Privacy Policy

We collect the following personal data: • Account information (name, email address, password hash) • Profile data (avatar, social links, favorite clubs, location) • Event participation history • Community posts, comments, and likes • Notification preferences • Device/browser information for security purposes

Your data is used to: • Provide and improve the Platform • Manage your account and authentication • Send transactional emails (verification, password reset, event updates) • Display your profile to other users • Generate anonymized analytics and statistics • Prevent spam and abuse

Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified). We store only your Stripe customer ID to link your account to payment records. We never store, process, or have access to your full credit card number, CVV, or banking details. Please refer to Stripe's privacy policy for details on how they handle your payment information.

Your data is stored in PostgreSQL databases hosted on secure, encrypted servers. Passwords are hashed using bcrypt with a cost factor of 10. Authentication uses JSON Web Tokens (JWT) with a 7-day expiry. All data transmission is encrypted via HTTPS/TLS. We implement industry-standard security measures to protect your data.

We do not sell your personal data. We share data only with: • Stripe (payment processing) • Resend (transactional email delivery) • Supabase (optional image storage for avatars) We may disclose data if required by law or to protect the rights and safety of our users.

Under the General Data Protection Regulation (GDPR), you have the following rights: • Right to Access — view the personal data we hold about you in your account settings • Right to Rectification — update your personal data through your profile settings • Right to Erasure — permanently delete your account and all associated data • Right to Data Portability — request a copy of your data in a structured format • Right to Restrict Processing — limit how we use your data • Right to Object — object to processing of your data for specific purposes To exercise these rights, visit your account settings or contact us at support@ccsportingevents.com.

CC Sporting Events does not use tracking cookies or third-party analytics cookies. We use browser localStorage for essential functionality only: • Authentication token (cc_auth_token) • User session data (cc_user) • Language preference (language-storage, i18next-lng) • Cookie consent status (cc-cookie-consent) These are strictly necessary for the Platform to function and do not track you across other websites.

Your personal data is retained as long as your account is active. When you delete your account, all personal data is permanently removed, including your profile, posts, comments, likes, event participations, and feedback. Anonymized, aggregated statistics may be retained. Payment records may be retained as required by tax and financial regulations.

The Platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Platform. The date of the last update is displayed at the top of this page.

For privacy-related inquiries, contact our Data Protection Officer at privacy@ccsportingevents.com. CC Sporting Events, Kosovo, Europe.