Legal
This Privacy Policy explains how MTCHMKR LTD (“MTCHMKR”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use the MTCHMKR mobile application, website (mtchmkr.co.uk), and all related services (collectively, the “Platform”). We are committed to handling your data responsibly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. By using the Platform, you acknowledge that you have read and understood how we handle your personal data.
Section 01
The data controller responsible for your personal data is:
MTCHMKR LTD
Registered in England & Wales — Company No. 13955219
13-17 High Beech Road, Loughton, Essex, IG10 4BN
Email: privacy@mtchmkr.co.uk
Support: support@mtchmkr.co.uk
As the data controller, MTCHMKR determines the purposes and means of processing your personal data. If you have any questions about how we handle your data, please contact us using the details above.
Section 02
We collect personal data in the following categories:
2.1 Account & Registration Data
2.2 Player Profile & Activity Data
2.3 Location Data
With your permission, we collect your device’s location data to display nearby Venues and suggest local match opportunities. Location data is only collected when you are actively using the Platform and have granted location access. You can revoke location access at any time through your device settings.
2.4 Communications Data
2.5 Payment Data
When you make or receive payments through the Platform (such as tournament entry fees or prize distributions), payment processing is handled entirely by Stripe, Inc. MTCHMKR does not store your full card number, CVV, or bank account details. We retain transaction records, including amounts, dates, tournament references, and Stripe transaction IDs, for accounting, dispute resolution, and legal compliance purposes.
2.6 Device & Technical Data
2.7 Venue & Club Data (Venue Operators Only)
If you register a Venue on the Platform, we collect business information including venue name, address, contact details, table types and counts, pricing information, and opening hours. This data is published on the Platform's interactive map and is visible to other users.
2.8 Data We Do Not Collect
We do not collect or knowingly process any special categories of personal data as defined under UK GDPR (such as health data, racial or ethnic origin, religious beliefs, or biometric data) unless you voluntarily disclose such information in communications with us. We do not collect data from users aged under 13.
Section 03
We use your personal data only for the purposes set out below. For each purpose, we identify the legal basis under UK GDPR on which we rely.
| Purpose | Details | Legal Basis |
|---|---|---|
| Account creation & management | Creating and maintaining your account, verifying your email, and managing your login credentials. | Performance of a contract (Article 6(1)(b)) |
| Matchmaking & platform features | Suggesting suitable opponents, applying handicaps, displaying match requests, recording results, and maintaining your match history. | Performance of a contract (Article 6(1)(b)) |
| Tournaments & leagues | Managing tournament entries, generating brackets, recording results, distributing prizes, and maintaining leaderboards. | Performance of a contract (Article 6(1)(b)) |
| Payment processing | Processing tournament entry fees and prize distributions via Stripe. Retaining transaction records for accounting and legal compliance. | Performance of a contract; Legal obligation (Article 6(1)(b), 6(1)(c)) |
| Push notifications | Sending match invitations, acceptances, score confirmations, tournament updates, and Platform announcements to your device. | Consent (Article 6(1)(a)) |
| Location services | Displaying nearby Venues and suggesting local match opportunities based on your current location. | Consent (Article 6(1)(a)) |
| In-app messaging | Enabling match chat and group chat features. Monitoring communications where necessary to enforce our Terms & Conditions. | Performance of a contract; Legitimate interests (Article 6(1)(b), 6(1)(f)) |
| AI progress assessments | Generating automated performance insights based on your match history to provide motivational feedback. | Legitimate interests (Article 6(1)(f)) |
| Platform security & fraud prevention | Detecting and preventing manipulation of ratings, leaderboards, match results, and payment fraud. Investigating reported conduct breaches. | Legitimate interests (Article 6(1)(f)) |
| Platform improvement | Analysing usage patterns, crash reports, and error logs to improve the performance, stability, and features of the Platform. | Legitimate interests (Article 6(1)(f)) |
| Legal compliance | Retaining records as required by law (e.g. financial records under the Companies Act 2006 and HMRC requirements). | Legal obligation (Article 6(1)(c)) |
| Customer support | Responding to support queries, complaints, and account-related requests. | Legitimate interests; Performance of a contract (Article 6(1)(f), 6(1)(b)) |
| Marketing communications | Sending promotional emails or in-app messages about new features, tournaments, and Platform updates. You can opt out at any time. | Consent; Legitimate interests (Article 6(1)(a), 6(1)(f)) |
Section 04
We do not sell your personal data to third parties. We share your data only in the following limited circumstances:
4.1 Other Platform Users
Certain profile data is visible to other registered users of the Platform as part of the core service. This includes your display name, profile photograph, Star Rating, match history, and leaderboard position. Match results involving you are visible to your opponent and, where relevant, to tournament or league participants. You should be aware that any information you choose to include in your profile is visible to other users.
