IKSU Badminton

Privacy Policy

Last updated: 29 June 2026

1. Who we are

This application is operated by IKSU Badminton ("we", "us") to manage the club's internal ladder competitions. We are the data controller for the personal data processed through this app under the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

2. What data we collect

When you register and use the app we store:

  • Identity: first name, last name, alias.
  • Contact details: email address and phone number.
  • Authentication: a hashed password (we never see the plain text).
  • Sporting profile: self-assessed skill rating (1–10), competitive class history, free-text experience description, ladder status (active / inactive / pending), assigned division, Elo rating and K-factor.
  • Match data: scheduled and completed match results, set scores, walkover flags, rating-match invites and outcomes.
  • Peer ratings: anonymous 1–10 ratings you give to other players for fair division placement.

3. Why we process your data (legal basis)

  • Contract / legitimate interest (Art. 6(1)(b) and (f) GDPR):to run the ladder, schedule matches, calculate ratings and standings, and let you sign in to your account.
  • Consent (Art. 6(1)(a) GDPR): for showing your contact details (email, phone) to other active players in your ladder. You give this consent when you accept this policy at registration and can withdraw it at any time by contacting an admin.

4. Who can see your data

  • All visitors can see your alias, ladder status, division and rating on public standings.
  • Other signed-in active players in your ladder can also see your name, email and phone number, so they can contact you to schedule matches.
  • Pending and inactive players cannot see contact details.
  • Admins can see all data you have submitted, including your self-rating and experience description, to manage divisions and approve membership requests.
  • Peer ratings are anonymous to other players; admins can see aggregated values to inform division placement.

5. Where your data is stored

Data is stored in our managed database backend (Supabase, hosted in the EU) and served through Cloudflare's global edge network. We do not sell your data and do not use it for advertising.

6. How long we keep your data

We keep your account for as long as you are a member of the club. When you ask to be removed, your player profile is archived (soft-deleted) so that historical match results and Elo history remain consistent, but your name, email and phone number are removed from active listings and you can no longer sign in. You can request full erasure (see Section 7).

7. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to processing;
  • receive your data in a portable format;
  • withdraw consent at any time;
  • lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), at imy.se.

To exercise any of these rights, contact a club admin through the app or in person.

8. Security

Access to data is protected by authentication, row-level security policies and TLS encryption in transit. Passwords are stored only as salted hashes.

9. Changes to this policy

We may update this policy when the app changes. Material changes will be announced in the app.