1. Data controller

StatForge is a sports analytics service for personal use. The data controller for the data collected through this platform is the project owner.

2. Data we collect

We only collect the data necessary for the operation of the service:

• User account: email address and password (stored as a bcrypt hash, never in plain text).

• Session data: short-lived JWT tokens stored in HttpOnly cookies.

• Technical logs: server logs for error diagnosis. They do not contain personally identifiable information beyond the IP address.

3. Purpose of processing

Your data is used exclusively to authenticate your account, manage your subscription plan, and improve service stability. Data is not shared with third parties or used for advertising purposes.

4. Legal basis

Processing is based on the performance of the service contract (Art. 6.1.b GDPR) and the legitimate interest of the controller in ensuring platform security (Art. 6.1.f GDPR).

5. Data retention

Account data is retained as long as the account remains active. You may request deletion of your account at any time. Technical logs are automatically deleted after 30 days.

6. Your rights

You may exercise your rights of access, rectification, erasure, objection, and portability by sending an email to the service owner. If you believe that data processing does not comply with applicable regulations, you may file a complaint with the Agencia Española de Protección de Datos (aepd.es).

7. Security

We adopt appropriate technical and organisational measures to protect your data: encryption in transit (HTTPS), passwords hashed with bcrypt, and session tokens signed with a secret key. No system is 100% secure; in the event of a data breach, we will notify you as required by applicable law.