Privacy Policy

    Last Updated: 6/19/2026

    1. Introduction

    StatHarbour ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sports league management platform.

    This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

    2. Data Controller

    The data controller responsible for your personal data is:

    StatHarbour

    Email: contact@statharbour.com

    3. Information We Collect

    3.1 Personal Information You Provide

    • Account Information: Name, email address, password (encrypted)
    • Organization Data: Organization name, membership details
    • League & Team Data: League names, team information, player names, positions, jersey numbers
    • Player Information: Names, birth dates, positions, statistics, photos (if uploaded)
    • Payment Information: Processed by Stripe (we do not store full payment card details)
    • Communications: Messages, support requests, feedback

    3.2 Automatically Collected Information

    • Usage Data: Pages viewed, features used, time spent, clicks
    • Device Information: Browser type, device type, IP address
    • Cookies: Session cookies for authentication and functionality

    4. Legal Basis for Processing (GDPR)

    We process your personal data based on:

    • Contract Performance: To provide our services under our Terms of Service
    • Consent: Where you have given explicit consent (e.g., marketing emails)
    • Legitimate Interests: To improve our services, prevent fraud, ensure security
    • Legal Obligations: To comply with applicable laws and regulations

    5. How We Use Your Information

    • Provide, maintain, and improve our services
    • Process payments and subscriptions
    • Send administrative notifications and updates
    • Respond to support requests and inquiries
    • Generate statistics and analytics (anonymized)
    • Prevent fraud and ensure platform security
    • Send marketing communications (with your consent)

    6. Data Sharing and Disclosure

    We do not sell your personal data. We may share data with:

    • Service Providers: Supabase (hosting), Stripe (payments), Resend (emails)
    • Public Data: League information you choose to make public via public URLs
    • Legal Requirements: If required by law or to protect rights and safety
    • Business Transfers: In case of merger, acquisition, or asset sale

    7. Your Rights Under GDPR

    You have the following rights regarding your personal data:

    • Right to Access: Request a copy of your personal data
    • Right to Rectification: Correct inaccurate or incomplete data
    • Right to Erasure: Request deletion of your data ("right to be forgotten")
    • Right to Restriction: Limit how we use your data
    • Right to Data Portability: Receive your data in a structured format
    • Right to Object: Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent at any time

    To exercise these rights, visit your Profile settings or contact us at contact@statharbour.com

    8. Data Retention

    We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. When you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law.

    9. Data Security

    We implement appropriate technical and organizational measures to protect your data, including:

    • Encryption of data in transit (SSL/TLS) and at rest
    • Row-level security policies in our database
    • Regular security audits and updates
    • Access controls and authentication requirements
    • Secure payment processing via Stripe (PCI DSS compliant)

    10. International Data Transfers

    Your data may be processed in countries outside the EU, including:

    • United States: Supabase (database hosting), Stripe (payment processing), Resend (email delivery)

    We ensure adequate safeguards are in place through:

    • Standard Contractual Clauses (SCCs) with all processors
    • Data Processing Agreements (DPAs) in place with service providers
    • Our service providers maintain SOC 2 and ISO 27001 certifications

    11. Cookies and Tracking

    We use the following types of cookies:

    • Essential Cookies: Required for authentication and session management
    • Functional Cookies: Remember your preferences and settings

    We do not use advertising, analytics, or tracking cookies. You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality.

    12. Children's Privacy

    Our service is intended for users 16 years and older. We do not knowingly collect data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.

    13. Changes to This Policy

    We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance.

    14. Supervisory Authority

    If you have concerns about our data practices, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia:

    Informacijski pooblaščenec

    Dunajska cesta 22

    1000 Ljubljana, Slovenia

    Phone: +386 1 230 97 30

    Email: gp.ip@ip-rs.si

    Website: www.ip-rs.si

    15. Contact Us

    For questions, concerns, or to exercise your GDPR rights, contact us at:

    Email: contact@statharbour.com