4.2 Stripe (Payment Processing)
Payment data is shared with Stripe, Inc. for the purposes of processing transactions. Stripe acts as a data processor on our behalf and is bound by its own privacy policy and data processing terms. Stripe is certified to PCI DSS Level 1. More information is available at stripe.com/privacy.
4.3 Supabase (Database Infrastructure)
Our Platform database and backend infrastructure is provided by Supabase, Inc. Your data is stored on Supabase-managed servers. Supabase acts as a data processor on our behalf under a data processing agreement. Data is stored within the European Economic Area (EEA) or in jurisdictions with adequate protection under UK GDPR.
4.4 Apple & Google (App Stores & Push Notifications)
Distributing the Platform through the Apple App Store and Google Play Store requires sharing limited technical data (such as push notification tokens) with Apple Inc. and Google LLC. These companies act as independent data controllers in respect of their own platforms and are subject to their own privacy policies.
4.5 Legal & Regulatory Authorities
We may disclose your personal data to law enforcement agencies, courts, regulators, or other public authorities where we are required to do so by law, or where we reasonably believe such disclosure is necessary to protect the rights, property, or safety of MTCHMKR, our users, or the public.
4.6 Business Transfers
In the event that MTCHMKR LTD undergoes a merger, acquisition, restructuring, or sale of all or part of its business or assets, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you of any such transfer and of any choices you may have regarding your data in accordance with applicable law.
4.7 Analytics Providers
We may use third-party analytics tools (such as Mixpanel or PostHog) to help us understand how users interact with the Platform. These tools collect anonymised or pseudonymised usage data. Where we use such tools, we ensure appropriate data processing agreements are in place and that data is handled in accordance with UK GDPR.
Section 05
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & profile data | For the lifetime of your account, plus 12 months after closure | To allow account recovery and resolve any post-closure disputes |
| Match history & results | Indefinitely (anonymised after account closure) | To maintain the integrity of leaderboards and historical records |
| Payment & transaction records | 7 years from the date of transaction | Legal obligation under HMRC and Companies Act 2006 requirements |
| In-app messages | 12 months from the date of the message | To investigate conduct complaints and enforce our Terms & Conditions |
| Device & technical logs | 90 days | For debugging, crash resolution, and security monitoring |
| Support correspondence | 3 years from the date of the last contact | To resolve follow-up queries and maintain a complaint history |
| Marketing consents | Until withdrawn, plus 3 years | To demonstrate compliance with consent requirements |
When personal data is no longer required, we will securely delete or anonymise it. Where full deletion is not immediately possible (e.g. data held in backup systems), we will isolate it from further processing and delete it as soon as reasonably practicable.
Section 06
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at privacy@mtchmkr.co.uk. We will respond to all valid requests within one calendar month.
Right of Access
You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will provide this free of charge within one month.
Right to Rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.
Right to Erasure
You have the right to request that we delete your personal data in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
Right to Restrict Processing
You have the right to request that we restrict the processing of your data in certain circumstances, for example while a dispute about accuracy is resolved.
Right to Data Portability
Where processing is based on consent or contract, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing based on our legitimate interests, and to processing for direct marketing purposes. We will stop such processing unless we can demonstrate compelling legitimate grounds.
Rights re: Automated Decisions
Where we make decisions about you using solely automated means (such as Star Rating adjustments) that produce significant effects, you have the right to request human review of those decisions.
Right to Withdraw Consent
Where processing is based on your consent (e.g. push notifications, location data, or marketing), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.
If you are not satisfied with our response to a data rights request, or believe we are not handling your personal data in accordance with the law, you have the right to lodge a complaint with the UK’s data protection supervisory authority:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Section 07
7.1 Mobile App
The MTCHMKR mobile application does not use cookies. We use local device storage only where strictly necessary for the functioning of the app (such as storing your authentication session). We do not use tracking technologies for advertising purposes within the app.
