BRACKSY

Last updated: 2026-06-14

Privacy Policy

This Privacy Policy explains how Bracksy handles personal data in the web app, installed PWA and mobile app wrapper. It is written for users in Poland and the European Union and is intended to match the real product behavior and Google Play Data Safety disclosures.

This document is product information, not legal advice. Before publishing in Google Play, have the final policy reviewed by a legal or compliance professional.

1. Controller and contact

The controller of personal data processed in Bracksy is Mateusz Pieczynski, the person responsible for the Bracksy service. Contact is available through mateuszpieczynski.pl.

Use the same contact channel for privacy questions, data access requests, account deletion questions and other GDPR requests.

2. Data we process

Depending on how you use Bracksy, we process the following categories of data:

  • Account and authentication data, including email address, user ID, provider identifiers and session data.
  • Profile data, including display name, avatar, bio, favorite sports, phone number if provided, push preference and public profile fields.
  • Tournament data, including tournament names, sport, format, visibility, participants, player names, scores, standings, rounds, match history and share links.
  • Social data, including friends, follows, clubs, invitations, rivalry records and contact-search data that you choose to provide.
  • Subscription and billing metadata, including Stripe customer and subscription identifiers, plan, status and billing period metadata. Bracksy does not store full card numbers.
  • Notification data, including in-app notifications and web push subscription endpoints when you enable push notifications.
  • Technical and security data, including IP-derived request context, device/browser details, audit log entries, rate-limit data, cookies and consent choices.
  • Optional analytics events if you consent to analytics cookies, such as tournament creation, score saves, checkout start and subscription activation.

3. Purposes and legal bases

We process personal data only where there is a valid purpose and legal basis. In practice this means:

  • Providing the service, accounts, tournaments, scoring, standings, profiles, friends, clubs and sharing features as necessary to perform the service requested by you.
  • Authenticating users, securing sessions, preventing abuse, enforcing rate limits and maintaining audit logs based on our legitimate interest in security and service integrity.
  • Processing payments and subscription status through Stripe to perform the paid Pro service and meet legal/accounting obligations.
  • Sending push or in-app notifications where you enable them or where they are necessary for account/service activity.
  • Using optional PostHog analytics only after your consent, so we can understand product usage and improve Bracksy.
  • Responding to support, privacy and legal requests, including data export and deletion requests.

4. Service providers and sharing

We do not sell personal data. We share data only where needed to operate Bracksy, comply with law, or provide integrations you use.

  • Supabase provides authentication, database, storage, realtime and server-side infrastructure for Bracksy data.
  • Stripe processes paid subscriptions, checkout, billing portal and payment-related events.
  • PostHog may process optional analytics data only if analytics consent is granted; the configured host is the EU PostHog endpoint when enabled.
  • Sentry may receive technical error details if monitoring is configured, to help diagnose crashes and production issues.
  • Browser vendors and push infrastructure process web push subscription data when you enable push notifications.
  • Public or unlisted tournaments, public profiles and share links can be viewed by people who receive or discover those links, according to the visibility setting chosen in the app.

5. Cookies, consent and analytics

Bracksy uses necessary cookies and local storage for secure sign-in, sessions, locale, app operation and remembering your cookie preferences.

Optional analytics, marketing and functional cookies are controlled by the cookie banner. You can accept, reject or change optional preferences from the cookie settings link in the footer.

PostHog analytics is initialized only when an analytics consent is present. If analytics is rejected, Bracksy opts out and resets PostHog capture state.

6. Push notifications

If you enable push notifications, Bracksy stores a browser push subscription endpoint and related keys so notifications can be delivered to your device.

You can disable push notifications in your browser/device settings and in the profile area where supported. Disabling push removes or invalidates the stored subscription endpoint where possible.

7. Public content and visibility

You control tournament visibility where the app provides private, unlisted and public options. Public tournaments may appear in Discover and can be viewed by other users. Unlisted tournaments may be viewed by anyone with the link. Private tournaments are intended for authorized users and invited participants.

Player names, scores, standings, profile display names, avatars and other public fields may be visible to other users depending on how you configure visibility and sharing.

8. Retention and deletion

Account and app data are kept for as long as you use the account or as long as needed to provide the service. You may permanently delete your account from Profile > Account and legal > Delete account or through the account deletion page.

After account deletion, Bracksy deletes the account and linked application data where technically possible. Limited backup or security copies may remain for a restricted operational period before final purge.

Billing records and subscription metadata may be retained for the period required by tax, accounting, chargeback and legal obligations.

9. Your GDPR rights

If GDPR applies to you, you may request:

  • access to your personal data and a copy of data processed about you;
  • correction of inaccurate or incomplete data;
  • deletion of data where the legal requirements are met;
  • restriction of processing;
  • data portability, including the export available from the profile area;
  • objection to processing based on legitimate interests;
  • withdrawal of consent for optional analytics or marketing cookies at any time.

10. Security and international transfers

Bracksy uses authenticated access, Row Level Security policies, role-based server operations, HTTPS, rate limiting and audit logging to protect account, profile and tournament data.

Some providers may process data outside the European Economic Area depending on their infrastructure and sub-processors. Where this occurs, it should rely on appropriate safeguards such as contractual protections or equivalent mechanisms offered by the provider.

11. Complaints and changes

You may contact us first with privacy concerns. If you are in the EU, you may also lodge a complaint with the competent data protection authority, including the Polish supervisory authority where applicable.

We may update this Privacy Policy as Bracksy develops. The updated date shows when the current version was last changed.