DE AT Get started

Privacy Policy

As of: March 2026

1. Privacy at a glance

The following information provides a simple overview of what happens to your personal data when you visit this website or use our application. Personal data is any data that can be used to personally identify you.

2. Data controller

Christian Jäkl e.U.
Nesslbachweg 17
9551 Tschöran
Austria
Email: support@turniermeister.at

3. Hosting

Our website and application are hosted on a server in Germany. The server is operated by us. When you visit the website, the following information is automatically stored in server log files:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Time of the server request

Server log files are automatically deleted after 14 days. This data is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in error-free operation).

4. Contact form

When you send us a message via the contact form on our website, the following data is transmitted:

  • Name
  • Email address
  • Message text

This data is used exclusively to process your enquiry and is not shared with third parties. The data is deleted after your enquiry has been resolved, unless statutory retention obligations apply. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

5. Authentication (Clerk)

For registration and login in our application, we use Clerk (Clerk, Inc., USA). Clerk enables login via:

  • Google account (OAuth)
  • Apple account (OAuth)
  • Email address

The following data is transmitted to or processed by Clerk:

  • Email address
  • First and last name
  • Profile picture (if provided by the OAuth provider)
  • Clerk user ID

Clerk stores this data on servers in the USA. The Clerk Privacy Policy applies. Data transfer to the USA is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Bot protection (Cloudflare Turnstile)

To protect our contact form and authentication endpoints from automated requests (bots, spam, brute-force), we use Cloudflare Turnstile, a service provided by Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). Turnstile is used in two contexts:

  • Website contact form: When you submit the contact form, a Turnstile check runs in the background.
  • Registration and sign-in: Our authentication provider Clerk (see section 5) triggers a Turnstile check on suspicious requests.

The following data is transmitted to Cloudflare:

  • IP address
  • User agent and browser characteristics (e.g. screen resolution, language settings)
  • Anonymised behavioural signals from your interaction (mouse/keyboard signals)
  • Cookie/token data used to verify the challenge

Cloudflare processes this data exclusively for bot mitigation and, according to its own statements, does not share personal data with third parties. Data is processed on servers worldwide, including in the USA. The Cloudflare Privacy Policy applies. Data transfer to the USA is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in defending against abusive requests and the secure operation of our service).

7. Data we store

In our database (PostgreSQL, server in Germany) we store the following personal data:

  • User ID, first and last name, email address
  • Profile picture URL
  • Selected plan (Basic, Pro, Premium) and subscription status
  • Payment information: Mollie customer ID, subscription ID, payment timestamps
  • Registration date, trial expiration date, plan expiration date
  • User settings (e.g. display preferences)
  • Tournament data: tournaments, schedules, results, teams, participants
  • Tournament templates

This data is stored for as long as your account exists. When you delete your account, all personal data is immediately anonymised and subsequently fully deleted (see section 15). Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

8. Payment processing (Mollie)

For payment processing, we use Mollie (Mollie B.V., Netherlands). When making a purchase or subscription, you are redirected to Mollie's checkout page. Mollie processes:

  • Email address
  • Payment information depending on the chosen payment method
  • Customer ID and subscription ID

The following payment methods are available: credit and debit card, Apple Pay, PayPal, eps, SEPA bank transfer, Google Pay, SEPA direct debit and Pay by Bank.

We do not store any credit card numbers or bank details. Mollie processes data on servers in the EU. The Mollie Privacy Policy applies. Legal basis: Art. 6(1)(b) GDPR (contract performance).

9. Real-time communication (WebSocket)

For live updates of tournament results, we use WebSocket connections (Socket.IO). Tournament data is transmitted in real time between server and browser. No additional personal data is collected.

10. Web analytics

With your consent, we collect anonymous usage data on our website to improve our service. The following information is collected:

  • Page views and clicks on links to the application
  • Anonymous visitor ID and session ID
  • Referral information (referrer, UTM parameters, landing page)
  • Device information (browser, language)

This data is stored in your browser (localStorage and sessionStorage) and transmitted to our own server in Germany. No data is shared with third parties. The data is not personally identifiable and cannot be attributed to any individual.

Analytics only runs after you have given explicit consent via the consent banner. You can withdraw your consent at any time by clicking "Cookie settings" in the footer – the banner will be shown again and any stored analytics data will be deleted. Legal basis: Art. 6(1)(a) GDPR (consent).

11. Local storage (localStorage)

We store the following in your browser's localStorage:

  • Theme preference (light/dark mode) – technically necessary
  • Consent status (consent banner) – technically necessary
  • Anonymous analytics data (only with consent, see section 10)

Technically necessary data does not leave your browser and can be deleted at any time via your browser settings.

12. Cookies

Our application uses cookies from Clerk for authentication (session management). These are technically necessary and cannot be disabled without limiting functionality. We do not use advertising or tracking cookies.

13. Your rights (Art. 15–21 GDPR)

You have the right at any time to:

  • Access (Art. 15 GDPR) – What data we have stored about you
  • Rectification (Art. 16 GDPR) – Correction of inaccurate data
  • Erasure (Art. 17 GDPR) – Deletion of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) – Export of your data in a common format
  • Objection (Art. 21 GDPR) – Against processing based on legitimate interests

To exercise your rights, contact us at support@turniermeister.at.

14. Right of withdrawal

Where the processing of your personal data is based on consent, you have the right to withdraw that consent at any time. The lawfulness of processing carried out prior to the withdrawal remains unaffected. You can declare your withdrawal by email to support@turniermeister.at or by clearing your browser data.

15. Data deletion

When you delete your account, all personal data is immediately anonymised (name, email, profile picture). A daily cleanup process then fully deletes the entire record including all tournament data. Data held by third-party providers (Clerk, Mollie, Cloudflare) is handled according to their respective privacy policies.

16. Data security

Communication between your browser and our servers is exclusively encrypted via HTTPS/TLS. Access to our servers is protected by firewalls and SSH keys.

17. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Austria is:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
www.dsb.gv.at

18. Changes

We reserve the right to update this privacy policy to reflect changes in the law or our service. The current version is always available on this page.