Last updated: February 14, 2026
This Privacy Policy explains how TennisDataApp ("Company", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you visit our website and any related pages, tools, and services (the "Site" and "Services").
This Policy applies to all visitors and users of the Site, whether or not you create an account. It should be read alongside our Terms of Service.
We are committed to protecting your privacy and processing your data in compliance with Regulation (EU) 2016/679 (the "GDPR"), Romanian data-protection legislation, and the ePrivacy Directive as implemented in Romania by Law 506/2004, as amended.
By accessing the Site you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a legal basis we will obtain it separately (for example, through our cookie-consent mechanism).
The data controller responsible for your personal data is:
TennisDataApp
Email: [email protected]
If you have any questions about this Privacy Policy or our data practices, you may contact us at the email address above.
We collect and process a minimal set of personal data. We do not ask for your name, and we do not store passwords. Authentication is handled entirely via magic link β a secure, one-time login link sent to your email.
| Category | Details |
|---|---|
| Email address | The only piece of information you provide at registration. Used for authentication (magic-link login), account identification, billing communications, and service notifications. |
| Communications | Any information you include when you email us, submit a support request, or provide feedback. |
| Category | Details |
|---|---|
| IP address | Collected and stored to detect and prevent trial abuse (e.g. multiple trial accounts from the same origin). Also incidentally present in server logs. |
| Device & browser data | Operating system, browser type and version, device type, screen resolution. Collected for analytics, compatibility, and abuse-prevention purposes. |
| Usage data | Pages visited, features used, Credit consumption, timestamps, referring URL, session duration. |
| Cookie & storage data | Session identifiers, authentication tokens, user preferences (e.g. odds format) β see Section 6. |
| Analytics data | Pseudonymized interaction data collected by Google Analytics 4, Statcounter, and Microsoft Clarity β see Section 7. |
When you start a trial or subscribe, Stripe processes your payment and sends us limited information. We do not receive or store your full card number, expiry date, CVV, cardholder name, or billing address.
| Data | Purpose |
|---|---|
| Subscription status | Whether your subscription is active, past due, cancelled, etc. |
| Payment status | Whether a charge succeeded or failed. |
| Unique payment-method identifier | An opaque token generated by Stripe that represents your payment method. It cannot be used to derive your card number or any card details. We use it solely to detect whether the same payment method has been used across multiple accounts, to prevent trial abuse. |
Under the GDPR, we process your personal data on the following legal bases:
| Legal Basis | Processing Activities |
|---|---|
| Performance of a contract (Art. 6(1)(b)) | Account creation & management; magic-link authentication; providing the Services; processing subscriptions & payments via Stripe; managing Credits & usage limits; sending transactional emails via SMTP2GO; communicating about your account or subscription |
| Legitimate interests (Art. 6(1)(f)) | Protecting platform security & preventing abuse (e.g. using IP addresses and payment-method identifiers to detect trial abuse, scraping, or fraud); improving & optimizing the Site; analyzing aggregated usage trends; enforcing our Terms of Service |
| Consent (Art. 6(1)(a)) | Placing non-essential cookies and similar technologies (analytics, session recording); sending promotional / marketing communications |
| Legal obligation (Art. 6(1)(c)) | Tax compliance & financial record-keeping; responding to lawful requests from authorities |
Where we rely on legitimate interests we have conducted balancing assessments and concluded that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 13).
Cookies are small text files placed on your device by your browser. Local storage is a browser mechanism that lets websites store data that persists across sessions. Both allow us to recognise you and remember certain information.
In accordance with the ePrivacy Directive (Law 506/2004 in Romania) and the GDPR, we obtain your consent before placing any non-essential cookies or similar technologies. You can manage your preferences at any time via our on-site cookie-consent mechanism. Strictly necessary cookies do not require consent.
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| Session / auth cookie(s) | Maintaining your logged-in session after magic-link authentication | First-party | Session / up to [X] days |
These cookies are essential for the Site to operate. Without them the Services cannot function. They cannot be disabled.
| Technology | Purpose | Type | Duration |
|---|---|---|---|
| Local storage: odds-format preference | Remembering your selected odds format (decimal, fractional, American) across sessions | Browser local storage (first-party) | Persistent until cleared by you |
Stores only your chosen display format β no personal data.
Placed only after you provide consent through our cookie-consent mechanism.
| Provider | Purpose | Key Cookies | Duration |
|---|---|---|---|
| Google Analytics 4 | Site traffic & aggregate user-behaviour analytics | _ga, _ga_* | Up to 14 months |
| Statcounter | Page-view analytics, traffic sources, visitor paths | is_unique, _statcounter | Session / up to 5 years |
| Microsoft Clarity | Session recordings, heatmaps, interaction analytics | _clck, _clsk, CLID, MUID | Session to 12 months |
Note on Microsoft Clarity:
Clarity records user sessions (clicks, scrolls, mouse movements) and generates heatmaps. Sensitive input fields are masked by default; we have configured Clarity not to capture keystrokes. Sessions are tied to pseudonymous identifiers, not your email. Microsoft may use Clarity data to improve its own products β see Microsoft's Privacy Statement.
| Provider | Purpose | Type | Duration |
|---|---|---|---|
| Stripe | Secure payment processing; fraud detection & prevention | Third-party (__stripe_mid, __stripe_sid) | Session to 1 year |
Stripe sets its own cookies when you interact with the payment form. Some are strictly necessary for payment security. See Stripe's Privacy Policy and Cookie Policy.
You can manage or withdraw cookie consent at any time by:
Browser-specific guides: Chrome Β· Firefox Β· Safari Β· Edge
We use GA4 to collect pseudonymized data about how visitors use the Site β pages visited, session duration, traffic sources, and general interest indicators.