7.2 Website (mtchmkr.co.uk)
The MTCHMKR website may use strictly necessary cookies to maintain your session when you access account-related areas of the site. We do not currently use analytics cookies, advertising cookies, or third-party tracking pixels on our website. If this changes, we will update this policy and seek your consent where required.
7.3 Third-Party SDKs
Our mobile application may include software development kits (SDKs) from third-party providers (such as Stripe and analytics tools) that collect limited technical data as described in Section 2. These SDKs are subject to their respective providers’ privacy policies.
Section 08
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. Our security measures include:
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. If you become aware of any security vulnerability or suspect unauthorised access to your Account, please notify us immediately at support@mtchmkr.co.uk.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.
Section 09
MTCHMKR is a UK-based platform and we seek to store and process your data within the UK or the European Economic Area (EEA) wherever possible. However, some of our third-party service providers (including Stripe and app store operators) may process your data in countries outside the UK and EEA.
Where personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place, such as:
You can request further information about our international transfer safeguards by contacting us at privacy@mtchmkr.co.uk.
Section 10
The Platform is available to users aged 13 and over. Users aged 13–17 (“young users”) may only use the Platform with the consent of a parent or legal guardian. We do not knowingly collect personal data from children under the age of 13. If we become aware that we have inadvertently collected personal data from a child under 13 without parental consent, we will delete that data as soon as reasonably practicable.
We apply additional care to the processing of data relating to young users, in accordance with the ICO’s Age Appropriate Design Code (the Children’s Code). In particular, we do not use young users’ data for marketing purposes and we apply privacy-protective default settings to accounts where we have reason to believe the user may be under 18.
If you are a parent or guardian and believe your child has registered on the Platform without your consent, or that we may hold personal data relating to a child under 13, please contact us immediately at privacy@mtchmkr.co.uk.
Section 11
The Platform uses automated processes to adjust your Star Rating following each match, based on your most recent five results. This automated adjustment directly affects your matchmaking experience, the handicaps applied to your matches, and your position on leaderboards. This constitutes automated decision-making that produces effects concerning you within the meaning of UK GDPR Article 22.
We rely on our legitimate interests (Article 6(1)(f)) as the legal basis for this automated processing, as maintaining fair and accurate ratings is fundamental to the Platform’s ability to provide competitive matchmaking for all users.
You have the right to request human review of any automated rating adjustment that you believe is incorrect or that has been affected by manipulation or error. To exercise this right, please contact us at support@mtchmkr.co.uk with details of the specific adjustment you wish to dispute.
AI-generated progress assessments are also produced by automated means. These are provided for informational purposes only and do not constitute decisions that produce legal or similarly significant effects.
Section 12
We may contact you with information about new features, upcoming tournaments, app updates, and other MTCHMKR news via email or in-app notification. We will only send you marketing communications where we have a legal basis to do so — either your consent, or our legitimate interests where we reasonably consider that you would expect to receive such communications as a user of the Platform.
You can opt out of marketing communications at any time by:
Please note that opting out of marketing communications will not affect transactional or service communications, such as match notifications, score confirmations, or account security alerts — these are necessary for the operation of the Platform and will continue to be sent.
Section 13
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. The most current version will always be available at mtchmkr.co.uk/privacy. The “Effective Date” at the top of this policy indicates when it was last updated.
Where changes are material — meaning they significantly affect your rights or how we process your personal data — we will notify you via the Platform or by email before the changes take effect. Your continued use of the Platform after the effective date of any updated policy constitutes your acknowledgement of the changes. If you do not agree to the updated policy, you should stop using the Platform and close your Account.
Section 14
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal data, please contact us:
By email: privacy@mtchmkr.co.uk
By post: MTCHMKR LTD, 13-17 High Beech Road, Loughton, Essex, IG10 4BN
Support queries: support@mtchmkr.co.uk
We aim to respond to all privacy-related enquiries within 5 working days, and to all formal data rights requests within one calendar month. If your matter is complex, we may extend this period by a further two months — if so, we will notify you within the first month and explain the reason for the delay.
If you remain unsatisfied after contacting us, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or on 0303 123 1113.