Privacy Policy for Scora

Last updated: February 2026

1. Controller

Leon Wolf Vahlenhorst 78b 26127 Oldenburg Germany

Email: Website: https://leonwolf.dev

2. Overview of Data Processing

Scora is an app for tracking scores in padel and soccer, with Apple Watch support. This privacy policy informs you about the processing of your personal data.

3. Data We Collect

3.1 Account Data (when registering)

  • Email address
  • Password (stored in encrypted form)
  • User ID

3.2 Usage Data

  • Scores and match history
  • Player statistics
  • Game timestamps
  • Heart rate data during workouts
  • Workout metrics (duration, calories)
  • Linking workouts with matches

3.4 Technical Data

  • Device type and operating system version
  • App version
  • Crash reports and error messages
  • Push notification token

3.5 Analytics and Interaction Data

  • Event data related to app usage (e.g., app launch, navigation, feature interactions)
  • Paywall and purchase funnel events (e.g., paywall shown, package selection, purchase/restore status)
  • Pseudonymous identifiers for linking product usage and subscription status (e.g., internal user ID, RevenueCat App User ID)

4. Third-Party Services

4.1 Supabase (backend services)

Purpose: User authentication, data storage, and synchronization across devices.

Data processed:

  • Email address and password
  • Scores and match data
  • User ID and timestamps

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

Privacy policy: https://supabase.com/privacy

Server location: Data is processed on servers in the EU/EEA.

4.2 Sentry (error monitoring)

Purpose: Detection and resolution of app errors for quality assurance.

Data processed:

  • Crash reports and stack traces
  • Device type and operating system version
  • App version and build number
  • General usage patterns (anonymized)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in troubleshooting)

Privacy policy: https://sentry.io/privacy/

Note: No personal data such as email addresses or names is sent to Sentry.

4.3 RevenueCat (in-app purchases)

Purpose: Management of subscriptions and in-app purchases, provision of premium features.

Data processed:

  • Anonymous user ID
  • Purchase history and subscription status
  • App Store transaction IDs

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

Privacy policy: https://www.revenuecat.com/privacy

Note: RevenueCat does not receive personal data such as your name or email address directly from the app.

4.4 OneSignal (push notifications)

Purpose: Sending push notifications for important updates and reminders.

Data processed:

  • Push notification token
  • Device type and operating system
  • App version
  • Time zone

Legal basis: Art. 6(1)(a) GDPR (consent via iOS notification permission)

Privacy policy: https://onesignal.com/privacy_policy

Note: You can disable push notifications at any time in your iOS settings.

4.5 Apple HealthKit

Purpose: Recording workout data during matches, displaying heart rate and calories burned.

Data processed:

  • Heart rate
  • Active calories
  • Workout duration and type
  • Link to match data

Legal basis: Art. 6(1)(a) GDPR (explicit consent)

Storage: Health data is stored exclusively on your device in Apple’s encrypted HealthKit database. It is not transmitted to our servers or third parties.

Withdrawal of consent: You can revoke HealthKit access at any time in iOS settings under “Privacy & Security” > “Health” > “Scora”.

4.6 Amplitude (product analytics)

Purpose: Analysis and improvement of the app, measurement of key feature usage (e.g., match flow), and optimization of paywall performance and purchase funnels.

Data processed:

  • Event data (e.g., app launch, match creation, score actions, paywall interactions)
  • Technical context data (device type, operating system, app version, timestamps)
  • Pseudonymous identifiers (e.g., internal user ID, RevenueCat App User ID)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in product improvement, error analysis, and optimization of user guidance/purchase flows)

Privacy policy: https://amplitude.com/privacy

Third-country transfers: Processing may take place outside the EU/EEA (e.g., in the USA). In such cases, appropriate safeguards are implemented in accordance with Art. 44 et seq. GDPR (in particular, Standard Contractual Clauses).

Objection/opt-out: You can object to processing for analytics purposes at any time for the future in the app settings (opt-out).

5. Data Storage and Deletion

5.1 Retention Periods

  • Account data: Until your account is deleted
  • Scores: Until manually deleted or account deletion
  • Crash reports: 90 days (Sentry default retention)
  • Analytics data (Amplitude): according to retention periods configured in Amplitude

5.2 Deletion

You can irreversibly delete your account and all associated data at any time in the app under “Settings” > “Delete Account”. When your account is deleted, all your data is removed from our servers.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): Obtain information about your stored data.
  • Right to rectification (Art. 16 GDPR): Have incorrect data corrected.
  • Right to erasure (Art. 17 GDPR): Request deletion of your data.
  • Right to restriction of processing (Art. 18 GDPR): Restrict data processing.
  • Right to data portability (Art. 20 GDPR): Receive your data in a commonly used format.
  • Right to object (Art. 21 GDPR): Object to data processing.
  • Withdrawal of consent (Art. 7(3) GDPR): Withdraw consent at any time.

To exercise your rights, contact us at:

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

Competent supervisory authority: The State Commissioner for Data Protection of Lower Saxony Prinzenstrasse 5 30159 Hanover https://www.lfd.niedersachsen.de

8. Data Security

We implement technical and organizational measures to protect your data:

  • Encrypted data transmission (TLS/HTTPS)
  • Encrypted password storage
  • Secure authentication via Supabase
  • Keychain storage for sensitive on-device data
  • Regular security updates

9. Changes to This Privacy Policy

We reserve the right to amend this privacy policy in order to reflect changes in legal requirements or changes to the app. The current version is always available in the app and on our website at https://leonwolf.dev.

10. Contact

If you have questions about data protection, contact us at:

Leon Wolf Vahlenhorst 78b 26127 Oldenburg Email: Website: https://leonwolf.dev