← Back to UpLaddr
Privacy Policy
Last updated: March 28, 2026
1. Who We Are
UpLaddr ("the Platform", "we", "us") is operated by UpLaddr. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform at upladdr.com.
2. Data We Collect
2.1 Account Information
When you sign in via Google OAuth, we receive and store:
- Your name and email address
- Your Google profile picture URL
- A unique Google account identifier
We do not receive or store your Google password.
2.2 Profile Information
- Display name: The name you choose to appear on rankings (may differ from your Google name)
- Profile picture: Optional custom avatar (Player+ subscribers)
- Personal flair: Optional badge icon displayed next to your name
- Name colour: Optional custom colour for your display name
2.3 Competition Data
- Ladder participation: Which ladders you join, your position, ELO rating, wins, losses, and match history
- Match results: Scores, dates, and opponents for each match you play
- Challenges: Challenge requests, counter-proposals, and responses
- Disputes: Dispute submissions and resolutions
This data is publicly visible. Your display name, ratings, rankings, match results, and win/loss records are visible to anyone viewing the ladder. Your display name and match history may also appear on other players' profiles as part of their head-to-head records. By joining a ladder, you acknowledge and consent to this public display.
2.4 Pickup Games
- Game locations: Map coordinates where you place pickup game signposts
- Time slots: When you are available to play
- Participant lists: Who has joined the game
Pickup game locations and participant names are visible to other users on the map.
2.5 Communications
- Direct messages between players
- Ladder comments
- Challenge messages
2.6 Availability & Scheduling
- Weekly availability time slots you set for match scheduling
- These may be shared with opponents who challenge you
2.7 Geographic Data
- Service area polygons for ladders you create
- Map coordinates for pickup game signposts
- Approximate location when you search for ladders near you (browser geolocation, requested with your permission)
2.8 Technical Data
- Session data (stored server-side in PostgreSQL)
- Push notification subscription endpoints (if you enable push notifications)
3. Legal Basis for Processing
We process your data under the following legal bases (GDPR Article 6):
| Processing Activity | Legal Basis |
|---|
| Account creation and authentication | Contract performance |
| Displaying rankings and match history | Contract performance / Legitimate interest |
| Showing your name on other players' profiles (head-to-head records) | Legitimate interest (platform functionality) |
| Email notifications (challenges, results) | Contract performance |
| Weekly summary emails | Legitimate interest (opt-out available) |
| Push notifications | Consent |
| Analytics (PostHog) | Legitimate interest |
| Pickup game location display | Contract performance |
4. How We Use Your Data
- Authenticate you and maintain your session
- Display rankings, match results, and player statistics on ladders
- Show your display name and match history on other players' profiles as part of head-to-head comparisons
- Facilitate challenges, match reporting, and messaging between players
- Send email notifications about challenges, match results, disputes, and weekly summaries
- Display ladder service areas and pickup game locations on the map
- Process subscription payments (Player+, League Plan)
- Improve the platform through analytics
5. Public Data
The following data is publicly visible to anyone viewing a ladder, even without an account:
- Your display name
- Your ELO rating and ranking position
- Your win/loss record and match history
- Your profile picture and flair badge (if set)
- Activity badges (matches played this week, responsiveness, win streaks)
Your email address is never publicly displayed.
6. Data Sharing & Sub-processors
We do not sell your personal data. We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared | Location |
|---|
| Google (OAuth) | Authentication | Name, email, profile picture | US |
| PostHog | Analytics (cookieless) | Anonymous usage events | US |
| Amazon SES | Email delivery | Email address, notification content | EU/US |
| Neon | Database hosting | All platform data | US/EU |
| Microsoft Azure | Application hosting, file storage | All platform data, uploaded images | EU |
For international data transfers to the US, we rely on Standard Contractual Clauses (SCCs) and/or adequacy decisions as applicable. Each sub-processor maintains appropriate Data Processing Agreements.
7. Cookies & Tracking
We use only essential cookies required for the platform to function:
ladders_session — Keeps you logged in. Server-side session, HttpOnly, Secure. Expires after 30 days of inactivity.__oauth_state — Temporary cookie used during the Google sign-in process for security (CSRF protection). Expires after 10 minutes.
We use PostHog for analytics with persistence: 'memory' — this means no cookies, no localStorage, and no persistent client-side tracking. Analytics data is anonymous and cannot be used to identify individual users.
We do not use advertising cookies or tracking pixels. No cookie consent banner is required.
8. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- Deleted accounts: Upon account deletion, personal data (name, email, avatar) is permanently removed. Match records are anonymised (replaced with "Deleted User") to preserve ladder integrity. Anonymised records are retained indefinitely.
- Sessions: Expired sessions are automatically deleted after 30 days of inactivity.
- Messages: Messages are retained for the lifetime of your account. Upon deletion, your messages are anonymised.
- Email notifications: Notification records are deleted 30 days after being sent.
9. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access your data: View your profile, match history, and messages at any time. Download all your data in JSON format from Settings.
- Rectify your data: Update your display name, profile picture, and other profile information at any time.
- Delete your account: Permanently delete your account and personal data from Settings. This action is irreversible.
- Data portability: Export all your data in a structured, machine-readable format (JSON) from Settings.
- Object to processing: You may opt out of weekly summary emails in Settings. You may disable push notifications at any time.
- Withdraw consent: Where processing is based on consent (push notifications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).
To exercise any of these rights, use the Settings page within the app or email us at the address below.
10. Data Security
We protect your data with:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Encryption at rest for database storage
- HttpOnly, Secure, SameSite session cookies
- Parameterised database queries (SQL injection prevention)
- Content Security Policy headers
- Session cycling after authentication to prevent session fixation
- CSRF protection via OAuth state parameters
11. Children
UpLaddr is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has created an account, please contact us and we will promptly delete the account.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.
13. Contact
For questions about this Privacy Policy, data subject requests, or privacy concerns:
Email: privacy@upladdr.com