Legal

Privacy Policy

Last updated: 27 May 2026 Effective: 27 May 2026

This Privacy Policy describes how SMASH & DASH CLUB ("we", "us", or "our") collects, uses, and shares information about you when you use our web application and mobile application (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of information:

Account Information: When you sign in using Google or Facebook OAuth, we receive your name, email address, and profile photo from those providers.
Match & Activity Data: Match scores, player participation records, session attendance, and ranking history that you or your group admin logs within the app.
Profile Data: Optional information you choose to add to your player profile, such as playing style, gear information, and availability status.
Usage Data: Information about how you interact with the Service, including pages visited, features used, and session durations.
Device Information: Browser type, operating system, device identifiers, and IP address for security and analytics purposes.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Calculate and display player rankings and match statistics
Enable club group management and member communication features
Authenticate users and maintain account security
Respond to support inquiries and feedback
Monitor and analyse usage to improve user experience
Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. Data Sharing

We may share your information in the following circumstances:

Within your Club Group: Your player name, ranking, and match statistics are visible to other members of the same club group you belong to.
Service Providers: We use Supabase (database and authentication), Google Cloud (hosting), and Google OAuth / Facebook Login for authentication. These providers process data on our behalf under their respective privacy policies.
Legal Requirements: We may disclose information if required to do so by law or in response to valid legal requests.

4. Data Retention

We retain your account data and match history for as long as your account is active or as needed to provide the Service. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

5. Cookies

We use essential session cookies to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can control cookies through your browser settings.

6. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us and we will take steps to remove that information.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data.
Portability: Request your data in a portable format.
Objection: Object to certain types of data processing.

To exercise any of these rights, please contact us at support@smashdash.win.

8. Data Security

We implement industry-standard security measures including TLS encryption for data in transit, row-level security (RLS) policies in our database to enforce group data isolation, and OAuth 2.0 authentication to prevent password-based attacks. We regularly review our security practices.

9. Third-Party Services

Supabase — Database, authentication, and storage. See Supabase Privacy Policy.

Google Sign-In — OAuth authentication. See Google Privacy Policy.

Facebook Login — OAuth authentication. See Meta Privacy Policy.

Google Cloud Run — Application hosting. See Google Cloud Privacy Notice.

10. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence, including Singapore and the United States. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitute acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: support@smashdash.win
Support: Help & Support Centre