racket.runracket.run← Home

Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how racket.run (“racket.run”, “we”, “us”) collects, uses, and protects your personal data when you use our website and web application at racket.run (the “Service”). The Service is operated by Ligirda Aleksei, an individual based in Serbia, who acts as the data controller for the personal data described below. You can reach the controller at support@racket.run.

We aim to comply with the EU General Data Protection Regulation (GDPR) and apply the same standard of care to users worldwide.

1. Data we collect

We collect only the data needed to run the Service:

  • Account & authentication. When you sign in with Google, Telegram, or email, we receive identifiers such as your name, email address, profile photo (Google), or Telegram ID and display name. Sign-in is handled by our authentication provider (Supabase Auth).
  • Profile data. Your nickname, gender, skill rating, country, city, optional contact handles (e.g. Telegram, WhatsApp, Instagram), and avatar. Your country and city may be pre-filled from your approximate IP-based location on first sign-in and can be edited at any time.
  • Activity data. Tournaments and casual matches you create or join, scores, results, ratings, friend connections, and related timestamps.
  • Technical data. Approximate location (country/city) derived from your IP address, last-active timestamps, device and browser information, and data needed to keep the Service secure.
  • Cookies. Essential cookies for your login session, onboarding state, and your cookie choice. Non-essential analytics cookies are set only after you consent (see Section 6).

2. How we use your data

We process your data to:

  • provide and operate the Service (create accounts, run tournaments and matches, compute ratings);
  • show you to other participants in tournaments and matches you join (name, nickname, rating, results);
  • send service-related emails (e.g. match notifications, sign-in and account emails);
  • keep the Service secure, prevent abuse, and debug errors;
  • understand and improve how the product is used.

3. Legal bases (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you requested;
  • Legitimate interests — to secure the Service, prevent abuse, and improve the product;
  • Consent — for optional analytics and any optional features; you can withdraw consent at any time.

4. Sharing & service providers

We do not sell your personal data. We share data only with service providers (processors) who help us run the Service, under appropriate data-processing terms:

  • Supabase — database, authentication, and file storage;
  • Vercel — hosting, analytics, and approximate IP-based geolocation;
  • Resend — transactional and authentication emails;
  • Sentry — error monitoring and diagnostics. When an error occurs, Sentry may also capture a short, anonymised session replay (a reconstruction of on-screen activity) to help us debug. Replays mask all text, form inputs, and media by default, and run only if you have accepted analytics cookies (see Section 6);
  • PostHog — product analytics and session recording. PostHog automatically captures page views and interactions (such as clicks) and records replays of your sessions to help us understand and improve the Service. Recordings mask all on-screen text, form inputs, and media, and may include console logs and network timing; your IP address is anonymised, and recordings are retained for about 30 days. PostHog runs only after you accept analytics cookies (see Section 6);
  • Google and Telegram — optional sign-in providers you choose to use.

We may also disclose data where required by law, or to protect the rights, safety, and security of our users and the Service.

5. International transfers

Some of our providers are located outside your country, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an equivalent mechanism.

6. Cookies & analytics

Essential cookies are always active because the Service cannot work without them. They keep you signed in, remember your onboarding state, and store your cookie choice. These do not require consent.

Non-essential analytics (PostHog product analytics and session recording, and Sentry session replay) load only after you accept them via the cookie banner shown on your first visit. If you decline, these are not loaded and set no cookies or storage. You can change your mind by clearing the cookie choice in your browser, which brings the banner back.

We also use Vercel Analytics, which measures aggregate usage without cookies and without tracking you across sites; because it is cookieless, it runs without separate consent.

7. Data about other people

The Service lets organizers and players add other individuals — for example, by entering a player’s name or adding a guest to a match. If you enter personal data about someone else, you are the data controller for that information and are responsible for having a lawful basis to provide it, and for informing those individuals as required. In that case we act as a processor on your behalf, handling the data only to operate the Service. If someone’s data has been added without a proper basis, contact us at support@racket.run and we will help remove it.

8. Data retention & deletion

We keep your personal data for as long as your account is active or as needed to provide the Service. You can request deletion of your account and associated personal data at any time by emailing us at support@racket.run. We will delete or anonymise your personal data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our terms.

9. Your rights

Depending on your location, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data (“right to be forgotten”);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time;
  • lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@racket.run.

10. Children

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Security

We use technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls, and database-level security rules. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page and, where appropriate, notify you through the Service.

13. Contact

For any questions about this Privacy Policy or your personal data, contact us at support@racket.run.

Privacy Policy — racket.run