mobile application, and related services ("Services"), including bookings, team creation, organization profiles, championships, and online payments.

1. Who we are & roles

Squadin acts as a Data Controller for processing performed on the Platform. Sports centers and organizations that create championships typically act as independent controllers for their customers' data. The payment provider POK Payments acts as an independent controller for payment data (e.g., PAN/CVV), while sharing only token identifiers and non-sensitive data with us.

2. What data we collect

2.1 Data you provide
  • Account & profile: name, email, phone, photo (optional), preferences.
  • Bookings: time, date, center/field, preferences.
  • Teams & Organizations: team name, role, invitations, organization name, rules, championship regulations.
  • Communications: messages, comments, support requests.
2.2 Automatically collected data
  • Usage & device data: IP address, device identifier, OS, browser type, technical logs.
  • Cookies & similar technologies: for functionality, analysis, and personalization (see section 8).
2.3 Data from third parties

We may receive data from centers/organizations where you receive services, from analytics providers, or notification services (e.g., push/email).

3. How we use the data

  • Service provision: bookings, team management, championship registration, rankings/results.
  • Payments: transaction initialization and verification with POK Payments; management of tokenized methods.
  • Communications: confirmations, operational notifications, reminders, match/championship notifications.
  • Security & abuse: fraud prevention, auditing, security logs.
  • Improvement: usage analysis, feedback, feature testing.
  • Legal obligations: compliance with law and record retention.

4. Payments & tokenized methods

Online payments are processed by POK Payments. We do not store PAN or CVV and do not have access to them. POK processes card data according to PCI DSS and returns a payment token.

For convenience, you may choose to save a payment method in your account in token form. We may store: token identifier, card brand, last four digits, expiration month/year, and cardholder name. This data is non-sensitive and used only for visual identification and to initiate payments authorized by you (e.g., championship registration fee). You can delete these methods at any time.

5. Legal basis for processing (GDPR)

  • Contract performance: provision of booking, team, championship services.
  • Legitimate interest: account security, abuse prevention, service improvement.
  • Legal obligation: retention of financial/billing records, response to authorities.
  • Consent: non-essential cookies, marketing communications, payment method storage as a convenience option.

6. Data sharing

  • Centers/Organizations: booking/registration data shared as applicable.
  • POK Payments: for payment processing; POK acts as independent controller for card data.
  • Technical providers: hosting, analytics, push/email notifications, support — with confidentiality agreements.
  • Law & security: when required by law or to protect our and users' rights.
  • Business transactions: merger/acquisition; you will be notified of ownership change.

7. Retention

Data is retained as long as needed for the above purposes: bookings/finances according to legal deadlines; security logs for a reasonable period; payment tokens until you delete them or they expire. Then anonymized or securely deleted.

8. Cookies & analytics

We use essential cookies for functionality and optional cookies for analytics/marketing based on consent. You can manage preferences from the consent interface or browser settings. Disabling may affect functionality.

9. Push notifications & email

We may send you transactional notifications (e.g., confirmations, match reminders) and, with your consent, marketing communications. You can unsubscribe at any time via the "unsubscribe" link or settings.

10. Children's privacy

Services are not directed to those under 16 years of age. We do not knowingly collect data from children under 16. If discovered, we will promptly delete it.

11. International transfers

Data may be transferred outside your country. When this occurs, we apply adequate protective measures (e.g., standard contractual clauses).

12. Your rights

  • Access, correction, deletion, processing restriction, objection, portability.
  • Consent withdrawal for consent-based processing (e.g., non-essential cookies, marketing, payment method storage).

To exercise them, write to us at the contacts below. We will respond within legal deadlines.

13. Security

We implement technical and organizational measures (encryption, access control, auditing). No method is 100% secure, but we continuously work to increase protection levels.

14. Changes to this Policy

We may update this Policy. New versions are published here and become effective after publication or according to specified notice.

15. How to contact us

Questions or requests about this Policy:

  • Contact form: "Contact us" section in app/website.
  • Email: [email protected]
  • Phone: +355 69 217 9931