Privacy Policy

1. Data Controller

Maurice Schäfer Max-Brandts-Str. 64 47055 Duisburg, Germany Email: support@smartdart.app

2. Overview

SmartDart is a web-based dart tournament management application. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal data under the General Data Protection Regulation (GDPR).

3. Data We Collect
3.1 User Account

When creating an account, we collect: email address, password (stored encrypted as BCrypt hash), and a freely chosen display name. Your email address is used for identification, password reset, and notifications.

3.2 Player Name

When joining a tournament, you enter a freely chosen player name (pseudonym). We do not require real names. For logged-in users, tournament participation is linked to the user account to provide statistics.

3.3 Session ID

Upon joining a tournament, a random Session ID (UUID) is generated and stored in your browser's local storage. It is used solely to associate you with your tournament and is deleted when you log out or the tournament ends.

3.4 Game Results & Statistics

During the tournament, game results (throws, legs, scores) are recorded and stored. For registered users, this data is aggregated across tournaments (statistics) and is only accessible to the respective user.

3.5 Payment Data

When subscribing to a paid plan (Pro, Premium), payment data is processed exclusively by our payment provider Stripe. SmartDart does not store credit card numbers or bank details. We only store the Stripe customer ID, subscription ID, and current subscription status.

3.6 Server Log Data

When accessing SmartDart, our server automatically collects technical data: IP address, timestamp, requested URL, and browser type. This data is required for the operation and security of the service and is automatically deleted after 30 days.

4. Local Storage

SmartDart uses your browser's localStorage technology to store preferences. We do not use cookies.

Stored values:

  • Session data (tournament association)
  • JWT Refresh Token (account authentication)
  • Language preference (German/English)
  • Theme preference (Dark/Light)
  • Scoring mode preference

This data never leaves your browser and is not transmitted to third parties. You can clear it at any time through your browser settings.

5. WebSocket Connection

For real-time score updates, a WebSocket connection is established with our server. Only tournament-related data (scores, tournament status) is transmitted. No tracking occurs over this connection.

6. Hosting

The application is hosted on a Virtual Private Server (VPS) provided by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. A Data Processing Agreement (DPA) is in place with IONOS. All servers are located in Germany.

7. Email Service

SmartDart sends emails via the SMTP service of IONOS SE (sender: noreply@smartdart.app). Emails are sent for:

  • Welcome message upon account creation
  • Email address verification
  • Password reset

Processing is based on Art. 6(1)(b) GDPR (performance of a contract). A DPA is in place with IONOS.

8. Payment Processing (Stripe)

For processing paid subscriptions, we use the payment provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland.

When upgrading to a paid subscription, you are redirected to Stripe's payment page where you enter your payment details directly with Stripe. SmartDart does not receive or store credit card numbers or bank details.

Stripe processes your data according to their privacy policy: stripe.com/privacy

A Data Processing Agreement (DPA) is in place with Stripe pursuant to Art. 28 GDPR. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

9. Reach Measurement & Product Analytics (PostHog)

To improve the service, we collect pseudonymized usage statistics with PostHog (operator: PostHog Inc., 965 Mission St, San Francisco, USA; for EU users operated via the EU data region on AWS servers in Frankfurt am Main, Germany).

Data processed:

  • Pseudonymized user ID (UUID of your account once signed in) or random visitor ID before sign-in
  • Pages visited ("page views"), time on page, technical browser/device information
  • Conversion events (e.g. account created, tournament created, plan upgrade requested)
  • Plan tier (BASIC/PRO/PREMIUM) and account language

No cookies are set for analytics (memory-only persistence). IP addresses are not stored by PostHog. Personal data such as email address or real name is not transmitted to PostHog. Input fields (passwords, email) are masked before any transmission.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in reach measurement and product improvement). A Data Processing Agreement (DPA) under Art. 28 GDPR is in place with PostHog. Event data is retained for 12 months and is then anonymized or deleted.

Right to object: You may object to analytics at any time by enablingDo-Not-Track in your browser or by disabling tracking in your profile under "Privacy". Both settings are honored automatically.

10. Other Third-Party Services

SmartDart additionally does not use:

  • Google Analytics or similar US tracking tools
  • Social media plugins
  • Advertising networks
  • External fonts (all fonts are served locally)
  • Stripe — exclusively for payment processing (see section 8)
  • PostHog — exclusively for reach measurement (see section 9)
11. Account Deletion & Anonymization

Registered users can delete their account at any time in their profile settings. Upon deletion, all personal data is anonymized pursuant to Art. 17 GDPR: email address and display name are replaced with placeholders. Anonymized game statistics are retained but can no longer be attributed to any person.

12. Legal Basis

Data processing is based on:

  • Art. 6(1)(b) GDPR — Performance of a contract (account, tournament participation, subscription)
  • Art. 6(1)(f) GDPR — Legitimate interests (server logs, security)
  • Art. 6(1)(a) GDPR — Consent (email verification)
13. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Contact: support@smartdart.app

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The responsible authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Germany.

14. Changes to This Policy

This Privacy Policy will be updated as needed. The current version is always available on this page.

Last updated: April 2026