Privacy Policy

Effective: February 11, 2026 · Last updated: February 11, 2026

POISE ("we", "us"), registered in Sweden, operates the OpenMatchday platform. This policy explains how we handle your data in compliance with the EU General Data Protection Regulation (GDPR).

Data Controller

POISE · Email: privacy@openmatchday.com

What We Collect

Account data: Username, display name, email (if provided), password (bcrypt hashed).

Tournament data: Tournament info, team names, player names, shirt numbers, match scores, events, live feed messages.

Technical data: IP address, browser type, page visits, login attempts.

We do NOT collect: Swedish personal identity numbers (personnummer), biometric data, health data, or data from children under 13.

Legal Basis

We process data based on: performance of contract (providing the Service, authentication, payments), legitimate interest (security, service improvement), and consent (email notifications).

How We Use Data

To provide and maintain the Service, authenticate users, process payments, validate licenses, send notifications (if enabled), and protect against abuse. We do not sell data or use it for advertising.

Data Sharing

We may share data with: Stripe (payment processing), our hosting provider (EU-based), and email service providers (if configured). We may disclose data if required by law.

Security

We implement: encryption in transit (TLS), CSRF protection, SQL injection prevention, brute-force protection, rate limiting, and session hardening. Self-hosted customers are responsible for their own server security.

Data Retention

Account and tournament data: duration of account + 30 days. Login records: 90 days. Payment records: 7 years (Swedish law). Server logs: 30 days.

Your Rights (GDPR)

You have the right to: access your data, correct inaccuracies, delete your data ("right to be forgotten"), restrict processing, export your data (CSV export available), object to processing, and withdraw consent.

Contact privacy@openmatchday.com to exercise your rights. We respond within 30 days.

Cookies

We use only essential cookies: session management (PHPSESSID), theme preference, and language preference. No advertising, analytics, or third-party tracking cookies.

Complaints

You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY): imy.se