Privacy Policy

Last updated: April 2026

1. Introduction

ClubDeck ("we", "us", "our"), operated by ClubDeck (jlehtimaki.fi), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our sports club management platform ("the Service").

This policy applies to all users of the Service, including administrators, coaches, players, and guardians. We are based in the European Union and process data in accordance with the General Data Protection Regulation (GDPR).

2. Data We Collect

Account Information

When you create an account, we collect:

• Name and email address
• Authentication credentials (managed via Firebase Authentication)
• Role within your organization (admin, coach, player, guardian)

Club and Team Data

When you use the Service, you or your club administrators may provide:

• Organization and team names
• Player profile information (name, position, jersey number, skill ratings)
• Event and schedule data
• Availability responses
• Chat messages and team communications
• Lineup and team configuration data

Payment Information

If you use billing features, payment processing is handled by Stripe. We do not store credit card numbers or full payment credentials. Stripe collects and processes payment data in accordance with Stripe's Privacy Policy. We receive limited transaction information (amount, status, last four digits of card) for record-keeping.

Usage Data

We automatically collect:

• IP address and approximate location (country level)
• Browser type and device information
• Pages visited and features used
• Timestamps of access

3. How We Use Your Data

We use your data to:

• Provide, maintain, and improve the Service.
• Authenticate your identity and manage account access.
• Enable club management features (rosters, scheduling, communication).
• Process billing and invoicing through Stripe.
• Send transactional notifications (event reminders, availability requests).
• Monitor and ensure the security and stability of the Service.
• Comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising or profiling purposes.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide the Service you have signed up for.
• Legitimate interest: Improving the Service, ensuring security, and preventing abuse.
• Consent: Where we request your explicit consent for specific processing activities.
• Legal obligation: Where we are required to process data by applicable law.

5. Data Sharing

We share your data only in the following circumstances:

• Within your club: Club administrators and coaches can see member data relevant to team management. Other team members can see your name, position, and availability as needed for team coordination.
• Service providers: We use third-party services to operate the platform, including Firebase (authentication), Stripe (payments), and cloud infrastructure providers. These providers process data on our behalf under data processing agreements.
• Legal requirements: We may disclose data if required by law, regulation, or legal process.

We do not share your data with third parties for their own marketing purposes.

6. Data Storage and Security

Your data is stored on servers within the European Union. We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) and at rest.
• Access controls and authentication for all systems.
• Regular security reviews.

While we take reasonable precautions, no system is completely secure. You are responsible for maintaining the security of your account credentials.

7. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

• Account data: Retained while your account is active, deleted within 90 days of account deletion.
• Club and team data: Retained while the associated organization is active.
• Chat messages: Retained while the associated team exists.
• Billing records: Retained for up to 7 years to comply with financial record-keeping obligations.
• Usage logs: Retained for up to 12 months.

8. Your Rights (GDPR)

As a data subject in the EU, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Request an export of your data in a structured, machine-readable format.
• Restriction: Request that we limit how we process your data.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@clubdeck.jlehtimaki.fi. We will respond within 30 days.

9. Children's Privacy

ClubDeck supports guardian accounts for junior teams. Personal data of minors (under 16) should only be entered by their parent or legal guardian. We do not knowingly collect data directly from children under 16 without guardian involvement.

10. Cookies

The marketing site (clubdeck.jlehtimaki.fi) does not use cookies or tracking scripts.

The application (app.clubdeck.jlehtimaki.fi) uses essential cookies and local storage for authentication and session management. These are strictly necessary for the Service to function and do not require consent under GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy and updating the "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at:

privacy@clubdeck.jlehtimaki.fi