Back to Setamatch

Privacy Policy

Last updated: January 2025

Privacy at a Glance

Biometric Security

Your biometric data never leaves your device

Data Protection

We use industry-standard encryption

Transparency

Clear control over your data

Minimal Collection

We only collect what's necessary

1. Information We Collect

Account Information

  • Email address and name
  • Profile information (nickname, skill level)
  • Authentication preferences
  • Tournament participation history

Authentication Data

🔐 Passkey/FIDO2 Authentication

  • Biometric data: Never collected or stored by us - remains on your device
  • Public keys: Mathematical keys that work only with your biometrics
  • Device metadata: Device type and authentication method for security
  • Usage logs: When passkeys are used for security monitoring

OAuth Authentication

When you sign in with Google, Apple, or other providers:

  • Email address and basic profile information
  • OAuth provider identifier (for account linking)
  • Profile picture (if you choose to share)

2. How We Use Your Information

Primary Uses

  • Provide and improve our tournament management services
  • Authenticate your identity and secure your account
  • Facilitate tournament registration and participation
  • Send important service-related communications
  • Prevent fraud and ensure platform security

Authentication Security

  • Monitor for suspicious authentication attempts
  • Analyze authentication patterns for security improvements
  • Provide multi-factor authentication options
  • Ensure compliance with security standards (FIDO2, OAuth)

3. Data Sharing and Disclosure

🚫 What We DON'T Share

  • Your biometric data (it never leaves your device)
  • Your personal information for marketing purposes
  • Your data with third parties for profit
  • Authentication credentials or passwords

Limited Sharing

We may share information only in these specific cases:

  • Service Providers: Trusted partners who help operate our platform (e.g., hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Tournament Organizers: Basic tournament participation information (with your consent)
  • Security: To prevent fraud or abuse of our platform

4. Data Security and Protection

Technical Safeguards

🔒 Encryption

  • • HTTPS/TLS for all communications
  • • AES-256 encryption for stored data
  • • Hardware security modules

🛡️ Access Controls

  • • Multi-factor authentication for staff
  • • Role-based access controls
  • • Regular security audits

FIDO2/Passkey Security

  • Local Processing: Biometric verification happens entirely on your device
  • Cryptographic Keys: We only store public keys, never private keys
  • Hardware Backing: Passkeys are protected by device security hardware
  • Phishing Resistant: Impossible to steal or replay passkey authentication

5. Your Rights and Choices

Data Rights (GDPR/CCPA)

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a standard format
  • Restriction: Limit how we process your data

Authentication Choices

  • Choose your preferred authentication method (email, OAuth, passkeys)
  • Add or remove passkeys from your account anytime
  • Disable OAuth connections if you prefer email authentication
  • Control which biometric methods to use on your device

6. Data Retention

Account Data: Retained while your account is active and for 30 days after deletion for recovery purposes.

Authentication Logs: Security logs kept for 90 days for fraud prevention and security monitoring.

Passkey Data: Public keys deleted immediately when you remove a passkey from your account.

Legal Requirements: Some data may be retained longer if required by law or for legal disputes.

7. International Data Transfers

Setamatch operates globally and may transfer your data to countries outside your residence. When we do this, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses for EU data transfers
  • Adequacy decisions where available
  • Equivalent data protection standards

8. Children's Privacy

Setamatch is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you a direct notification.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

Email: privacy@setamatch.com

Data Protection Officer: dpo@setamatch.com

Address: [Your Company Address]

This policy helps ensure your privacy rights are protected while using Setamatch.

Terms of ServiceContact Us