Privacy Policy

1. Introduction

Skoryd (“[LEGAL ENTITY NAME],” “Skoryd,” “we,” “us,” or “our”) operates the Skoryd website and mobile application (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information in compliance with applicable federal and state privacy laws, including the Federal Trade Commission Act (15 U.S.C. § 45), state consumer privacy laws described in Section 6, and state breach notification laws.

This Service is intended for users 18 years of age or older. We do not knowingly collect personal information from persons under 18.

By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Personal Information We Collect

A. Information You Provide Directly:

B. Information Collected Automatically:

C. Information from Third Parties: Stripe (payment status, transaction identifiers, limited payment metadata); authentication providers (name and email if you log in through a third-party provider).

3. How We Use Personal Information

We use personal information for the following purposes:

(a) Service Operation: Create and manage your account; display your profile, standings, and match history to other users; process Event registrations; facilitate payment processing.

(b) Communications: Send account confirmation emails, password reset emails, match notification emails, and important Service announcements. These operational communications are not optional while your account is active.

(c) Improvement: Analyze usage patterns, diagnose technical issues, and develop new features.

(d) Safety and Security: Detect, investigate, and prevent fraudulent transactions, abuse, and violations of our Terms of Service.

(e) Legal Compliance: Comply with applicable legal obligations, respond to legal process, and enforce our Terms of Service.

(f) Marketing (Optional): With your consent, we may send you promotional communications. You may opt out at any time (see Section 6).

We do not sell your personal information for monetary consideration. We do not use your personal information for cross-context behavioral advertising through third-party networks.

4. How We Disclose Personal Information

A. Service Providers (Processors Acting on Our Behalf):

These providers are contractually required to maintain the confidentiality and security of your information and may not use it for any purpose other than providing services to us.

B. Other Users of the Service: Your display name, profile photo (if uploaded), hometown, match results, league standings, and club affiliations are visible to other authenticated Service users as part of normal Service operation. Your full name and email address are not publicly displayed within the Service.

C. Event Organizers: When you register for an Event, the Event's Organizer can see your display name and registration status. Organizers cannot see your full name, email address, or payment information.

D. Legal and Safety Disclosures: We may disclose personal information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, subpoena, or court order; (b) protect the rights, property, or safety of Skoryd, our users, or the public; or (c) detect, prevent, or address fraud, security issues, or technical problems.

E. Business Transfers: If Skoryd is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on the Service at least thirty (30) days before your information becomes subject to a materially different privacy policy.

F. Aggregate or De-Identified Data: We may share aggregate or de-identified information (information that cannot reasonably be used to identify you) with third parties for research, analytics, or marketing purposes without restriction.

5. Cookies and Similar Technologies

We do not use advertising cookies or participate in cross-site behavioral advertising networks. You may disable non-essential cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using the Service.

6. Your Privacy Rights and Choices

All Users — General Rights

• Access: You may access and review your account information and profile data by logging in to your account.
• Correction: You may update your profile information at any time through account settings.
• Deletion: You may request deletion of your account and associated personal information by contacting us at [PRIVACY_EMAIL]. We will delete or anonymize your personal data within forty-five (45) days, subject to legal retention obligations. Note: Match results and standing records may be retained in anonymized or aggregate form as part of historical league records.
• Opt-Out of Marketing: You may opt out of promotional emails by clicking the “unsubscribe” link in any marketing email or by contacting us at [PRIVACY_EMAIL].
• Data Portability: You may request a copy of your personal data in a portable format.

California Residents — CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights:

(a) Right to Know. You may request that we disclose: the categories of personal information we have collected about you; the categories of sources from which we collected it; the business or commercial purposes for collection; the categories of third parties with whom we share it; and the specific pieces of personal information we have collected.

(b) Right to Delete. You may request deletion of personal information we have collected from you, subject to exceptions including: completing a transaction for which the information was collected; complying with a legal obligation; or other permitted purposes under the CPRA.

(c) Right to Correct. You may request correction of inaccurate personal information we maintain about you.

(d) Right to Opt-Out of Sale or Sharing. We do not sell your personal information for monetary consideration, and we do not share your personal information for cross-context behavioral advertising as defined by the CPRA.

(e) Right to Limit Use of Sensitive Personal Information. We do not collect or process sensitive personal information (as defined by Section 1798.140(ae) of the Civil Code) beyond what is necessary to perform the Service.

(f) Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, or provide a different quality of service because you exercised a privacy right.

(g) Authorized Agents. You may designate an authorized agent to submit a privacy request on your behalf. We may require written proof of authorization and may verify your identity independently.

To exercise California rights, contact us at [PRIVACY_EMAIL] with the subject line “California Privacy Request.” We will verify your identity and respond within forty-five (45) days. We may extend this period by an additional forty-five (45) days when reasonably necessary, with prior notice.

California “Shine the Light” (Cal. Civil Code § 1798.83): We do not share personal information with third parties for their direct marketing purposes.

Virginia Residents — VCDPA Rights

Under the Virginia Consumer Data Protection Act, Virginia residents have the right to: confirm whether we process your personal data; access your personal data; correct inaccuracies; delete your personal data; obtain a portable copy of your personal data; and opt out of the sale of personal data, targeted advertising, and profiling that produces legal or similarly significant effects concerning you. We do not sell personal data or use it for targeted advertising or such profiling. To submit a request, contact [PRIVACY_EMAIL]. If we deny your request, you may appeal by emailing [PRIVACY_EMAIL] with the subject “Privacy Request Appeal.” If your appeal is denied, you may contact the Virginia Attorney General at oag.state.va.us.

