Privacy Policy · SyncPoint

Privacy Policy

Last updated: 14 July 2026

Italian version: Informativa privacy (IT)

← Back to support

At a glance

1. Data controller

The data controller under Regulation (EU) 2016/679 (“GDPR”) is:

Marcello Guida
Via Cappella 4C
81021 Arienzo (CE), Italy
Email: mguida2604@gmail.com

No Data Protection Officer (DPO) has been appointed, as the conditions of Article 37 GDPR are not met.

2. Scope and nature of the service

SyncPoint is an iOS and watchOS app to track tennis and padel matches, sync data between iPhone and Apple Watch, and share results with other registered players. The app is distributed globally on the App Store and sold as a one-time purchase of €0.99, with no subscriptions or recurring in-app purchases. Payment is handled entirely by Apple; we do not receive or store payment data.

This policy applies to processing through the SyncPoint app and linked support web pages. The policy is accessible from the app via link; there is currently no dedicated in-app privacy screen.

3. Data we collect

3.1 Identity and profile

DataWhenWherePurpose
Apple User IDSign in with AppleDevice + CloudKitAuthentication, sync, invites, community
Username (@handle)Profile creationCloudKit (public database)Player search, identification
First and last nameSign in with Apple or manual entryDevice + CloudKitProfile, scoreboard, invites, clubs
Apple emailFirst sign-in, if shared by AppleDevice onlyUsername generation and local account; never on CloudKit
Profile photoIf uploadedCloudKit (public database)Avatar visible to other players

3.2 Matches and sports content

DataWhenWherePurpose
Scores, sets, timeline, durationDuring/after matchDevice; CloudKit if sharedCore app, history, H2H, live score
Player namesMatch setupDevice; CloudKit if sharedScoreboard and stats
Sport, surface, venue, modeMatch setupDevice + CloudKitStats and shareable cards
Match memory photoOptional at endDevice + private CloudKitPersonal keepsake
Social card photoOptionalIn memory onlyExternal card sharing

You may enter player names as free text (including people without an account). Cloud sharing visible to other users occurs only if at least one player is linked to a registered SyncPoint profile (“Has the app” toggle).

3.3 Health and fitness

DataWhenWherePurpose
Heart rate, calories, steps, distanceDuring match (with Health permission)Apple Health + device; CloudKit in completed shared matchesMatch statistics
WorkoutOn Apple Watch (with permission)Apple HealthWorkout in Health

Live vs shared matches: during a live match, other players see only the score. Health metrics may be included in completed shared matches (SharedMatch on CloudKit) if present in the match and if you linked registered players.

3.4 Location

DataWhenWherePurpose
GPS coordinates (~100 m)When location permission is activeDevice; CloudKit if match sharedMap/weather on card; shared record

3.5 Clubs, groups and tournaments

DataIn-app visibilityPurpose
Club name, city, sport, descriptionPublic directory (if approved)Community
Venue addressClub informationDirectory
Email, phone, VAT number, legal nameNot shown to other usersRegistration and approval (requester + controller)
Tournament dataPer feature rulesClub tournaments

3.6 Invites and live matches

For invites and live score we process session ID, player names, match configuration and live score. Live matches expire automatically (~6 hours), are no longer shown after the match and are deleted when the match ends. They do not include health metrics or location towards other players.

4. Health, location and shared matches — transparency

Important. If you allow SyncPoint to access Apple Health and/or location (iOS “When In Use” permission), and link registered players with “Has the app”, when the match ends scores, any health metrics and coordinates in the match may be saved in the SharedMatch CloudKit record and visible to other linked participants.

There is currently no separate in-app consent such as “Include health/location in shared matches”: control is via iOS/watchOS system permissions and whether you link registered players. To limit sharing you can:

We plan to add dedicated toggles for more granular control in the future.

