Privacy Policy

Last updated: April 17, 2026

1. Data Controller

The data controller is Emilio Micali, Via Domenico Lovisato 12, Trieste (TS), Italy.

For privacy-related requests: privacy@spriff.com

2. Personal Data Collected

We collect the following categories of personal data:

  • Player account data: email address, password (stored as a hash), username, first and last name (optional), phone number (optional), profile picture (optional).
  • Manager account data: email address, password (stored as a hash), first and last name (optional), organisation details (name, description, logo, email, phone, address, social links).
  • Usage data: tournaments you registered for, bookings made, match results, team memberships.
  • Location data: your approximate device location is used temporarily to show you nearby courts during a search. This information is not stored on our servers.

3. Purposes and Legal Basis

  • Performance of contract (Art. 6.1.b GDPR): managing your account, tournament registrations, court bookings, and service communications.
  • Consent (Art. 6.1.a GDPR): sending push notifications, using functional cookies. You may withdraw consent at any time.
  • Legitimate interest (Art. 6.1.f GDPR): platform security, abuse and fraud prevention, service improvement.

4. Data Processors (Sub-processors)

Your data is processed by the following third-party providers, each bound by appropriate contractual safeguards:

  • Convex Inc. (USA) — database and authentication provider. Data transfers to the USA are governed by Standard Contractual Clauses (SCC) approved by the European Commission (Decision 2021/914).
  • Google LLC (USA) — Google OAuth authentication (only if you choose to sign in with Google). Google participates in the EU–US Data Privacy Framework.

5. Data Retention

Your personal data is retained for the entire duration of your active account. Upon account deletion, identifying personal data is anonymised within 30 days of the request. Some data may be retained for a longer period where required by applicable law.

6. Your Rights

Under Articles 15–22 of the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate or incomplete data (Art. 16)
  • Obtain erasure of your data — "right to be forgotten" (Art. 17)
  • Restrict processing of your data (Art. 18)
  • Receive your data in a structured, portable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)

To exercise your rights, contact us at privacy@spriff.com. We will respond within 30 days of receiving your request. You can also delete your account directly from your account settings.

7. Minimum Age

The service is intended for users who are at least 14 years old, in compliance with Art. 8 of the GDPR and the Italian Data Protection Authority's guidelines. If we become aware that a user under 14 has created an account without parental consent, we will immediately delete the account.

8. Cookies

For detailed information about our use of cookies and similar technologies, please refer to our Cookie Policy.

9. Complaints

You have the right to lodge a complaint with the competent supervisory authority: the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), Piazza Venezia 11, 00187 Rome — www.garanteprivacy.it.

10. Policy Updates

This policy may be updated. In case of material changes, we will notify you by email with at least 30 days' notice. The latest version is always available on this page.