Privacy Policy

1. Introduction

KlarBeats ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sports club management platform ("Service"). This policy complies with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

The data controller for the processing of personal data is KlarBeats. If you have any questions about this Privacy Policy or our data practices, please contact us through the contact information provided at the end of this policy.

3. Information We Collect

3.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Email address, password, first name, last name
• Profile Information: Display name, profile picture (if provided)
• Organization Data: Organization name, description, and related information
• Content: Data you upload, post, or transmit through the Service, including player information, game data, evaluations, and messages
• Communication Data: Information you provide when contacting us for support

3.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

• Usage Data: Information about how you access and use the Service
• Device Information: IP address, browser type, device type, operating system
• Log Data: Access times, pages viewed, features used

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account
• To process your requests and transactions
• To send you service-related communications, including verification emails and security alerts
• To respond to your inquiries and provide customer support
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service
• To analyze usage patterns and improve user experience

5. Data Storage and Location

Your data is stored securely using the following services:

• Firebase (Google Cloud Platform): We use Firebase for authentication, database storage (Firestore), and file storage. Firebase data is stored in Google Cloud data centers, which may be located in the European Union or other regions as configured.
• Google Cloud Functions: We use Google Cloud Functions for server-side processing. These functions process data but do not store it permanently.

We do not store your data anywhere else. All data is exclusively stored within the Firebase/Google Cloud Platform infrastructure. We do not use third-party analytics services, advertising networks, or other data storage providers.

6. Data Sharing and Disclosure

We do not share, sell, or rent your personal data to third parties. We may disclose your information only in the following limited circumstances:

• Service Providers: We may share information with service providers who assist us in operating the Service (e.g., Firebase/Google Cloud Platform), but only to the extent necessary to provide the Service. These providers are bound by strict confidentiality obligations.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred, but we will notify you and ensure the same privacy protections apply.
• With Your Consent: We may share information with your explicit consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Secure authentication and authorization mechanisms
• Regular security assessments and updates
• Access controls and audit logs
• Firebase security rules to protect database access

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of Access: You have the right to request access to your personal data and receive a copy of the data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: You have the right to request restriction of processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing of your personal data under certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us using the contact information provided at the end of this policy. We will respond to your request within one month.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal purposes.

10. Cookies and Tracking Technologies

We use essential cookies and similar technologies to provide and improve the Service. These technologies are necessary for authentication, security, and basic functionality. We do not use third-party advertising cookies or tracking pixels.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. International Data Transfers

Your data may be processed and stored in data centers located outside the European Economic Area (EEA) as part of Firebase/Google Cloud Platform services. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Google Cloud Platform's compliance with GDPR and data protection standards
• Firebase's data processing agreements

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your rights under GDPR, please contact us:

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates GDPR. In Germany, the relevant supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit).