Your Privacy Matters

We collect and process the following types of data to provide our services:

• Account data: name, email, phone, academy name, role.
• Player data: full names, date of birth, national ID (encrypted), contact numbers, profile photos, activities, subscription status.
• Financial data: subscriptions, invoices, bookings, expenses, payment balances.
• Staff data: trainers, administrators, and access permissions.
• Technical data: IP address, browser type, OS, login times, security logs.
• Communications: WhatsApp and email logs sent through the platform.

• Operating the platform and managing daily academy operations.
• Sending attendance, subscription, and invoice notifications via WhatsApp and email.
• Generating financial, administrative, and analytics reports.
• Improving performance, detecting bugs, and developing new features.
• Complying with legal and accounting obligations.
• Protecting your account from unauthorized access.

We apply strict security measures to protect your data:

• Encryption of sensitive data (e.g. national IDs) at rest and in transit.
• Per-academy data isolation via Row-Level Security policies in the database.
• HTTPS/TLS encrypted connections for all requests.
• Multi-factor authentication (MFA) and trusted-device monitoring.
• Daily encrypted backups with point-in-time restore.
• Comprehensive audit logging for all sensitive operations.
• Rate limiting and brute-force attack protection.

We never sell your data. We share limited data only with:

• Infrastructure providers: Supabase and Lovable Cloud for database and app hosting.
• WhatsApp Business API provider: for sending notifications to players and parents.
• Email providers: for sending recovery and alert emails.
• Authorities: only when complying with valid legal requests.

We use essential cookies to maintain login sessions and language/theme preferences. We also use Google Analytics 4 to analyze site performance — only after your explicit consent via the consent banner. You can disable cookies at any time in your browser settings.

• Academy data is kept for the duration of an active subscription.
• After cancellation, data is retained for 90 days to allow restoration.
• Audit logs are deleted automatically after 365 days (configurable).
• Failed login attempts are deleted after 30 days.

• Access: request a copy of your stored data.
• Correction: update any inaccurate data.
• Deletion: request complete account and data deletion.
• Portability: export your data as Excel or CSV.
• Objection: withdraw consent for non-essential processing.

Some service providers (e.g. Supabase) may host data on servers outside Egypt. We ensure all our partners comply with data protection standards equivalent to GDPR.

Minor player data (under 18) is entered by the academy with parental consent. The academy is responsible for obtaining and retaining such consent.

For any privacy-related question or request:
Email: sales@sooftit.com
Phone: +20 101 588 1992