Last updated: May 2026
This notice is provided in accordance with the EU General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national data protection laws including the Turkish Personal Data Protection Law (KVKK).
1. LEGAL BASIS FOR PROCESSING
We process your personal data on the following legal bases:
• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the App's services across iOS, iPadOS, macOS, and Android.
• Legitimate interests (Art. 6(1)(f) GDPR): Improving the App, fraud prevention, security, cross-platform subscription synchronization.
• Consent (Art. 6(1)(a) GDPR): Advertising (Free plan on iOS and Android only). You may withdraw consent at any time by upgrading to a paid plan or by switching to macOS Base which is ad-free.
2. DATA PROCESSOR AGREEMENTS
We have Data Processing Agreements (DPAs) in place with:
• Amazon Web Services (AWS), cloud infrastructure
• Google LLC, authentication (Firebase / Google Sign-In), advertising (AdMob), and push notifications (Firebase Cloud Messaging)
• Apple Inc., Sign in with Apple, App Store / Mac App Store subscription verification
• RevenueCat Inc., in-app purchase management
• Amazon Bedrock, AI processing for match analysis (analysis inputs only)
3. DATA TRANSFERS OUTSIDE THE EEA
When personal data is transferred outside the European Economic Area (EEA), we rely on:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-US Data Privacy Framework (where applicable)
• AWS DynamoDB Global Tables operate across us-east-1, eu-central-1, and ap-northeast-1.
4. AUTOMATED DECISION-MAKING
The match analysis feature uses automated processing (AI models, including Match Simulator and Tactical Briefing) to generate predictions and tactical content. This does not produce legal or similarly significant effects on you, it is purely informational and educational. You can always request human review by contacting us.
5. YOUR GDPR RIGHTS
Under GDPR, EU/EEA residents have the following rights:
• Right of access (Art. 15): Request a copy of your data.
• Right to rectification (Art. 16): Correct inaccurate data.
• Right to erasure (Art. 17, "Right to be Forgotten"): Request deletion of your data. See section 6 below for the procedure.
• Right to restriction (Art. 18): Limit how we process your data.
• Right to data portability (Art. 20): Receive your data in a machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent for advertising at any time.
To exercise your rights: support@tactiq.club. We will respond within 30 days.
6. ACCOUNT DELETION PROCEDURE (RIGHT TO BE FORGOTTEN)
EU/EEA residents and users in jurisdictions with similar data protection laws (including Turkey under KVKK) may request account deletion through:
In-App: Open the App, navigate to Settings, then Account, then Delete Account.
Email: Send a request to support@tactiq.club with "Account Deletion Request" in the subject line. Include the email address associated with your account.
Tactiq will:
• Confirm the request within 7 days.
• Complete the deletion within 30 days of confirmation.
• Notify you upon completion.
Deleted data includes: account profile, analysis history, push tokens, user preferences, subscription metadata. Anonymized analytics, security logs (90-day rolling), and tax / regulatory records are retained as permitted by law. Backup snapshots are purged within 30 days following the deletion.
Account deletion is irreversible. Active subscriptions must be cancelled separately through Apple App Store or Google Play.
7. RIGHT TO LODGE A COMPLAINT
You have the right to lodge a complaint with your local data protection authority (DPA). In the EU, you can find your national DPA at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. Turkish users may contact KVKK Authority (Kişisel Verileri Koruma Kurumu) at https://www.kvkk.gov.tr.
8. DATA PROTECTION OFFICER
For data protection matters: support@tactiq.club
9. RETENTION SCHEDULE
• Account & profile data: Until account deletion + 30 days
• Analysis data: Per subscription tier (see Privacy Policy section 7)
• Security logs: 90 days rolling window
• Backup copies: Deleted within 30 days after account deletion
• Subscription records: Retained as required by Apple / Google billing systems and applicable tax law