We use Statcounter to collect analytics data including page views, visitor counts, traffic sources, and referral paths. Statcounter may process IP addresses and use cookies to distinguish unique visitors.
Microsoft Clarity helps us understand how users interact with the Site through:
Clarity collects pseudonymous identifiers, device/browser info, pages visited, and interaction patterns. Sensitive input fields are masked by default; we do not capture keystrokes. Microsoft may use Clarity data to improve its own products.
We use Stripe, Inc. (and its affiliates, including Stripe Payments Europe, Ltd. for EEA users) as our payment processor.
When you start a trial or purchase a subscription:
More info: Stripe Privacy Policy Β· Stripe Cookie Policy
We do not sell your personal data. We share it only as described below:
| Recipient | Purpose | GDPR Role |
|---|---|---|
| Stripe | Payment processing, subscription management, fraud prevention, tax calculation | Processor / Independent Controller |
| Google (GA4) | Website analytics | Processor |
| Statcounter | Website analytics | Processor |
| Microsoft (Clarity) | Session recording & heatmaps | Processor / Independent Controller |
| SMTP2GO | Transactional email delivery (magic links, receipts, notifications) | Processor |
| Hosting / infrastructure providers | Hosting the Site and storing data securely | Processor |
| Legal / regulatory authorities | Where required by law, court order, or to protect our legal rights | N/A (legal obligation) |
| Business transfers | In connection with a merger, acquisition, or sale of assets (see ToS, Section 36) | Controller (successor) |
All third-party processors are bound by data-processing agreements and/or standard contractual clauses where required.
Some of our third-party providers are based outside the European Economic Area (EEA):
| Provider | Location | Transfer Mechanism |
|---|---|---|
| Google (GA4) | United States | EUβUS Data Privacy Framework (DPF); SCCs as fallback |
| Microsoft (Clarity) | United States | EUβUS Data Privacy Framework (DPF); SCCs as fallback |
| Stripe | US (EU entity: Stripe Payments Europe, Ltd., Ireland) | EUβUS Data Privacy Framework (DPF); SCCs |
| SMTP2GO | New Zealand (servers may be US/EU) | EU adequacy decision for NZ; SCCs where applicable |
| Statcounter | Ireland (EEA) | No transfer outside EEA required |
Where the EUβUS Data Privacy Framework applies, we rely on the provider's DPF certification. Where it does not apply or as a supplementary safeguard, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission.
You may request a copy of the relevant safeguards by contacting us at [email protected].
We retain personal data only as long as necessary to fulfil the purposes in this Policy, or as required by law:
| Data Category | Retention Period |
|---|---|
| Account data (email, payment-method identifier) | Duration of your account. After deletion/termination, retained up to 30 days for data-export requests (see ToS, Section 26), then deleted or anonymized. |
| IP addresses (trial-abuse logs) | Retained while needed for abuse detection. Deleted or anonymized no later than 12 months after collection, unless needed for an ongoing investigation or dispute. |
| Billing & transaction records | Up to 10 years after the transaction, per Romanian fiscal legislation (Law 82/1991, Romanian Fiscal Code). |
| Support communications | Up to 3 years after last communication, or longer for ongoing dispute resolution. |
| Analytics data (GA4) | Up to 14 months (configured by us), then automatically deleted/aggregated by Google. |
| Analytics data (Statcounter) | Subject to Statcounter's retention policies; logs retained for duration of use. |
| Session recordings (Clarity) | Up to 30 days; aggregated heatmap data may persist longer per Microsoft's policies. |
| Cookie-consent records | Typically 3 years or until no longer needed for compliance purposes. |
After the applicable period, data is deleted, anonymized, or aggregated so it can no longer identify you.
We implement appropriate technical and organizational measures to protect your personal data:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
If you are located in the EEA (or where otherwise applicable), you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete data. |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. |
| Restriction (Art. 18) | Request that we restrict processing in certain circumstances. |
| Data portability (Art. 20) | Request your data in a structured, commonly used, machine-readable format. |
| Objection (Art. 21) | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent (Art. 7(3)) | Withdraw consent at any time without affecting the lawfulness of prior processing. |
| Automated decisions (Art. 22) | We do not make solely automated decisions that produce legal or similarly significant effects on you. Our predictions are informational content, not decisions about you. |
Contact us at [email protected]. We will respond within one month (extendable by two months for complex requests). We may verify your identity by sending a confirmation to the email address on your account. There is no fee unless requests are manifestly unfounded or excessive.
You may lodge a complaint with a supervisory authority. In Romania:
ANSPDCP
Autoritatea NaΘionalΔ de Supraveghere a PrelucrΔrii Datelor cu Caracter Personal
You may also lodge a complaint with the authority in your country of habitual residence, place of work, or place of alleged infringement.
The Services are not directed to individuals under 18 years of age (or the applicable legal age in your jurisdiction, as described in our Terms of Service, Section 2). We do not knowingly collect personal data from children.
If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly. If you believe this has occurred, please contact us at [email protected].
The Site may contain links to third-party websites (e.g. GambleAware, Gambling Therapy). We are not responsible for their privacy practices or content and encourage you to review their privacy policies.
We may update this Policy from time to time. When we make material changes we will:
Continued use of the Services after an update constitutes acknowledgment of the changes (but not consent to new processing that requires separate consent).
TennisDataApp
Email: [email protected]
For complaints, see also our Terms of Service β Sections 30 and 31 β regarding alternative dispute resolution (ANPC/SAL in Romania) and the EU Online Dispute Resolution platform.