Privacy Policy
This Privacy Policy explains what personal data we collect, how we use it, and the choices you have regarding your information.
1. Data Controller
The controller of your personal data is the operator of HoopsHeroStats. You can reach us at privacy@hoopsherostats.com for any privacy-related question.
2. Data We Collect
Account data. Email address, first name, last name, username, city, country, role, profile photo, and subscription plan.
Basketball data. Teams and clubs you create; competitions and seasons you configure; player rosters, including first and last name, date of birth, positions, nationality, and biometric measurements if you choose to record them; match records, including opponents, locations, dates, scores, game actions, and playing time; personal targets and aggregated statistics.
Technical data. Device identifiers, application version, crash reports, and anonymous usage analytics.
3. How We Use Your Data
- To operate the Service — store your data, compute statistics, and synchronise across your devices
- To authenticate you and secure your account
- To process subscription payments when applicable
- To send you notifications related to the Service
- To improve the Service through aggregated, anonymised analytics
- To comply with legal and regulatory obligations
4. Legal Basis for Processing
We process your personal data under the following bases (GDPR Article 6):
- Contract: to provide the Service you signed up for
- Legitimate interests: to secure the Service, prevent abuse, and improve our product
- Consent: for optional communications such as the newsletter; consent can be withdrawn at any time
- Legal obligation: to comply with accounting, tax, and judicial requirements
5. Who Can See Your Data
We do not sell or share your personal data with third parties for marketing purposes. We share data only with:
- Infrastructure providers (Google Cloud / Firebase), which host and operate our back end
- Payment processors, when you purchase a subscription
- Authorities, when required by applicable law
Our list of sub-processors is available on request and may be updated as the Service evolves.
6. International Data Transfers
Our infrastructure providers may store and process data outside the European Economic Area. Transfers rely on Standard Contractual Clauses and on the providers’ certified compliance programs to ensure an adequate level of protection.
7. Retention
- Account data: for as long as your account is active, and up to 30 days after you delete it
- Basketball data: same as account data
- Payment and invoicing data: up to 10 years, to comply with accounting law
- Technical logs: up to 13 months
8. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Delete your data (the “right to be forgotten”)
- Restrict or object to certain processing
- Receive your data in a portable format
- Withdraw consent for optional processing at any time
- File a complaint with a supervisory authority — for users in the European Union, your national data protection authority
Most of these rights can be exercised directly from the settings screen of the app, or by writing to privacy@hoopsherostats.com. We will respond within 30 days.
9. Children
The Service is not directed at children under 13. If you learn that a child under 13 has provided personal data without parental consent, please contact us so we can remove the data.
10. Security
We use industry-standard encryption in transit and at rest, role-based access controls, and audited infrastructure. No system is perfectly secure; we will notify affected users of any breach that poses a material risk to their rights and freedoms, as required by law.
11. Changes to This Policy
We may update this Policy from time to time. When we publish a new version, we will require you to review and re-accept it before continuing to use the Service. The version and the date of your acceptance are recorded with your account.
12. Contact
For privacy questions: privacy@hoopsherostats.com