Colorado Residents — CPA Rights

Under the Colorado Privacy Act, Colorado residents have the right to access, correct, delete, and obtain a portable copy of personal data, and to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such processing. To submit a request or appeal a denial, contact [PRIVACY_EMAIL].

Connecticut Residents — CTDPA Rights

Under the Connecticut Data Privacy Act, Connecticut residents have rights to access, correct, delete, and obtain portable copies of personal data, and to opt out of targeted advertising, data sales, and profiling with significant effects. We do not engage in such processing. To submit a request or appeal a denial, contact [PRIVACY_EMAIL].

Texas Residents — TDPSA Rights

Under the Texas Data Privacy and Security Act, Texas residents have rights to access, correct, delete, and obtain portable copies of personal data, and to opt out of the sale of personal data and targeted advertising. We do not sell personal data or use it for targeted advertising. To submit a request, contact [PRIVACY_EMAIL].

Oregon Residents — OCPA Rights

Under the Oregon Consumer Privacy Act, Oregon residents have rights to access, correct, delete, and obtain portable copies of personal data, and to opt out of the sale of personal data and targeted advertising. We do not sell personal data or use it for targeted advertising. To submit a request, contact [PRIVACY_EMAIL].

Michigan Residents

Michigan does not currently have a comprehensive consumer data privacy statute equivalent to California's CCPA. However, Michigan residents have the following rights under applicable law: (a) Breach Notification: Under Michigan's Identity Theft Protection Act (MCL 445.61 et seq.), we will notify you of any security breach of your personal information within 45 days of discovering the breach, as required by law. Notification will be provided by email to the address associated with your account and/or by prominent notice on the Service; (b) General Rights: You retain all general rights described under “All Users — General Rights” above, including the right to access, correct, and request deletion of your personal data. To exercise these rights, contact [PRIVACY_EMAIL].

Other State Residents

Residents of Montana, Iowa, Delaware, New Hampshire, Utah, Indiana, and Tennessee also have privacy rights under their respective state laws. These rights are substantively similar to those described above and include rights to access, correct, delete, and obtain portable copies of personal data, and to opt out of the sale of personal data and targeted advertising. We do not sell personal data or use it for targeted advertising. To exercise rights under your state's law, contact [PRIVACY_EMAIL]. If your request is denied and your state law provides a right of appeal, you may appeal by emailing [PRIVACY_EMAIL] with the subject “Privacy Appeal – [YOUR STATE].”

7. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. Our security practices include:

• TLS/SSL encryption for all data transmitted between your device and our servers
• Password hashing using industry-standard bcrypt via Supabase Auth (we do not store plaintext passwords)
• Row-level security (RLS) policies on our database restricting data access based on authenticated user identity
• Access controls limiting employee and contractor access to personal information to those with a legitimate need
• Payment card security — Skoryd does not store full payment card numbers; all card data is handled by Stripe, a PCI DSS-compliant processor

No security system is perfect. We cannot guarantee that unauthorized parties will never gain access to your information. In the event of a security breach involving your personal information, we will notify affected individuals as required by applicable law. Notification timelines vary by state; for example, California requires notification in the most expedient time possible (generally within 72 hours of discovery), Michigan requires notification within 45 days (MCL 445.72), and most other states require notification within 30–60 days. We will always comply with the most protective standard applicable to the affected individuals.

8. Data Retention

We retain personal information for as long as your account is active and for a reasonable period thereafter as needed to: provide and improve the Service; comply with legal obligations (including tax and financial record retention requirements); resolve disputes; enforce our Terms of Service; and maintain historical league and tournament records.

Upon account deletion, we will delete or anonymize your personal profile data (name, email, profile photo, bio, hometown) within forty-five (45) days. Match scores and standings may be retained in anonymized or aggregate form indefinitely as part of the historical record of organized Events.

We retain payment transaction records for seven (7) years in compliance with applicable tax and financial regulations.

9. Children's Privacy

The Service is intended exclusively for users 18 years of age or older. We do not knowingly collect, use, or disclose personal information from persons under 18 years of age. If we learn that we have collected personal information from a person under 18, we will take immediate steps to delete that information from our systems. If you believe that we may have collected information from a person under 18, please contact us immediately at [PRIVACY_EMAIL].

10. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party properties. We are not responsible for the privacy practices of any third party. We encourage you to read the privacy policies of any third-party services you use.

11. Do Not Track

Some browsers transmit “Do Not Track” signals to websites. The Service does not currently respond to Do Not Track signals. As described in Section 5, we do not use advertising cookies or behavioral tracking for advertising purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by: (a) sending an email to the address associated with your account; and/or (b) posting a prominent notice on the Service at least thirty (30) days before the change takes effect. The revised Privacy Policy will include a new “Last Updated” date. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Privacy Policy, you must stop using the Service and delete your account.

13. Contact Us

For questions, concerns, privacy rights requests, or complaints regarding this Privacy Policy or our data practices, please contact us at:

Skoryd
Email: [PRIVACY_EMAIL]
Mailing Address: [MAILING ADDRESS]

If you are a California resident, you may also file a complaint with the California Privacy Protection Agency at cppa.ca.gov.

If you are located in a state with an attorney general empowered to enforce state privacy laws, you may file a complaint with your state attorney general's office after exhausting your appeal rights with us.