Privacy Policy
Last updated: June 29, 2026
1. Introduction
This Privacy Policy describes how the Tennis Warsaw service ("the Service", "we", "our") collects, uses and protects information when you use the website at tenniswarsaw.club or the Telegram Mini App.
The Service is an independent third-party project and is not affiliated with, endorsed by, or part of Telegram. By using the Service you agree to the terms of this Privacy Policy.
Tennis Warsaw is the data controller for the personal data described in this policy. For any privacy request or question, contact us at privacy@tenniswarsaw.club; we respond within 30 days. Given the scale and nature of our processing, we are not required to appoint a Data Protection Officer.
2. Data We Collect
When you open the Telegram Mini App, we receive the following data provided by Telegram:
- Telegram user ID
- First name, last name
- Username
- Profile photo URL
- Language preference
If you sign in via the website with Google or the Telegram Login Widget, we also receive your email address and/or Telegram account identifiers from that provider.
Additionally, you may provide:
- Phone number, email and other contact handles (WhatsApp, Instagram, Facebook)
- Playing level, date of birth and other profile preferences
- Tournament registration and match result data
Contact details are private by default. Each contact field has a public/private toggle in your profile; private fields are never shown to other players. Email, phone, date of birth and account identifiers are never exposed to other players through the app.
3. How We Use Your Data
Your data is used solely for the following purposes:
- Creating and managing your player profile
- Registering you for tennis tournaments
- Generating tournament brackets and recording match results
- Sending tournament-related notifications via the Telegram Bot
- Displaying participant lists to other registered players
We do not sell, rent or monetize your personal data. We do not use your data for advertising or marketing purposes beyond tournament-related notifications.
4. Data Storage and Security
Your data is stored in a secure database hosted by Supabase with encryption at rest and in transit. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction.
We do not sell your data. We share it only with the service providers (sub-processors) needed to run the service:
- Supabase — database, authentication and file storage hosting.
- Sentry (EU) — error monitoring (with personal data sending disabled).
- Telegram — delivery of the Mini App and bot notifications.
- Web Push / Apple Push (APNs) — delivery of push notifications you opt into.
- Vercel — application hosting.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. When you delete your account, your personal data (name, contact details, Telegram and Google identifiers, email, phone, photo and date of birth) is erased and the Supabase Auth account is removed. Tournament history and match results are kept in anonymized form so past brackets and rankings remain accurate; they no longer identify you.
6. Your Rights
You have the right to:
- Access / portability— download a copy of your data anytime from Profile → Settings → "Download my data" (JSON).
- Request correction of inaccurate data (edit it in your profile)
- Erasure— delete your account anytime from Profile → Settings → "Delete account". This erases your personal data and anonymizes past results.
- Withdraw your consent at any time by stopping use of the Service or deleting your account
You can access and erase your data yourself in Profile → Settings. For any other request, or to escalate, email privacy@tenniswarsaw.club (we respond within 30 days) or contact the administrators in the Telegram group.
7. Cookies and Tracking
When you use the Service through a regular web browser (outside Telegram), we rely on a small number of cookies and third-party services:
- Authentication cookies (Supabase). Essential session cookies set by our auth provider (Supabase) when you sign in with Google or the Telegram Login Widget. Without them you cannot stay signed in. They are first-party, HTTP-only, and not used for tracking.
- Error monitoring (Sentry). When an error occurs we send a diagnostic event to Sentry (hosted in the EU). We have disabled
sendDefaultPii, so IP addresses, request headers and user identifiers are not automatically attached. Only the error context required to debug the issue is sent. - Telegram WebApp SDK. The page loads
telegram-web-app.jsfrom telegram.org so the Mini App can integrate with Telegram when opened inside it. The script does not set cookies on our domain. - Local preferences.We use the browser's
localStorageto remember your language choice and that you accepted this notice (tw.cookieConsent.v1). These values never leave your device.
We do not use Google Analytics, Facebook Pixel, advertising trackers or session replay tools.
8. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.