← Back to Home
Information We Collect
TeamWalletX collects the following data to provide sports team management services:
- Identity Data: Name, email address, player number
- Team Data: Team affiliations, role, membership status
- Performance Data: Penalty records, payment history, statistics, achievements
- Financial Data: Penalty amounts, payment status, transaction records
- Technical Data: Device type, OS version, app version, crash reports
- Usage Data: App interactions, feature usage, performance metrics
- Push Tokens: FCM device token for push notification delivery
- Photos: Team logos and member profile pictures (with your permission)
Legal Basis for Processing (GDPR Art. 6)
We process your personal data under the following lawful bases:
- Contract Performance (Art. 6(1)(b)): Providing the team management service, processing penalty assignments and payments, enabling team communication.
- Legitimate Interest (Art. 6(1)(f)): App stability via crash reporting (Firebase Crashlytics), fraud prevention, service improvement.
- Consent (Art. 6(1)(a)): Push notifications — you can withdraw this at any time in your device Settings.
How We Use Your Information
- Provide and maintain our team management services
- Process penalty assignments and payment tracking
- Enable team communication and coordination
- Implement gamification features (achievements, leaderboards)
- Improve app performance and user experience
- Send important service notifications
- Provide customer support
- Ensure platform security and prevent fraud
Information Sharing
We do not sell, trade, or rent your personal information. Data may be shared:
- With your team members as part of normal app functionality
- With Google Firebase (data processor) for authentication, database, storage, and crash reporting — governed by Google's Data Processing Agreement and Standard Contractual Clauses
- With Apple (StoreKit) for subscription management
- When required by law or to protect rights and safety
Data Retention
- Account Data: Retained while your account is active; deleted within 30 days of an account deletion request
- Financial Records: Retained for up to 7 years for legal compliance
- Technical / Crash Data: Retained for up to 2 years
- Inactive accounts may be deleted after 2 years of inactivity
Data Storage and Security
- AES-256 encryption at rest; TLS 1.3 in transit
- Stored on Google Firebase (EU-region where available)
- International transfers covered by Standard Contractual Clauses (SCCs)
- Role-based access controls enforced at database level
- Biometric credentials stored locally in device Keychain only — never transmitted
Your Rights Under GDPR
You have the following rights:
- Access (Art. 15): Request a copy of your personal data
- Rectification (Art. 16): Correct inaccurate or incomplete information
- Erasure (Art. 17): Delete your account and all associated data via Settings → Privacy & Security → Delete Account
- Restriction (Art. 18): Limit processing while verifying accuracy
- Portability (Art. 20): Export your data in a machine-readable format
- Object (Art. 21): Object to processing based on legitimate interests
- Withdraw Consent: Disable push notifications in device Settings at any time
To exercise your rights, contact us at info@teamwalletx.app with the subject line "Privacy / GDPR Inquiry". We respond within 30 days as required by GDPR.
You also have the right to lodge a complaint with your local EU data protection supervisory authority.
Children's Privacy
TeamWalletX may be used by minors under parental or coach supervision. We do not knowingly collect data from children under 16 without verified parental consent. Team administrators must ensure appropriate consents are obtained for minor members.
If you believe we have collected data from a child under 16 without consent, please contact us immediately at info@teamwalletx.app.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes through:
- In-app notifications
- Email notifications to registered users
- Updates posted on our website with change summaries
We will seek fresh consent for any new processing activities that require it under GDPR.