Privacy Policy

Rallyo is operated by Reditus Software Holding BV, located at Kapwelweg 12, 3951 AC Maarn, Nederland, registered with the Dutch Chamber of Commerce under number 77813944. For questions about this policy, contact us at info@rallyo.events.

• Account: first and last name, email, phone (optional), hashed password.
• Profile: avatar, language preference, sport preferences, playing level per selected sport, and external ratings such as KNLTB where relevant.
• Activity: club memberships, event signups, match results and rating history.
• Logging: audit logs of administrative actions for security and debugging.

• Performance of contract: creating accounts, running events, tracking ratings.
• Legitimate interest: fraud prevention, security, debugging and audit logging.
• Consent: (future) marketing emails.

We rely on the following providers to run Rallyo:

• Vercel, application hosting (US/EU, DPA).
• Supabase, database, authentication and file storage (EU, Ireland).
• Cloudflare, DNS and domain management (DPA).
• Sentry, error tracking and stability (EU, Frankfurt).
• PostHog, cookieless product analytics with internal IDs and route templates (EU, Frankfurt). IP address is not retained.
• Resend, transactional email delivery (USA, under Standard Contractual Clauses).

We keep your data while your account is active. If you delete your account, your personal data (name, email, phone, avatar) is anonymised within 30 days. Fully orphaned rows (e.g. stray notification logs with no profile reference) are permanently purged by the cleanup cron within 90 days. Match results stay under the name "Deleted User" so club history and other players' ratings remain consistent. Statutory retention requirements take precedence.

Your data is stored within the EEA. Transactional email is delivered through Resend, which may process outside the EEA (USA); standard contractual clauses apply.

Rallyo uses functional storage (session, language preference, settings) and cookieless product analytics with internal IDs and route templates. No tracking cookies, no advertising cookies, no session replay and no ad networks.

You have the right to access, correct, delete, restrict and object, and to data portability. Under "Profile → Privacy" you can download your data or delete your account. You can also email info@rallyo.events, or file a complaint with the Dutch Data Protection Authority.

Tournament participation: your data export also includes your tournament signups, teams, pool matches and bracket matches. Teammate or partner data is masked — it belongs to a different data subject. When you delete your account, completed matches are kept to preserve standings integrity, but your player ID is anonymised ("Deleted player"). Unplayed signups are fully removed.

We use Row-Level Security on the database, hashed passwords, TLS in transit and the principle of least privilege for internal access.

We may update this policy. The current version and date are shown at the top. We will actively notify you of material changes.

Reditus Software Holding BV · Kapwelweg 12, 3951 AC Maarn, Nederland · CoC 77813944 · info@rallyo.events