Privacy Policy
Effective: 2026-07-05
Who we are
The controller of personal data processed via IAMScouting is the entity named in our Imprint.
Data we collect
- Account: email, hashed password (bcrypt, stored in our EU-hosted database), display handle, optional name/phone.
- Network: trip pins (location, dates, notes), direct messages, persona settings, trust proofs.
- Reports: player reports you author (text, scores, optional voice memo).
- Payments: handled by Stripe. We store only customer ID + subscription state, never card data.
- Usage: server logs (IP, user agent, timestamps) for security & abuse prevention. Retained 30 days.
Legal basis (GDPR Art. 6)
- Contract performance (delivering the Service)
- Legitimate interest (security, fraud prevention, network integrity)
- Consent (optional features like push notifications, location)
Third-party processors
- Hostinger (hosting + database, EU region)
- DeepSeek (AI report drafting + transcription)
- Stripe (payments, Ireland) — when paid plans are enabled
- Resend (transactional email)
- Esri / Mapbox (map tiles)
- OpenStreetMap / Wikidata / Wikipedia (venue + reference data)
We sign Data Processing Agreements where required by GDPR. Authentication is handled in-house (custom JWT session cookie); we do not use a third-party auth provider.
Cookies
We use strictly necessary cookies for authentication (our iams-session JWT cookie) and to remember your language preference. No advertising or tracking cookies.
Your rights
Under GDPR you have the right to:
- Access your data
- Rectify inaccurate data
- Erasure ("right to be forgotten")
- Restrict processing
- Data portability (export your data)
- Object to processing
- Lodge a complaint with a supervisory authority
Email start@iamscouting.com to exercise these rights. Response within 30 days.
Retention
- Account data: until deletion request
- Server logs: 30 days
- Payment records: as required by tax law (up to 10 years)
- Trip pins: indefinite unless deleted by user
Data transfers
Some processors (e.g. Stripe, DeepSeek) may process data outside the EU. Such transfers rely on Standard Contractual Clauses or adequacy decisions per Art. 44–49 GDPR.
Children
The Service is not directed to children under 16. If you become aware that a minor has submitted data, contact us and we will delete it.
Contact our DPO/privacy lead: start@iamscouting.com