Privacy Policy

1. Data Controller

Gabriel Wahle
Niederer Graben 2
77963 Schwanau
Germany

Email: support@spieltag.net

2. Overview of Data Processing

We process personal data in connection with providing our mobile app "Spieltag" (iOS and Android) and our website spieltag.net. This includes in particular:

• Account data (name, email address, nickname)
• Usage data (RSVPs, financial transactions, fine catalog entries)
• Device data (push tokens, crash data)
• Payment data (subscription status, purchase IDs via app store providers)

3. Legal Basis

Personal data is processed on the following legal bases under the GDPR:

• Art. 6(1)(a) GDPR — Consent (e.g. push notifications, AI import)
• Art. 6(1)(b) GDPR — Performance of a contract (e.g. registration, app features, subscriptions)
• Art. 6(1)(f) GDPR — Legitimate interest (e.g. crash reporting, website analytics)

4. Rights of Data Subjects

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority.

5. Registration and Authentication

Using the app requires registration. The following data is collected:

• Email address
• First and last name
• Nickname (optional)
• Profile picture URL (for social login)

Authentication is provided by Firebase Authentication from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Available sign-in methods:

• Email and password
• Google Sign-In
• Apple Sign-In

Data processing occurs on servers in the europe-west3 (Frankfurt, Germany) region. Legal basis: Art. 6(1)(b) GDPR.

6. Database and Storage

All user-related data (player profiles, team data, financial transactions, fine catalog entries, calendar events, RSVPs) is stored in Google Cloud Firestore in the europe-west3 (Frankfurt) region.

Uploaded files (e.g. photos or PDFs for AI fine catalog import) are stored in Firebase Cloud Storage. Server-side logic runs on Firebase Cloud Functions, also in europe-west3.

Data processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Art. 6(1)(b) GDPR.

7. Push Notifications

With your consent, we send push notifications via Firebase Cloud Messaging (FCM) and Apple Push Notification Service (APNs). A device-specific token is generated and stored in your user profile.

You can disable push notifications at any time in your device settings. Legal basis: Art. 6(1)(a) GDPR.

8. Crash and Error Reports

We use Firebase Crashlytics to collect and analyze app crashes. Anonymized device information (device type, OS version) and crash logs are transmitted. No personally identifiable information is collected.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in bug fixing).

9. In-App Purchases and Subscriptions

For subscription management (Spieltag Pro) we use RevenueCat, Inc., 300 Brickstone Square, Suite 201, Andover, MA 01810, USA.

RevenueCat receives purchase IDs and subscription status from the respective app store provider (Apple App Store / Google Play Store). Credit card or bank details are never shared with us or RevenueCat — payment processing is handled exclusively by the app store provider.

Legal basis: Art. 6(1)(b) GDPR.

RevenueCat privacy policy: revenuecat.com/privacy

10. AI Processing (Fine Catalog Import)

Spieltag offers an optional feature to import an existing fine catalog via photo or PDF. The uploaded image or document is sent to the Anthropic API (Claude) to automatically extract the contained rules.

Provider: Anthropic, PBC, 548 Market St, San Francisco, CA 94104, USA.

Submitted data is not permanently stored by Anthropic and is not used to train AI models. Use of this feature is voluntary.

Legal basis: Art. 6(1)(a) GDPR (consent).

Anthropic privacy policy: anthropic.com/privacy

11. External Calendars

Users can provide external calendar URLs (ICS format) to import events. These URLs are fetched server-side to synchronize calendar entries. The URLs are not shared with third parties.

Legal basis: Art. 6(1)(b) GDPR.

12. Website Analytics

Vercel Analytics and Speed Insights

On parts of our website (blog, informational pages) we use Vercel Analytics and Vercel Speed Insights. These services collect anonymized usage data (page views, load times) without the use of cookies.

Provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Privacy policy: vercel.com/legal/privacy-policy

Google Fonts

Our website uses fonts from Google Fonts. When loading the page, a connection to Google servers is established, during which your IP address is transmitted to Google.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: policies.google.com/privacy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in proper display).

13. Data Transfer to Third Countries

Some of the service providers we use are based in the USA. Data transfers are based on:

• EU-US Data Privacy Framework (where the provider is certified)
• Standard Contractual Clauses (Art. 46(2)(c) GDPR)

Affected services: RevenueCat (USA), Anthropic (USA), Vercel (USA).

Firebase/Google services operate in the europe-west3 (Frankfurt, EU) region.

14. Data Retention

Personal data is deleted once the purpose of processing no longer applies. When you delete your account, all associated data is removed unless statutory retention obligations apply.

15. Data Security

We employ technical and organizational measures to protect your data:

• TLS encryption for all data transmissions
• Firebase Security Rules for access control
• Role-based permissions within the app

16. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our services. The current version is always available on this page.

Last updated: May 2026