The controller responsible for data processing on this platform is:
SLAMit · Tennis League
Arne Brödel
Kiefernstr. 33
40233 Düsseldorf
Email: arne.broedel+slamit@gmail.com
We process personal data that you provide during registration, login, and use of the platform, or that is technically required for operation:
The collected data is used solely to operate the tennis league platform: managing player accounts, scheduling and coordinating matches, enabling communication between players, and maintaining standings and result history. We also process data to secure the platform, detect abuse, analyze errors, and document administrative actions.
When you register with an email address, we store the contact details you enter, a password hash, the time of email confirmation, and security-relevant tokens for verification and password reset. If you use Google OAuth, we process the profile information transmitted by Google, in particular your verified email address, a provider-side user identifier, and, where applicable, your profile picture, in order to create your account or link it to an existing one.
Session management uses a technically necessary cookie (slamit_session) together with a Cloudflare KV cache. The D1 database remains the authoritative source for session and account data.
If you upload an avatar or we import an external profile image, we store or process that data via Cloudflare R2 and Cloudflare Images. System emails such as verification or notification emails are sent through Cloudflare Email. In-app messages and challenge- or match-related communication are processed to enable league operations.
We use services from Cloudflare, Inc. for hosting, server logic, database, session cache, object and image storage, and email delivery. Processing is carried out on the basis of a data processing agreement and/or Cloudflare's Data Processing Addendum. Processing in third countries, especially the United States, cannot be ruled out. Cloudflare refers to, among other safeguards, participation in the EU-U.S. Data Privacy Framework.
If you use Google OAuth, authentication takes place via Google. Google is independently responsible for the processing it performs in that context.
Within the browser we use only technically or functionally necessary local storage mechanisms. This includes, in particular, saving your theme choice (light/dark/adaptive) and the status of completed onboarding hints. In adaptive mode, the interface switches between light and dark solely based on your browser's or device's local time. This information remains local in your browser and is not used for advertising or tracking purposes.
To ensure stable and abuse-resistant operation, we log security-relevant events, technical errors, and certain administrative changes. These logs help us analyze errors, detect abuse, and trace changes made to user or league data.
Account data is stored as long as your account remains active. After account deletion, personal data is deleted within 30 days unless statutory retention obligations require otherwise. Messages, profile data, and contact data are deleted or anonymized upon account deletion where technically feasible. Match and league data may be retained in anonymized form for the duration of the season and a subsequent archive period in order to preserve leaderboard integrity.
You have the right at any time to:
To exercise these rights, including a manual data export request under Art. 20 GDPR, please contact us at the email address listed above. You also have the right to lodge a complaint with a data protection supervisory authority.
Supplementary information about the provider can be found in the Legal Notice. The rules for using the platform are described in the Terms of Service .
If you have questions about privacy or about exercising your rights, you can reach us at:
Email: arne.broedel+slamit@gmail.com