PADEL HEROES
EN · ES
Get the app

Legal

Privacy Policy

Last updated: May 10, 2026 · Leer en español

Padel Heroes ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect when you use the Padel Heroes mobile applications and related services (the "Service"), how we use it, the legal basis on which we rely, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

0. Data controller

The data controller responsible for your personal data is:

  • Padel Heroes (operating entity)
  • Registered address: to be published before the App Store launch
  • Email: privacy@padelheroes.app

EU representative (Art. 27 GDPR). Where the controller is established outside the European Economic Area, we have designated an EU representative who can be contacted by EU/EEA data subjects and supervisory authorities. Contact: eu-rep@padelheroes.app. The full registered address of our EU representative will be published in this notice prior to public availability of the Service in the EEA.

We are not required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR. For any data-protection question, write to privacy@padelheroes.app.

1. Information we collect

Account information

When you sign up, we collect your phone number for one-time-password (OTP) authentication. You may also provide your name, profile photo, gender, country, and skill level — these are optional but improve the experience.

Match data

We store information about the matches you record — opponents, scores, dates, and the resulting ELO changes. This data powers your stats, the leaderboard, and head-to-head records.

Device & usage

We collect device push tokens (so we can send you notifications), basic device model and OS version (for crash diagnostics), and product analytics events (which screens you visit, which features you use). We do not track your location.

Health data (optional)

If you grant access on Apple Watch, we read heart-rate and active-energy samples during matches. Health data is processed only on your device and within your account; it is never shared with third parties or used for advertising.

2. Purposes and legal basis

We process personal data only where we have a lawful basis under Art. 6 GDPR. The table below maps each purpose to its legal basis:

  • Account creation, authentication, scoring service, leaderboards, head-to-head and team featuresperformance of a contract (Art. 6(1)(b)). You cannot use the Service without this processing.
  • Push notifications (match invites, results, friend requests) — your consent (Art. 6(1)(a)), granted when you enable notifications in your device settings. You can withdraw consent at any time from the OS notification settings.
  • Product analytics (which screens are used) — your consent (Art. 6(1)(a)) where required, otherwise legitimate interest (Art. 6(1)(f)) in improving the Service. Analytics events are not used to build advertising profiles.
  • Crash diagnostics, abuse and fraud prevention, securitylegitimate interest (Art. 6(1)(f)) in keeping the Service safe and reliable.
  • Health data from Apple Watchyour explicit consent (Art. 9(2)(a)), granted via the iOS HealthKit prompt.
  • Compliance with legal obligationsArt. 6(1)(c) where applicable (e.g. responding to lawful requests).

3. Recipients of your data

We do not sell your personal data. We share limited information with:

  • Other players — your name, avatar, country, and stats are visible to other Padel Heroes users via leaderboards, search, and head-to-head views.
  • Service providers (processors) — Amazon Web Services (cloud hosting), Supabase (managed PostgreSQL), an SMS gateway for OTP delivery, and Apple Push Notification service / Firebase Cloud Messaging for notifications. Each processor is bound by a written data-processing agreement under Art. 28 GDPR.
  • Authorities — when required to comply with law, a binding court order, or to protect rights and safety.

4. Transfers outside the EEA

Some of our infrastructure currently runs in the AWS region ap-south-1 (Mumbai, India). India is not the subject of an EU adequacy decision under Art. 45 GDPR. We rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision 2021/914) as the appropriate safeguard under Art. 46(2)(c) GDPR for these transfers, supplemented by encryption in transit (TLS) and at rest.

We are migrating EU user data to an EU-based AWS region (eu-west-1 Ireland or eu-central-1 Frankfurt) as part of our v2 rollout. You can request a copy of the SCCs we have in place by writing to privacy@padelheroes.app.

5. Data retention

We retain your account and match data for as long as your account is active. You may delete your account at any time from the Settings screen; we erase your profile and personal data within 30 days of the request. Aggregated, fully anonymised statistics that no longer identify you may be retained indefinitely.

Server logs and security records are kept for up to 90 days. Records we are required to retain by law (e.g. tax or fraud-related) are kept for the period mandated by the relevant law.

6. Is providing data mandatory?

Your phone number is required to create an account, because we use it for OTP authentication. Without it, we cannot provide the Service. All other fields (name, photo, country, skill level, health data) are optional, and refusing to provide them does not affect your access to the core scoring service — only the corresponding feature will be unavailable.

7. Your rights under GDPR

As a data subject in the EEA, you have the following rights under Articles 15–22 GDPR:

  • Right of access (Art. 15) — obtain confirmation of whether we process your data and a copy of it.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your data; you can also delete your account in-app.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to object (Art. 21) — to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7(3)) at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email privacy@padelheroes.app. We respond within one month (extendable by two further months for complex requests under Art. 12(3) GDPR).

8. Right to lodge a complaint

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. For users resident in Spain, the competent authority is the Agencia Española de Protección de Datos (AEPD):

  • Website: https://www.aepd.es
  • Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
  • Phone: +34 901 100 099 / +34 912 663 517

You may also lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.

9. Automated decision-making

We use an algorithmic ELO ranking system to compute your skill rating from match results. This is automated processing, but it does not produce legal or similarly significant effects on you within the meaning of Art. 22 GDPR — it only updates a numeric rating used inside the app. We do not perform any other form of automated profiling that affects your legal status.

10. Children

The Service is not directed to children under 14 (the digital-consent age in Spain under the LOPDGDD). We do not knowingly collect personal information from children below this age. If you believe a child has provided us with data, contact us and we will delete it.

11. Security

We apply technical and organisational measures appropriate to the risk, including TLS encryption in transit, encryption at rest for credentials and tokens, role-based access controls, and audit logging. No system is perfectly secure, but we will notify you and the competent supervisory authority of any personal-data breach in accordance with Art. 33 and 34 GDPR.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when changes were made. Material changes will be communicated in-app at least 14 days before they take effect.

13. Contact

Questions about this Privacy Policy or how we handle your data? Email privacy@padelheroes.app.