Privacy Policy

Last updated: 2026-06-28

Protecting your personal data matters to us. Here we explain which data we process when you use ShariScore, for what purpose, on what legal basis – and what rights you have.

1. Controller

The controller responsible for data processing on this website is:

Code Point UG (haftungsbeschränkt)

Badersfelderstr. 6

85716 Unterschleißheim

Germany

Represented by: Giuseppe Clinaz (Managing Director)

Email: contact@shariscore.com

If you have any questions about data protection, you can reach us at any time at the email address above.

2. Your rights

At any time you have the right to:

  • access to the data stored about you (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure of your data (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to the processing (Art. 21 GDPR)
  • withdraw a given consent with effect for the future (Art. 7 (3) GDPR)

You may also lodge a complaint with a data protection supervisory authority (Art. 77 GDPR, see section 16).

3. Waitlist (pre-launch registration)

If you join our waitlist before launch, we process your email address to notify you once about the launch of ShariScore. We use a double opt-in procedure: after you sign up we send you an email with a confirmation link. Only when you click it do we add you to the waitlist.

As proof of your consent we additionally store the IP address and the time of your sign-up and confirmation, the chosen language, and the exact wording of the consent. This information is used solely to document and carry out the confirmation procedure.

The legal basis is your consent (Art. 6 (1)(a) GDPR). You can withdraw it at any time with effect for the future – via the unsubscribe link in every email or by contacting us. After launch or after your withdrawal we delete your waitlist data, unless a statutory retention obligation applies.

4. Contact form & email

If you contact us via the contact form or by email, we process the data you provide (name, email address, subject, and message) in order to answer your enquiry. The legal basis is our legitimate interest in answering your enquiry (Art. 6 (1)(f) GDPR) or, where a contract is involved, Art. 6 (1)(b) GDPR. We store these messages until your enquiry has been dealt with and delete them afterwards, unless retention obligations apply.

5. User account & registration

To use the app you create an account. In doing so we process your email address, a password stored only in encrypted form (a hash, never in plain text), your name, and your club and role assignment. We need this data to provide the Service (Art. 6 (1)(b) GDPR). You can delete your account at any time in the account settings; we then remove your personal data, unless statutory retention obligations apply.

6. Player and match data

When scoring we process player names, scores, timestamps, and table/match settings as well as – where stored – player profiles, nicknames, profile pictures, and ratings. This data is necessary to operate the Service (Art. 6 (1)(b) and (f) GDPR). Profiles or rankings are shown publicly only if the club or the person concerned has expressly agreed (Art. 6 (1)(a) GDPR).

7. Server log files

Each time our website is accessed, our server automatically collects technical data transmitted by your browser: IP address, date and time, the address requested, the amount of data transferred, browser type, and operating system. This data serves the secure and stable operation of the site and is not combined with other data. The legal basis is our legitimate interest in IT security and stability (Art. 6 (1)(f) GDPR). It is automatically deleted after a short time.

8. Cookies

We use only technically necessary cookies – for example to store your login (session) and your language choice. These are required to operate the website, so no consent is needed (§ 25 (2) TDDDG, Art. 6 (1)(f) GDPR). We do not use any tracking, analytics, or advertising cookies and do not embed any external advertising or analytics services.

9. Hosting

Our website and database are operated at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in German data centres. Hetzner processes the data solely on our behalf under a data processing agreement (Art. 28 GDPR). Your data stays in Germany.

10. Email delivery

To send and receive emails (confirmation, account, and service emails) we use the service of Hostinger (Hostinger International Ltd.). The data required for delivery (email address, content) is processed in the process. The legal basis is the performance of a contract or our legitimate interest in reliable delivery (Art. 6 (1)(b) and (f) GDPR).

11. Images & file uploads

Uploaded images (e.g. club logos, profile pictures) are stored in a self-hosted object store on our server in Germany. No external cloud services are used for this.

12. Location search (tournament venues)

For the place and radius search for tournaments we convert entered places or postal codes into coordinates. For this we use the geocoding service “Photon” (operated by Komoot GmbH, Germany), to which the entered search query is transmitted. The legal basis is our legitimate interest in a working location search (Art. 6 (1)(f) GDPR).

13. Payment (paid plans)

If you book a paid plan, the payment is processed by the payment service provider Stripe (Stripe Payments Europe Ltd., Ireland). You enter the payment data directly with Stripe; we ourselves do not store any full payment data such as card numbers. The legal basis is the performance of a contract (Art. 6 (1)(b) GDPR).

14. Disclosure to third parties

We do not sell your data. Disclosure takes place only to the service providers named above, who act on our behalf and according to our instructions (processing on behalf), or where we are legally obliged to do so.

15. Retention period

We store personal data only for as long as is necessary for the respective purpose or as statutory retention periods require. After that the data is deleted or anonymised.

16. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data (Art. 77 GDPR). The authority responsible for our registered office is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany. You may also contact the supervisory authority of your usual place of residence.

17. Changes to this Privacy Policy

We will update this Privacy Policy if the legal situation or our processing changes. The current version published here applies.