sportFriends

PRIVACY POLICY

SportFriends

Last updated: 14/03/2026

1. INTRODUCTION

This Privacy Policy describes how SportFriends (hereinafter "the Application", "the Service", "We" or "Our") collects, uses, stores and protects your personal data in connection with the use of our mobile application.

SportFriends is a geolocated social network of the "Mesh Network" type designed to connect athletes wishing to practice physical activities together.

We attach paramount importance to protecting your privacy and respecting your personal data. This policy complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

2. DATA CONTROLLER

The data controller for your personal data is:

[COMPANY NAME]
[LEGAL FORM]
[FULL ADDRESS]
Email: [CONTACT EMAIL]
Registration Number (SIRET): [SIRET NUMBER]

Data Protection Officer (DPO): [DPO NAME]
Email: [DPO EMAIL]

3. DATA COLLECTED

3.1 Identification and Account Data

When creating your account, we collect:

  • Username (pseudonym)
  • Email address
  • Password (stored in encrypted form)
  • Date of birth (to verify minimum age requirement)
  • Gender (optional, used for access to "Women Only" spaces)
  • Profile photo (optional)
  • Short biography (optional)

3.2 Geolocation Data

The Application requires access to your geographic location to function. We collect:

  • Real-time GPS coordinates (latitude, longitude)
  • Location accuracy
  • Location history limited to active Spots

Important: Your location data is only used to display nearby Spots and is not kept beyond the time necessary for the Service to operate. In accordance with our ephemerality policy, this data is deleted after 30 days of inactivity.

3.3 User Content Data

When you use the Application, we collect:

  • Messages and discussions in Spots
  • Shared photos and videos
  • Information about created Spots (sport, location, date, time)
  • Spot participations

Scrubbing Policy: All this data is automatically and permanently deleted after 30 days of inactivity. See section 6 for more details.

3.4 Technical and Usage Data

We automatically collect certain technical data:

  • Device type and model
  • Operating system and version
  • Application version
  • Unique device identifier (anonymized)
  • IP address (anonymized)
  • Connection data (date, time, duration)
  • Usage data (features used, interactions)
  • Bug and crash reports

3.5 Data Related to "Women Only" Spaces

To ensure the integrity of spaces reserved for women:

  • History of gender modifications in the profile
  • Dates of gender changes (to apply the 30-day cooldown)

4. PURPOSES OF PROCESSING

Your personal data is collected and processed for the following purposes:

4.1 Service Provision

  • Creation and management of your user account
  • Authentication and access security
  • Display of Spots near your location
  • Connection with other athletes
  • Facilitation of communication between users
  • Content sharing (messages, photos, videos)

4.2 Service Security and Integrity

  • Fraud and abuse prevention
  • Detection and blocking of inappropriate behavior
  • Application of the cooldown system for "Women Only" spaces
  • Moderation of reported content
  • Compliance with the General Terms of Use

4.3 Service Improvement

  • Usage and performance analysis
  • Correction of bugs and technical problems
  • Development of new features
  • Optimization of the user experience

4.4 Communication

  • Notifications related to your activity (new messages, participations)
  • Important information about the Service
  • Security updates
  • Responses to your support requests

5. LEGAL BASIS FOR PROCESSING

In accordance with GDPR, the processing of your data is based on the following legal grounds:

5.1 Contract Performance (Article 6.1.b GDPR)

Processing of your identification, geolocation and content data is necessary for the performance of the contract you accepted when using the Application (ToS).

5.2 Consent (Article 6.1.a GDPR)

Some processing requires your explicit consent:

  • Access to precise geolocation
  • Sending push notifications
  • Sharing photos and videos

You can withdraw your consent at any time in the Application or device settings.

5.3 Legitimate Interest (Article 6.1.f GDPR)

We process certain data based on our legitimate interest:

  • Security and fraud prevention
  • Service improvement
  • Anonymized statistical analysis

5.4 Legal Obligation (Article 6.1.c GDPR)

Some processing is necessary to comply with our legal obligations:

  • Retention of certain data to respond to judicial requisitions
  • Combatting illegal content

6. DATA RETENTION PERIOD

6.1 Ephemerality and "Scrubbing" Policy

Fundamental principle: SportFriends applies a strict data ephemerality policy to protect your privacy.

Spot Data:

  • Hiding after 7 days: Inactive Spots and discussions are automatically hidden from the interface after 7 consecutive days without activity
  • Permanent deletion after 30 days: All associated data (messages, media, metadata) is permanently and irrevocably deleted from our servers after 30 days of inactivity
  • This deletion is irreversible and no backup copy is kept

6.2 Account Data

Data strictly necessary for your account operation is kept as long as your account remains active:

  • Identifier and email
  • Encrypted password
  • Profile preferences
  • History of gender modifications (for "Women Only" cooldown)

This data is deleted immediately when you delete your account.

6.3 Technical Data

  • Connection logs: 6 months maximum
  • Anonymized analytics data: 24 months maximum
  • Bug reports: 12 months maximum

6.4 Data Archived for Legal Obligations

In case of reporting or dispute, certain data may be securely archived to meet our legal obligations:

  • Data related to reported content: until resolution of the report
  • Data necessary in case of legal proceedings: duration of proceedings + legal prescription periods

7. DATA SHARING

7.1 Non-Sharing Principle

We never sell your personal data to third parties.

7.2 Sharing with Other Users

By nature, certain data is visible to other Application users:

  • Your pseudonym and profile photo
  • Your biography
  • Spots you create or participate in
  • Your messages in Spot discussions
  • Your approximate location (city/neighborhood) in Spots

7.3 Service Providers

We may share certain data with technical service providers acting on our behalf:

  • Server and database hosting
  • Geolocation and mapping services
  • Analytics and monitoring tools
  • Push notification services
  • Technical support and maintenance

These providers are contractually bound to respect the confidentiality of your data and can only use it for defined purposes.

