Foosball LeaderboardFoosballLB

Privacy Policy

Last updated: 13 May 2026

1. Introduction

This Privacy Policy explains how Foosball Leaderboard ("we", "us", "our") collects, uses, and protects your personal data when you use our application and website ("Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Danish data protection law.

2. Data Controller

The data controller for the processing of your personal data is:

3. Data We Collect

We collect the following categories of personal data:

Account information

  • Email address (used for authentication and account recovery)
  • Username / display name (your chosen alias, shown publicly in your organisation)
  • Password (stored securely by Supabase Auth — we never have access to your plain-text password)
  • Avatar image (optional, stored in Supabase Storage)

Match & performance data

  • Match results, scores, goals, and positions played
  • TrueSkill rating values (mu, sigma, display rating)
  • Win/loss records, streaks, and performance statistics
  • Tournament participation and results
  • Achievement progress and completed achievements
  • Mission completion status

Virtual economy data

  • Coin balance and transaction history
  • Betting history (virtual currency bets and outcomes)
  • Purchased and equipped cosmetic items (titles, avatar frames)

Subscription & payment data

  • Subscription plan and status
  • Stripe customer ID and subscription ID (payment details are processed and stored by Stripe — we do not store card numbers or banking details)

Technical data

  • Push notification subscription endpoints (if you opt in to notifications)
  • Error and crash reports (sent to Sentry for debugging — no personally identifiable information is included by default)
  • Notification preferences (which categories of notifications you have enabled or disabled)

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery — authenticating your account, recording matches, calculating ratings, running leaderboards and tournaments, managing organisations
  • Notifications — sending push notifications you have opted into (match updates, player availability, tournament events)
  • Payments — processing subscriptions and managing billing through Stripe
  • Error monitoring — identifying and fixing bugs via Sentry (no PII is sent)
  • Service improvement — understanding usage patterns to improve features and performance

5. Legal Basis for Processing

We process your data under the following legal bases (GDPR Article 6):

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service you signed up for, including account management, match tracking, ratings, and subscription billing
  • Legitimate interest (Art. 6(1)(f)) — error monitoring and service stability (Sentry), security measures, and fraud prevention
  • Consent (Art. 6(1)(a)) — push notifications (you explicitly opt in and can revoke at any time through notification preferences)

6. Cookies & Local Storage

We use only strictly necessary cookies required for the Service to function. We do not use analytics, advertising, or tracking cookies.

  • Authentication cookies — set by Supabase Auth to maintain your login session
  • Organisation context cookie — stores your active organisation selection so the Service knows which group to display

Because these cookies are strictly necessary for the Service to operate, they do not require consent under the ePrivacy Directive. You can delete them through your browser settings, but doing so will log you out.

The PWA (Progressive Web App) uses a service worker for offline functionality and caching static assets. No personal data is stored in the service worker cache.

7. Data Processors & Sharing

We do not sell your personal data. We share data only with trusted processors who help us operate the Service:

ProcessorPurposeLocation
SupabaseDatabase hosting, authentication, file storageEU / US
StripePayment processing, subscription managementUS
SentryError and crash monitoring (no PII sent)US
VercelApplication hosting and deliveryUS / Global CDN

8. International Transfers

Some of our processors are located in the United States. Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • EU–US Data Privacy Framework (DPF) certification, where applicable
  • Standard Contractual Clauses (SCCs) approved by the European Commission

9. Data Retention

  • Account data — retained for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where retention is required by law.
  • Match & performance data — retained for as long as your account exists. Aggregated and anonymised statistics may be retained after account deletion for leaderboard integrity.
  • Payment data — Stripe retains transaction records in accordance with their privacy policy and applicable financial regulations.
  • Error logs — Sentry retains error reports for up to 90 days.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Data portability — request your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request that we limit how we process your data
  • Withdraw consent — revoke consent for push notifications at any time through your notification preferences

To exercise any of these rights, contact us at contact@foosball-lb.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk

11. Push Notifications

Push notifications are entirely opt-in. When you enable them, your browser generates a push subscription endpoint that we store to deliver notifications. You can manage notification categories (match notifications, looking-for-players alerts, Weekly Tournaments) in your notification preferences, or disable push notifications entirely through your browser settings.

12. Children's Privacy

The Service is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

14. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at: contact@foosball-lb.com