Privacy Policy

1. Data Controller

Maurice Schäfer Business address will be added shortly. Email: support@smartdart.app

2. Overview

SmartDart is a web-based dart tournament management application. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal data under the General Data Protection Regulation (GDPR).

3. Data We Collect

3.1 User Account

When creating an account, we collect: email address, password (stored encrypted as BCrypt hash), and a freely chosen display name. Your email address is used for identification, password reset, and notifications.

3.2 Player Name

When joining a tournament, you enter a freely chosen player name (pseudonym). We do not require real names. For logged-in users, tournament participation is linked to the user account to provide statistics.

3.3 Session ID

Upon joining a tournament, a random Session ID (UUID) is generated and stored in your browser's local storage. It is used solely to associate you with your tournament and is deleted when you log out or the tournament ends.

3.4 Game Results & Statistics

During the tournament, game results (throws, legs, scores) are recorded and stored. For registered users, this data is aggregated across tournaments (statistics) and is only accessible to the respective user.

3.5 Payment Data

When subscribing to a paid plan (Pro, Premium), payment data is processed exclusively by our payment provider Stripe. SmartDart does not store credit card numbers or bank details. We only store the Stripe customer ID, subscription ID, and current subscription status.

3.6 Server Log Data

When accessing SmartDart, our server automatically collects technical data: IP address, timestamp, requested URL, and browser type. This data is required for the operation and security of the service and is automatically deleted after 30 days.

4. Local Storage

SmartDart uses your browser's localStorage technology to store preferences. We do not use cookies.

Stored values:

Session data (tournament association)
JWT Refresh Token (account authentication)
Language preference (German/English)
Theme preference (Dark/Light)
Scoring mode preference

This data never leaves your browser and is not transmitted to third parties. You can clear it at any time through your browser settings.

5. WebSocket Connection

For real-time score updates, a WebSocket connection is established with our server. Only tournament-related data (scores, tournament status) is transmitted. No tracking occurs over this connection.

6. Hosting

The application is hosted on a Virtual Private Server (VPS) provided by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. A Data Processing Agreement (DPA) is in place with IONOS. All servers are located in Germany.

7. Email Service

SmartDart sends emails via the SMTP service of IONOS SE (sender: noreply@smartdart.app). Emails are sent for:

Welcome message upon account creation
Email address verification
Password reset

Processing is based on Art. 6(1)(b) GDPR (performance of a contract). A DPA is in place with IONOS.

8. Payment Processing (Stripe)

For processing paid subscriptions, we use the payment provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland.

When upgrading to a paid subscription, you are redirected to Stripe's payment page where you enter your payment details directly with Stripe. SmartDart does not receive or store credit card numbers or bank details.

Stripe processes your data according to their privacy policy: stripe.com/privacy

A Data Processing Agreement (DPA) is in place with Stripe pursuant to Art. 28 GDPR. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

9. Reach Measurement & Product Analytics (PostHog)

To improve the service, we collect pseudonymized usage statistics with PostHog (operator: PostHog Inc., 965 Mission St, San Francisco, USA; for EU users operated via the EU data region on AWS servers in Frankfurt am Main, Germany).

Data processed:

Pseudonymized user ID (UUID of your account once signed in) or random visitor ID before sign-in
Pages visited ("page views"), time on page, technical browser/device information
Conversion events (e.g. account created, tournament created, plan upgrade requested)
Plan tier (BASIC/PRO/PREMIUM) and account language

No cookies are set for analytics (memory-only persistence). IP addresses are not stored by PostHog. Personal data such as email address or real name is not transmitted to PostHog. Input fields (passwords, email) are masked before any transmission.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in reach measurement and product improvement). A Data Processing Agreement (DPA) under Art. 28 GDPR is in place with PostHog. Event data is retained for 12 months and is then anonymized or deleted.

Right to object: You may object to analytics at any time by enablingDo-Not-Track in your browser or by disabling tracking in your profile under "Privacy". Both settings are honored automatically.

9b. Ad Performance Measurement (Google Ads Conversion Tracking)

If you reach SmartDart through a Google Ads ad, Google automatically appends a click identifier (parameter "gclid") to the destination URL. We use this ID exclusively to measure which ad led to an account registration, a tournament creation, or a subscription. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed:

Click ID (gclid) and a cookie _gcl_au (max. 90 days lifetime)
Conversion event type (registration, tournament created, trial started, subscription purchased)
On subscription purchase: amount paid in EUR (no contents, no personal data)

No personal data such as name, email or IP address is transmitted to Google. Ad personalization (allow_ad_personalization_signals) and Google signals (allow_google_signals) are disabled client-side. Therefore no cross-device tracking and no remarketing profile is built.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in advertising-effectiveness measurement). A Data Processing Agreement (DPA) under Art. 28 GDPR with Google and EU Standard Contractual Clauses are in place via the Google Ads terms of service.

Right to object: You may opt out at any time — either via the SmartDart tracking opt-out in your profile (disables both PostHog and Google Ads simultaneously) or directly via Google Ad Settings.

10. Other Third-Party Services

SmartDart additionally does not use:

Google Analytics or similar US tracking tools
Social media plugins
External fonts (all fonts are served locally)
Stripe — exclusively for payment processing (see section 8)
PostHog — exclusively for reach measurement (see section 9)
Google Ads — exclusively for conversion tracking without remarketing (see section 9b)

11. Account Deletion & Anonymization

Registered users can delete their account at any time in their profile settings. Upon deletion, all personal data is anonymized pursuant to Art. 17 GDPR: email address and display name are replaced with placeholders. Anonymized game statistics are retained but can no longer be attributed to any person.

12. Legal Basis

Data processing is based on:

Art. 6(1)(b) GDPR — Performance of a contract (account, tournament participation, subscription)
Art. 6(1)(f) GDPR — Legitimate interests (server logs, security)
Art. 6(1)(a) GDPR — Consent (email verification)

13. Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)

Contact: support@smartdart.app

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The responsible authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Germany.

14. Changes to This Policy

This Privacy Policy will be updated as needed. The current version is always available on this page.

Last updated: April 2026