Privacy Policy

gramtam.com ("gramtam") is operated by:

CGL Software Łukasz Nawrocki
NIP: 7792359653
Poznań, Poland

Contact: legal@gramtam.com (data protection), hello@gramtam.com (general)

Account data (when you sign up):

• Email address - from Google sign-in or magic link
• Display name - provided during onboarding, editable in profile
• Phone number (optional) - provided during onboarding or when joining a game, editable in profile
• Default city - selected during onboarding, editable in profile
• Google profile photo URL - if you sign in with Google
• Language preference
• Notification preferences

Participant data (when you join a game without an account):

• First name - entered in the join form
• Phone number (optional) - entered in the join form
• Browser cookie (gramtam_pid_[gameId]) - to remember your session for that game

Game data (when you create a game):

• Sport type, skill level, date, time, duration, location, city, max players, cost per player, description, visibility setting
• Your name is displayed publicly as the game organizer

Notification data:

• In-app notifications are stored with: notification type, related game reference, timestamp, read status
• Notifications are automatically deleted after 30 days

• Art. 6(1)(b) - Contract performance: account data, game data, and participant data are necessary to provide the gramtam service
• Art. 6(1)(a) - Consent: phone numbers are optional and provided with your explicit consent. You can withdraw consent at any time by removing your phone number in your profile or by contacting us
• Art. 6(1)(f) - Legitimate interest: anonymous, cookie-free analytics to understand usage and improve the service

• Your display name is visible to other players on games you organize or join
• Your phone number is visible ONLY to the organizer of games you join. Other players cannot see it
• Your email address is never displayed publicly
• Game details you create (sport, date, location, etc.) are visible to anyone who has the game link, or on the public games board if you set the game as public

We use the following services to operate gramtam. Each processes data as described:

Vercel (Vercel Inc.)

• Purpose: website hosting and serverless functions
• Data processed: all web requests (IP address, request data)
• Server location: European Union
• Privacy policy: vercel.com/legal/privacy-policy

MongoDB Atlas (MongoDB Inc.)

• Purpose: database storage
• Data processed: all stored data (accounts, games, participants, notifications)
• Server location: European Union
• Privacy policy: mongodb.com/legal/privacy-policy

Resend (Resend Inc.)

• Purpose: sending magic link login emails
• Data processed: email addresses
• Privacy policy: resend.com/legal/privacy-policy

Google (Google LLC)

• Purpose: OAuth sign-in
• Data processed: name, email, profile photo (during Google sign-in only)
• Privacy policy: policies.google.com/privacy

We use the following cookies:

authjs.session-token (or similar NextAuth cookie)

• Purpose: keeps you signed in
• Duration: session / 30 days
• Essential: yes

gramtam_pid_[gameId]

• Purpose: remembers that you joined a specific game (one cookie per game)
• Duration: 90 days
• Essential: yes (required for the join/leave functionality)

gramtam_nudge_dismissed

• Purpose: remembers that you dismissed the sign-up suggestion
• Duration: 7 days
• Essential: yes (prevents repeated prompting)

We do NOT use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as all cookies are strictly essential for the service to function.

We use privacy-friendly analytics that do not collect personal data and do not use cookies. No individual user tracking occurs.

• Account data: retained until you delete your account
• Game data: retained indefinitely for historical reference. Upon account deletion, organizer name is replaced with "Deleted user" and phone numbers are removed
• Participant data: retained with the game record. Phone numbers are removed upon account deletion
• Notifications: automatically deleted after 30 days
• Magic link tokens: deleted after use or after 10 minutes (whichever comes first)
• Browser cookies: expire as noted in Section 6

You have the following rights regarding your personal data:

Right to access (Art. 15): view your data in your profile at gramtam.com/profile

Right to rectification (Art. 16): edit your name, phone number, and city in your profile

Right to erasure (Art. 17): delete your account and all associated personal data via "Delete my account" in your profile. Games you organized will remain visible with "Deleted user" as organizer. Participant phone numbers are removed.

Right to data portability (Art. 20): export all your data as a JSON file via "Export my data" in your profile

Right to object (Art. 21): contact legal@gramtam.com to object to specific processing

Right to restrict processing (Art. 18): contact legal@gramtam.com

Right to lodge a complaint: you may file a complaint with the Polish supervisory authority - Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl

We may update this policy. Significant changes will be communicated to registered users. The "last updated" date at the top reflects the most recent revision.

For data protection matters: legal@gramtam.com
For general questions: hello@gramtam.com