Privacy Policy
Last updated: February 15, 2026
1. Who We Are
HitFactor ("we", "us", "our") is a shooting competition management platform. We are the data controller responsible for your personal data. If you have questions about how we handle your data, you can reach our Data Protection contact at privacy@hitfactor.app.
2. Information We Collect
We collect information that you provide directly, information generated through your use of the platform, and limited technical data:
Account information: name, email address, password (stored as a one-way hash), optional profile details (display name, phone number, country, city, avatar image, shooting division and classification).
Competition data: match results, stage scores, leaderboard rankings, training session logs, drill attempts, and related performance data.
Club data: club memberships, roles within clubs, and club-related activity.
Payment data: subscription tier and billing history. Payment card details are processed directly by Stripe and are never stored on our servers.
Technical data: IP address, browser type, device information, login timestamps, and authentication tokens. This data is collected automatically to maintain security and improve the platform.
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
Contract performance: processing your account data and competition data is necessary to provide you with the platform services you signed up for.
Legitimate interest: we process technical data for security, fraud prevention, and platform improvement. We process usage data for analytics to understand how the platform is used and to fix issues.
Consent: we send marketing emails and competition newsletters only with your opt-in consent. You can withdraw consent at any time via your notification preferences.
4. How We Use Your Information
Your information is used to provide and improve our platform services, including match management, score tracking, leaderboard generation, training analytics, and club features. We use your email address to send account notifications (password resets, email verification, match updates). If you opt in, we may also send competition updates and newsletters. We use aggregated, anonymized data to understand platform usage patterns and improve our services.
5. Data Sharing
Match scores and leaderboard rankings are publicly visible by design, as transparency is essential to fair competition. Your email address is never shared publicly.
We do not sell your personal data to third parties. We share data only with service providers who assist in operating our platform, under strict data protection agreements:
Stripe — payment processing (processes your payment card data directly; we only receive transaction confirmations).
Email service provider — sending transactional emails (receives only your email address and the email content).
Sentry — error monitoring (receives anonymized technical data to help us diagnose and fix bugs).
6. Data Retention
Account data: retained for as long as your account is active. After account deletion, personal data is removed within 30 days. Anonymized competition records (scores, rankings) may be retained indefinitely as part of the historical match record.
Authentication tokens: refresh tokens expire after 7 days. Password reset tokens expire after 24 hours. Email verification tokens expire after 48 hours. Expired tokens are periodically purged.
Audit logs: retained for 2 years for security and dispute resolution purposes, then deleted.
7. Data Security
We implement industry-standard security measures to protect your personal data, including encrypted connections (TLS/HTTPS), passwords hashed with bcrypt, JWT-based authentication with short-lived access tokens and revocable refresh tokens, rate limiting to prevent brute-force attacks, and role-based access controls. We conduct regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Your Rights
Regardless of where you are located, you can:
Access and update your personal data through your profile settings at any time.
Delete your account from your profile settings, which will remove your personal data within 30 days.
Manage notification preferences to control what communications you receive.
If you are in the EEA, UK, or Switzerland, you also have the right to:
Request a portable copy of your data in a machine-readable format (right to data portability).
Restrict processing of your data in certain circumstances.
Object to processing based on our legitimate interests.
Lodge a complaint with your local data protection authority if you believe your rights have been violated.
To exercise any of these rights, contact us at privacy@hitfactor.app. We will respond within 30 days.
9. International Data Transfers
Our servers are located in the European Union. If data is transferred outside the EEA (for example, to service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or the service provider's participation in recognized data protection frameworks.
10. Children's Privacy
HitFactor is not directed at children under 14. We do not knowingly collect personal data from children under 14. Users between 14 and 18 may use the platform with parental consent. If you believe a child under 14 has provided us with personal data, please contact us and we will promptly delete it.
11. Cookies
We use essential cookies to maintain your session and authentication state. We do not use advertising or third-party tracking cookies. For full details, see our Cookie Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a prominent notice on the platform at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
13. Contact
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at privacy@hitfactor.app or visit our Contact page.