Privacy Policy
Version 2026-07-13 · Effective 13 July 2026
This Privacy Policy explains how Ludi, operated by Arif Yiğit (sole proprietor), Kocaeli, Türkiye ("we") collects, uses, and protects personal data when you use the Ludi Service. We act as data controller for your account and platform-level data; where you use the Service within an organization, that organization is the controller for data it manages about you, and we process such data on its behalf.
1. Data we collect
- Account data: name, email address, and authentication credentials (passwords are handled and hashed by our authentication provider — we never see them in plain text).
- Profile and preferences: language, date-format, and — only if you provide it — location/city.
- Usage data: reservations, schedules, group memberships, points/reliability events, tournament participation and similar activity.
- Technical data: IP address, device/browser information, and log data generated for security, diagnostics and abuse prevention.
- Cookies: essential cookies for authentication/session and for your language and date-format preferences. We do not use advertising or cross-site tracking cookies.
2. Why we use it and legal bases
- To provide the Service (create your account, run bookings/scheduling/tournaments) — performance of a contract.
- To secure and improve the Service (diagnostics, abuse prevention, analytics on our own data) — our legitimate interests.
- To communicate with you (transactional emails such as confirmation, password reset, notifications) — contract / legitimate interests.
- To comply with legal obligations — where the law requires.
- With your consent — where we ask for it (you may withdraw consent at any time).
We do not sell your personal data, and we do not use it for third-party advertising.
3. Service providers (processors)
We share data with trusted providers only to operate the Service, under contracts that require them to protect it:
- Supabase — database, authentication and backend hosting;
- Vercel — application hosting and delivery;
- Resend — sending transactional emails;
- map/geolocation providers — only where map features are used.
4. International transfers
These providers may process data outside Türkiye and/or the EEA. Where they do, we rely on appropriate safeguards (such as standard contractual clauses or an adequacy decision) and take reasonable steps to protect your data consistent with this Policy and applicable law (including KVKK Art. 9 and GDPR Chapter V).
5. Retention
We keep account data while your account is active and as needed to provide the Service. System logs and operational records are pruned on a rolling basis (for example, older scheduling records and logs are removed after defined retention windows). When you delete your account, we delete or anonymize your personal data except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.
6. Your rights
Subject to applicable law, you may request to access, correct, update, delete, restrict, or object to the processing of your personal data, and to receive a portable copy. Under KVKK Art. 11 you also have the right to learn whether your data is processed and to request that inaccurate data be corrected. To exercise your rights, contact legal@ludi.team. You also have the right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) — and, for users in the EEA/UK, your local supervisory authority.
7. Security
We use technical and organizational measures — including encryption in transit, access controls and row-level security — to protect personal data. No system is perfectly secure, but we work to protect your data and to notify you and the authorities of significant breaches where the law requires.
8. Children
The Service is not directed to children under 16, and account creation requires you to meet the eligibility age in our Terms. If you believe a child has provided us personal data without appropriate consent, contact us and we will delete it.
9. Changes to this Policy
We may update this Policy. For material changes we will provide reasonable notice and, where required, ask for your renewed consent. The current version identifier and effective date are shown at the top of this page.
10. Contact
Data-protection enquiries: legal@ludi.team.