5. Data we do NOT collect

6. Purposes and legal basis

ProcessingPurposeLegal basis (GDPR)
Core features (scoreboard, history, sync, widget)Service deliveryArt. 6(1)(b) — contract / pre-contractual steps
Profile, invites, clubs, shared matchesUser-chosen cloud featuresArt. 6(1)(b)
Health and fitnessMatch stats, Health workoutsArt. 9(2)(a) — explicit consent (Health permission)
LocationMap, weather, match recordArt. 6(1)(a) — consent (location permission)
Health/location in SharedMatchVisibility to linked playersArt. 9(2)(a) / Art. 6(1)(a) — system permissions + choice to share with registered players (see section 4)
Club administrative dataRegistration and approvalArt. 6(1)(b)
Account retention and securityService continuityArt. 6(1)(f) — legitimate interests, where applicable

Consent may be withdrawn at any time (Art. 7(3) GDPR) by revoking iOS permissions or deleting your account. Withdrawal does not affect lawfulness of processing based on consent before withdrawal.

We do not perform profiling or automated decision-making under Art. 22 GDPR.

7. Whether provision is mandatory

Data for local features (matches without account) is optional but required to use those features. Sign in with Apple and iCloud are required for profile, invites, clubs and shared matches. Health, Location, Camera and Photo Library permissions are optional; refusing them limits related features but not basic app use.

8. Where data is stored

LocationContent
Device (SwiftData, local files)Match history, memory photos, preferences
UserDefaults / App GroupSession, settings, cache
CloudKit — public databaseProfile, SharedMatch, live matches, clubs, groups
CloudKit — private databaseMatch backup and memory photos (user iCloud)
Apple Health (HealthKit)Workouts and metrics, if authorised

9. Processors and recipients

PartyRoleDataPurpose
Apple Inc. (iCloud, CloudKit, Sign in with Apple, HealthKit)Processor under Art. 28 GDPR (infrastructure on our behalf)Data listed as needed for cloud and HealthHosting, sync, authentication — not advertising tracking
Open-Meteo (api.open-meteo.com, air-quality-api.open-meteo.com, archive-api.open-meteo.com)Weather/climate service providerLatitude, longitude (~100 m), date/time — without user ID, name or emailWeather and air quality on match card; direct iOS client call
Other SyncPoint usersRecipients in shared matches / public profileData made visible by chosen featuresCommunity and shared history

We do not share data with ad networks, data brokers or analytics platforms. Voluntary card sharing on Instagram, WhatsApp or other apps is outside SyncPoint’s control.

10. International transfers

Data processed via iCloud/CloudKit and Apple services may be stored in data centres outside the European Economic Area. Apple provides appropriate safeguards under Arts. 44–49 GDPR, including Standard Contractual Clauses. See Apple Privacy — Data and Apple Privacy Policy.

Open-Meteo is an open-source service; check server location and terms at time of use. Calls are made from the user’s device without additional personal identifiers.

11. Retention

DataDuration
CloudKit profileUntil account deletion
Local matchesUntil manual deletion or uninstall
Private CloudKit backupUntil account/record deletion; not auto-deleted on account deletion alone (request by email)
Live matches~6 hours; deleted at end of match
Completed SharedMatchUntil deleted by users or on request
Local Apple emailUntil uninstall or account deletion

12. Account deletion and limits

From the Profile screen you can delete your account yourself. This removes your public CloudKit profile, session data and associated live matches. Already published shared matches (SharedMatch) may remain in other participants’ history. Private backup on CloudKit is not automatically deleted — request deletion at mguida2604@gmail.com. Operational details on the Data management page.

13. Other people’s data

Free-text player names stay on your device unless you share via cloud with registered profiles. When you involve registered players, their profile data is also processed for the shared feature. Enter only lawful data and inform people involved where appropriate. Third parties may contact the controller to exercise GDPR rights.

14. Your rights

Under Arts. 15–22 GDPR you have rights of access, rectification, erasure, restriction, portability and objection, where applicable.

We respond within 30 days (Art. 12(3) GDPR).

15. Children

In Italy SyncPoint is not intended for children under 14 (Italian Privacy Code, Art. 8 GDPR implementation). In other EU countries and non-EU jurisdictions the minimum age for digital consent may vary (13–16). We do not knowingly collect data from children below the applicable threshold.

16. Cookies and support website

SyncPoint support pages are static and do not use profiling cookies, third-party analytics (Google Analytics, etc.) or tracking tools. Any essential technical cookies from the browser or hosting (GitHub Pages) are not used to profile users.

17. Changes

We update this policy with a new revision date. For material changes we will inform users via the app or website. The Italian version is at Informativa privacy (IT).