This page explains what personal data we collect when you use Tennis Mind (the website at tennis-mind.com and the iOS and Android apps), why we collect it, and what your rights are. It complies with the EU General Data Protection Regulation (GDPR) and Slovenia's Personal Data Protection Act (ZVOP-2).
1. Who we are (data controller)
The data controller is MADRAS - LINE d.o.o., Levičnikova ulica 4A, 1000 Ljubljana, Slovenia. Registration number: 5620198000. Tax number: 59594519.
For privacy questions, write to info@tennis-mind.com.
2. What data we collect, why, and the legal basis
Tennis Mind currently offers free access. We collect the minimum needed to run the service:
- Guest profile (device identifier) — when you first open the app we generate a random identifier (a UUID) on your device so your progress and preferences (level, accuracy, court theme, 2D/3D mode) can be saved and restored. The identifier is stored locally and is not linked to your real identity. We do not create an anonymous Firebase user. Legal basis: legitimate interest (Art. 6(1)(f)) in providing a usable, stateful service.
- Google or Apple sign-in (optional) — if you choose to save your progress across devices and sign in, we receive your email address, display name, profile photo URL, and a unique Firebase user ID from the chosen provider. Your guest progress is then migrated to that account. Legal basis: consent (Art. 6(1)(a)) — you trigger the sign-in.
- Profile data — display name and any preferences you set. Legal basis: performance of contract (Art. 6(1)(b)).
- Local-only data — court theme, court mode, and intro-shown flag are stored in your browser's local storage on the device. We do not transmit this. Legal basis: not personal data once stored locally.
- Technical data — IP address and basic device info reach Firebase Hosting and Authentication during normal HTTPS requests. Legal basis: legitimate interest in operating and securing the service.
- Product analytics — on the web app we use Firebase Analytics (Google Analytics 4) to understand how the drill is used and where people drop off. See Section 3 for the full list of events and how we keep this minimal. Legal basis: legitimate interest (Art. 6(1)(f)) in measuring and improving the service. We do not use analytics for advertising and we do not share analytics data with third parties for their own purposes. The native iOS and Android apps do not currently send analytics.
3. Product analytics
We use Firebase Analytics (Google Analytics 4) on the web app to understand how the drill is used and where people drop off. IP anonymisation is on by default. We collect the following categories of usage data:
- Gameplay — which scenarios you start and answer, the zone you chose, whether it was correct, your level and accuracy.
- Conversion — when you reach the end of the guest pool and how you respond to the sign-in prompt.
- Sign-in — provider used and, on failure, a non-personal error code.
- Errors — a short hash of the error fingerprint so we can spot crashes. We never receive the raw stack trace or anything you typed.
We deliberately do not send your email, display name, profile photo, or any directly identifying data to analytics. We do not use analytics for advertising and we do not share analytics data with third parties for their own purposes. If we ever introduce non-essential tracking (advertising IDs, cross-site cookies, third-party SDKs that profile users), we will ask for your explicit consent first via a banner using Firebase Consent Mode v2.
4. Cookies and similar technologies
Tennis Mind uses only strictly necessary storage plus the analytics storage described in Section 3:
- A session token managed by Firebase Authentication when you sign in.
- Browser
localStorageentries for your court theme, 2D/3D mode, intro-shown flag, and guest device identifier. - Firebase Analytics cookies (
_ga,_ga_*) on the web app, used only for the in-house product analytics described in Section 3.
The strictly necessary entries do not require consent under the ePrivacy framework. The analytics cookies are set under legitimate interest as explained above; you can block them at the browser level at any time and the app will continue to work.
5. Who we share data with
We do not sell your data. We use the following processors, each strictly to run the service:
- Google LLC / Google Ireland Ltd. — Firebase Authentication (sign-in), Firebase Hosting (web), and Firebase Analytics / Google Analytics 4 (product analytics, web only). The iOS and Android apps are distributed via the Apple App Store and Google Play Store, which receive only the data those stores require to install the app.
- Apple Inc. — only if you choose Sign in with Apple. Apple sends us a unique identifier and, if you allow it, your email and display name.
EU data centres are used where available; some processing may occur in the United States under the EU-U.S. Data Privacy Framework or the European Commission's 2021 Standard Contractual Clauses.
6. International transfers
Where Google or Apple processes data outside the European Economic Area, we rely on adequacy decisions or the European Commission's 2021 Standard Contractual Clauses to provide the equivalent level of protection required by the GDPR.
7. How long we keep your data
- Guest profile state: until you clear your browser or app data.
- Account data (Google / Apple sign-in): until you delete your account or ask us to delete it, then within 30 days of the request.
- Analytics events: retained by Firebase Analytics for 14 months, then deleted automatically. Aggregated, non-identifying reports may be kept longer.
- Server logs: 30 days, then deleted.
8. Your rights
Under the GDPR you can, at any time:
- request a copy of the data we hold about you (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased, where the law allows (Art. 17);
- restrict or object to processing (Art. 18 and 21);
- receive your data in a portable format (Art. 20);
- withdraw consent at any time, without affecting the lawfulness of past processing (Art. 7(3)).
To exercise any of these, write to info@tennis-mind.com. You also have the right to lodge a complaint with the Slovenian Data Protection Authority — Informacijski pooblaščenec, ip-rs.si.
9. Security
We rely on Google Cloud's infrastructure controls (encryption in transit and at rest, identity-based access).
10. Automated decision-making
We do not make automated decisions that produce legal or similarly significant effects on you (no automated profiling, no automated account closure).
11. Changes to this policy
We update this policy when our practices or sub-processors change. Material changes are signposted on this page and dated above; small edits (typos, clarifications) are made silently. Always check the "Last updated" date.