7.4 Legal Obligations

We may be required to disclose your data:

  • In response to a judicial requisition
  • To comply with a legal obligation
  • To protect our rights, property or safety
  • In case of illegal content reporting

7.5 Transfers Outside the EU

Your data is primarily stored on servers located in the European Union. In case of transfer outside the EU, we ensure that appropriate safeguards are in place (standard contractual clauses, Privacy Shield, etc.).

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

8.1 Technical Measures

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Cryptographic hashing of passwords (bcrypt)
  • IP address anonymization
  • Firewalls and intrusion detection systems
  • Regular and secure backups
  • Regular security testing

8.2 Organizational Measures

  • Data access limited to authorized personnel
  • Strong authentication for administrator access
  • Data access logging
  • Staff training on data protection
  • Security incident management procedures

8.3 Advanced Technical Measures

SportFriends implements cutting-edge technologies to protect your privacy:

Blurred Location (Geohash):

  • We do not track users in real-time
  • GPS positions are converted to "Geohash5" (zones of approximately 5km radius)
  • This technique allows grouping players without exposing their exact position
  • Your precise location is never stored or shared

Automatic Deletion (Scrubbing):

  • After 30 days of inactivity, Spot data is irreversibly destroyed
  • Native "by design" right to be forgotten: no manual intervention required
  • Cryptographic deletion ensuring impossibility of recovery
  • No backup copies are kept beyond this period

Biometric Data and Secure Authentication:

  • Authentication is primarily done via Passkey (WebAuthn)
  • Passwordless authentication based on public key cryptography
  • Protection against phishing and brute force attacks
  • Use of Cloudflare Turnstile (without intrusive cookies) against bots
  • Modern and privacy-friendly alternative to traditional CAPTCHAs

Local AI and Privacy Respect:

  • Voice transcriptions are handled by isolated AI models (HuggingFace)
  • Image moderation uses local AI models
  • Raw files are never used to train third-party AI
  • Processing locally or on our secure servers only
  • No sharing with external AI services (OpenAI, Google, etc.)
  • Immediate deletion of files after processing

8.4 User Responsibility

You are responsible for:

  • The confidentiality of your login credentials
  • The security of your device
  • Logging out after use on a shared device
  • Immediate reporting of any unauthorized use of your account

9. YOUR RIGHTS

In accordance with GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15 GDPR)

You can obtain:

  • Confirmation that your data is being processed
  • A copy of your personal data
  • Information about the processing carried out

9.2 Right to Rectification (Article 16 GDPR)

You can request corection of inaccurate or incomplete data. You can also directly modify your profile information in the Application.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

You can request deletion of your personal data:

  • By deleting your account from the Application settings
  • By contacting us directly

Deletion is immediate and permanent. Note that some data may be kept in anonymized form for statistical purposes or to meet legal obligations.

9.4 Right to Restriction of Processing (Article 18 GDPR)

You can request restriction of processing of your data in certain cases (contesting accuracy, unlawful processing, etc.).

9.5 Right to Data Portability (Article 20 GDPR)

You can receive your data in a structured, commonly used and machine-readable format, and transmit it to another data controller.

9.6 Right to Object (Article 21 GDPR)

You can object at any time to the processing of your data for reasons relating to your particular situation, especially for processing based on legitimate interest.

9.7 Right to Withdraw Consent

For consent-based processing, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

9.8 Right to Define Post-Mortem Directives

You can define directives regarding the retention, deletion and communication of your data after your death.

9.9 Exercising Your Rights

To exercise your rights, contact us:

  • By email: [DPO EMAIL]
  • Via the Application's contact form
  • By mail: [POSTAL ADDRESS]

We commit to responding within a maximum of one month. This period may be extended by two months in case of complex requests.

9.10 Right to Lodge a Complaint

If you believe your rights are not being respected, you can lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) or your national data protection authority:

CNIL
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
Tél : 01 53 73 22 22
www.cnil.fr

10. COOKIES AND SIMILAR TECHNOLOGIES

10.1 Limited Use

The mobile Application uses a minimal number of tracking technologies:

  • Session cookies strictly necessary for operation
  • Local storage for user preferences
  • Anonymized device identifiers for analysis

10.2 Third-Party Cookies

We may use third-party services that set their own cookies:

  • Mapping services (Google Maps, OpenStreetMap)
  • Analytics tools (anonymized)

10.3 Cookie Management

You can manage cookies through your browser or mobile device settings.

11. DATA OF MINORS

The Application is intended for persons aged at least 16 years.

Minors aged 16 to 18 must obtain authorization from their parents or legal guardians before creating an account.

We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will immediately delete this information.

If you are a parent or guardian and believe your child has provided us with personal data, contact us immediately.

12. CHANGES TO THE PRIVACY POLICY

We may modify this Privacy Policy at any time to reflect:

  • Changes in our practices
  • Regulatory changes
  • Addition of new features

In case of substantial modification, we will inform you by:

  • Notification in the Application
  • Email to the address associated with your account

The date of last update is indicated at the top of this document. We encourage you to consult this policy regularly.

Continued use of the Service after modification constitutes acceptance of the new policy.

13. CONTACT

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us:

Data Controller:
[COMPANY NAME]
[FULL ADDRESS]
Email: [CONTACT EMAIL]

Data Protection Officer (DPO):
[DPO NAME]
Email: [DPO EMAIL]

Other contact methods:

  • Via the Application's contact form
  • By postal mail to the above address

By using SportFriends, you acknowledge that you have read, understood and accepted this Privacy Policy.

Last updated: 14/03/2026