1. Information We Collect
1.1 Information You Provide
We collect information you provide directly to us, such as:
- Account information (name, email, username, date of birth)
- Profile information (sports stats, team affiliations, nationality)
- Identity verification documents (ID cards, passports) for account verification
- Profile photos and verification photos taken with your device camera
- Sports performance data and health-related information
- Content you create (messages, posts, statistics, forms)
- Communications with us and support requests
1.2 Information Collected Automatically
When you use our mobile app, we may automatically collect:
- Device information (model, operating system, unique identifiers)
- App usage data and analytics
- Push notification tokens
- Crash reports and error logs
- Network and connectivity information
1.3 Mobile App Permissions
Our mobile app may request the following permissions:
- Camera: To take profile pictures and identity verification photos
- Notifications: To send you updates, messages, and important announcements
- Network Access: To connect to our services and sync your data
You can manage these permissions in your device settings at any time.
2. How We Use Your Information
2.1 Legal Basis for Processing (GDPR Article 6)
We process your data based on the following legal grounds:
- Contract: To provide our sports platform services and features
- Consent: For marketing communications and optional features
- Legitimate Interest: For security, fraud prevention, and service improvement
- Legal Obligation: For identity verification and regulatory compliance
2.2 Purposes of Use
We use the information we collect to:
- Provide, maintain, and improve our sports platform services
- Verify your identity and ensure platform safety
- Process sports statistics and provide personalized analytics
- Send notifications, updates, and support messages
- Respond to your comments and questions
- Analyze usage patterns and improve user experience
- Ensure compliance with sports regulations and age verification
- Prevent fraud and maintain platform security
3. Identity Verification
To ensure platform safety and comply with sports regulations:
- We collect government-issued ID documents for age and identity verification
- These documents are securely stored and used solely for verification purposes
- We may use automated systems to verify document authenticity
- Verification data is retained as required by law and sports regulations
- You can request deletion of verification documents where legally permitted
4. Data Storage and Location
Your data security and location:
- All data is stored on secure servers located in Paris, France (European Union)
- Your data remains within the European Union at all times
- We comply with French data protection laws and GDPR
- No data transfers to third countries outside the EU occur
- We implement appropriate technical and organizational security measures
5. Information Sharing
We do not sell, trade, or rent your personal information. We may share your information in the following situations:
- With your explicit consent
- To comply with legal obligations and court orders
- To protect rights, safety, and security of users
- With service providers who assist our operations (all within EU)
- In case of business merger or acquisition (with notice to users)
6. Data Retention
We retain your data for the following periods:
- Account data: Until account deletion or 3 years after last activity
- Identity verification documents: 5 years as required by French law
- Sports statistics: Until you request deletion
- Chat messages: 2 years for moderation purposes
- Analytics data: 2 years in anonymized form
- Security logs: 1 year for fraud prevention
7. Your Rights Under GDPR
As an EU resident, you have the following rights under GDPR:
- Right of Access (Article 15): Request access to your personal data
- Right to Rectification (Article 16): Correct inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your data ("Right to be forgotten")
- Right to Restrict Processing (Article 18): Limit how we use your data
- Right to Data Portability (Article 20): Receive your data in machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for data processing at any time
- Right to Lodge a Complaint: File a complaint with CNIL (French data protection authority)
To exercise these rights, contact us at privacy@kandor.me.
8. Children's Privacy
Our service is not directed to children under 16 (GDPR age of consent). We do not knowingly collect personal information from children under 16 without parental consent. If you are under 16, please have your parent or guardian review this policy and provide consent before using our services.
If we learn we have collected personal information from a child under 16 without proper consent, we will delete such information promptly.
9. Third-Party Services
Our app integrates with the following third-party services, all located within the EU:
- Supabase (Database & Authentication): Servers located in Paris, France
- Firebase (Push Notifications): EU region servers only
These services have their own privacy policies and operate under GDPR compliance within the EU.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Sending you an email notification (if you have an account)
- Displaying an in-app notification
Your continued use of our services after changes become effective constitutes acceptance of the new policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your GDPR rights, please contact us at: