1. Data controller
The data controller under Regulation (EU) 2016/679 (“GDPR”) is:
Marcello Guida
Via Cappella 4C
81021 Arienzo (CE), Italy
Email: mguida2604@gmail.com
No Data Protection Officer (DPO) has been appointed, as the conditions of Article 37 GDPR are not met.
2. Scope and nature of the service
SyncPoint is an iOS and watchOS app to track tennis and padel matches, sync data between iPhone and Apple Watch, and share results with other registered players. The app is distributed globally on the App Store and sold as a one-time purchase of €0.99, with no subscriptions or recurring in-app purchases. Payment is handled entirely by Apple; we do not receive or store payment data.
This policy applies to processing through the SyncPoint app and linked support web pages. The policy is accessible from the app via link; there is currently no dedicated in-app privacy screen.
3. Data we collect
3.1 Identity and profile
| Data | When | Where | Purpose |
|---|---|---|---|
| Apple User ID | Sign in with Apple | Device + CloudKit | Authentication, sync, invites, community |
| Username (@handle) | Profile creation | CloudKit (public database) | Player search, identification |
| First and last name | Sign in with Apple or manual entry | Device + CloudKit | Profile, scoreboard, invites, clubs |
| Apple email | First sign-in, if shared by Apple | Device only | Username generation and local account; never on CloudKit |
| Profile photo | If uploaded | CloudKit (public database) | Avatar visible to other players |
3.2 Matches and sports content
| Data | When | Where | Purpose |
|---|---|---|---|
| Scores, sets, timeline, duration | During/after match | Device; CloudKit if shared | Core app, history, H2H, live score |
| Player names | Match setup | Device; CloudKit if shared | Scoreboard and stats |
| Sport, surface, venue, mode | Match setup | Device + CloudKit | Stats and shareable cards |
| Match memory photo | Optional at end | Device + private CloudKit | Personal keepsake |
| Social card photo | Optional | In memory only | External card sharing |
You may enter player names as free text (including people without an account). Cloud sharing visible to other users occurs only if at least one player is linked to a registered SyncPoint profile (“Has the app” toggle).
3.3 Health and fitness
| Data | When | Where | Purpose |
|---|---|---|---|
| Heart rate, calories, steps, distance | During match (with Health permission) | Apple Health + device; CloudKit in completed shared matches | Match statistics |
| Workout | On Apple Watch (with permission) | Apple Health | Workout in Health |
Live vs shared matches: during a live match, other players see only the score. Health metrics may be included in completed shared matches (SharedMatch on CloudKit) if present in the match and if you linked registered players.
3.4 Location
| Data | When | Where | Purpose |
|---|---|---|---|
| GPS coordinates (~100 m) | When location permission is active | Device; CloudKit if match shared | Map/weather on card; shared record |
3.5 Clubs, groups and tournaments
| Data | In-app visibility | Purpose |
|---|---|---|
| Club name, city, sport, description | Public directory (if approved) | Community |
| Venue address | Club information | Directory |
| Email, phone, VAT number, legal name | Not shown to other users | Registration and approval (requester + controller) |
| Tournament data | Per feature rules | Club tournaments |
3.6 Invites and live matches
For invites and live score we process session ID, player names, match configuration and live score. Live matches expire automatically (~6 hours), are no longer shown after the match and are deleted when the match ends. They do not include health metrics or location towards other players.
4. Health, location and shared matches — transparency
Important. If you allow SyncPoint to access Apple Health and/or location (iOS “When In Use” permission), and link registered players with “Has the app”, when the match ends scores, any health metrics and coordinates in the match may be saved in the SharedMatch CloudKit record and visible to other linked participants.
There is currently no separate in-app consent such as “Include health/location in shared matches”: control is via iOS/watchOS system permissions and whether you link registered players. To limit sharing you can:
- revoke Health and/or Location permissions in iOS Settings;
- not link players with “Has the app”;
- delete your account (subject to limits on already shared matches — section 12).
We plan to add dedicated toggles for more granular control in the future.
5. Data we do NOT collect
- Phone contacts / address book
- Email or SMS content
- In-app web browsing history
- In-app search history (queries not stored)
- Device advertising identifiers
- Payment data (handled by Apple)
- Third-party advertising, marketing, behavioural analytics via external SDKs
- Crash logs sent to third-party services
- Remote push notifications (APNs tokens)
- Special categories under Art. 9 (race, religion, sexual orientation, etc.)
- AR / environment scanning data
6. Purposes and legal basis
| Processing | Purpose | Legal basis (GDPR) |
|---|---|---|
| Core features (scoreboard, history, sync, widget) | Service delivery | Art. 6(1)(b) — contract / pre-contractual steps |
| Profile, invites, clubs, shared matches | User-chosen cloud features | Art. 6(1)(b) |
| Health and fitness | Match stats, Health workouts | Art. 9(2)(a) — explicit consent (Health permission) |
| Location | Map, weather, match record | Art. 6(1)(a) — consent (location permission) |
| Health/location in SharedMatch | Visibility to linked players | Art. 9(2)(a) / Art. 6(1)(a) — system permissions + choice to share with registered players (see section 4) |
| Club administrative data | Registration and approval | Art. 6(1)(b) |
| Account retention and security | Service continuity | Art. 6(1)(f) — legitimate interests, where applicable |
Consent may be withdrawn at any time (Art. 7(3) GDPR) by revoking iOS permissions or deleting your account. Withdrawal does not affect lawfulness of processing based on consent before withdrawal.
We do not perform profiling or automated decision-making under Art. 22 GDPR.
7. Whether provision is mandatory
Data for local features (matches without account) is optional but required to use those features. Sign in with Apple and iCloud are required for profile, invites, clubs and shared matches. Health, Location, Camera and Photo Library permissions are optional; refusing them limits related features but not basic app use.
8. Where data is stored
| Location | Content |
|---|---|
| Device (SwiftData, local files) | Match history, memory photos, preferences |
| UserDefaults / App Group | Session, settings, cache |
| CloudKit — public database | Profile, SharedMatch, live matches, clubs, groups |
| CloudKit — private database | Match backup and memory photos (user iCloud) |
| Apple Health (HealthKit) | Workouts and metrics, if authorised |
9. Processors and recipients
| Party | Role | Data | Purpose |
|---|---|---|---|
| Apple Inc. (iCloud, CloudKit, Sign in with Apple, HealthKit) | Processor under Art. 28 GDPR (infrastructure on our behalf) | Data listed as needed for cloud and Health | Hosting, sync, authentication — not advertising tracking |
Open-Meteo (api.open-meteo.com, air-quality-api.open-meteo.com, archive-api.open-meteo.com) | Weather/climate service provider | Latitude, longitude (~100 m), date/time — without user ID, name or email | Weather and air quality on match card; direct iOS client call |
| Other SyncPoint users | Recipients in shared matches / public profile | Data made visible by chosen features | Community and shared history |
We do not share data with ad networks, data brokers or analytics platforms. Voluntary card sharing on Instagram, WhatsApp or other apps is outside SyncPoint’s control.
10. International transfers
Data processed via iCloud/CloudKit and Apple services may be stored in data centres outside the European Economic Area. Apple provides appropriate safeguards under Arts. 44–49 GDPR, including Standard Contractual Clauses. See Apple Privacy — Data and Apple Privacy Policy.
Open-Meteo is an open-source service; check server location and terms at time of use. Calls are made from the user’s device without additional personal identifiers.
11. Retention
| Data | Duration |
|---|---|
| CloudKit profile | Until account deletion |
| Local matches | Until manual deletion or uninstall |
| Private CloudKit backup | Until account/record deletion; not auto-deleted on account deletion alone (request by email) |
| Live matches | ~6 hours; deleted at end of match |
| Completed SharedMatch | Until deleted by users or on request |
| Local Apple email | Until uninstall or account deletion |
12. Account deletion and limits
From the Profile screen you can delete your account yourself. This removes your public CloudKit profile, session data and associated live matches. Already published shared matches (SharedMatch) may remain in other participants’ history. Private backup on CloudKit is not automatically deleted — request deletion at mguida2604@gmail.com. Operational details on the Data management page.
13. Other people’s data
Free-text player names stay on your device unless you share via cloud with registered profiles. When you involve registered players, their profile data is also processed for the shared feature. Enter only lawful data and inform people involved where appropriate. Third parties may contact the controller to exercise GDPR rights.
14. Your rights
Under Arts. 15–22 GDPR you have rights of access, rectification, erasure, restriction, portability and objection, where applicable.
- Profile and username: editable in-app (Profile)
- Health/Location permissions: revocable in iOS Settings
- Data export: by email to mguida2604@gmail.com — no automatic in-app export currently
- Complaint: Italian Data Protection Authority — www.garanteprivacy.it (or your local EU authority)
We respond within 30 days (Art. 12(3) GDPR).
15. Children
In Italy SyncPoint is not intended for children under 14 (Italian Privacy Code, Art. 8 GDPR implementation). In other EU countries and non-EU jurisdictions the minimum age for digital consent may vary (13–16). We do not knowingly collect data from children below the applicable threshold.
16. Cookies and support website
SyncPoint support pages are static and do not use profiling cookies, third-party analytics (Google Analytics, etc.) or tracking tools. Any essential technical cookies from the browser or hosting (GitHub Pages) are not used to profile users.
17. Changes
We update this policy with a new revision date. For material changes we will inform users via the app or website. The Italian version is at Informativa privacy (IT).