MECCIPrivacy Policy of Mecci

Last updated: 22 Agosto 2025

1) Data Controller

The Data Controller of personal data is:

Mecci.app
Privacy contact / exercise of rights: info@mecci.app

The Controller is not required to appoint a DPO under Arts. 37โ€“39 GDPR, unless otherwise assessed in the future.

2) Types of data processed

{appName} processes exclusively the data necessary for service operation and platform security.

a) Account data

  • name, surname, email
  • avatar and identifier issued by OAuth provider (e.g. Google)
  • account settings

b) Data generated from app usage

  • tournaments created, teams, participants, calendars, results
  • statistics and interactions with app features

c) Technical and security logs

  • IP address
  • user agent / device
  • audit logs related to access, modifications and relevant activities, for security and abuse prevention purposes

d) Payment data (Pro users only)

  • transaction outcome
  • amount, order reference, purchased plan
  • license validity period

{appName} does not store complete payment card data, processed exclusively by certified providers (Stripe, PayPal or equivalents).

e) Cookies and similar technologies

  • technical cookies for proper website/app operation
  • any analytical or aggregate measurement cookies only with prior consent, where required

3) Purposes and legal bases of processing (Art. 6 GDPR)

a) Authentication, account creation and management
Legal basis: contract execution (Art. 6.1.b GDPR).

b) Use of app features (tournament management, teams, matches, results)
Legal basis: contract execution (Art. 6.1.b GDPR).

c) Security, abuse prevention, technical monitoring and auditing
Legal basis: Controller's legitimate interest in ensuring security, integrity and service continuity (Art. 6.1.f GDPR).

d) Billing, accounting and regulatory compliance
Legal basis: legal obligation (Art. 6.1.c GDPR).

e) Service communications (technical updates, plan expiry notices, functional changes)
Legal basis: contract execution (Art. 6.1.b GDPR).

f) Aggregate analysis, product improvement, UX optimization
Legal basis: legitimate interest (Art. 6.1.f GDPR). For non-essential analytical tools, consent is required where necessary (Art. 6.1.a GDPR).

4) Data provision

Providing data required during registration and for tournament management is essential for service use. Refusal results in the inability to create or use the account.

5) Data retention

a) Account data
Retained until account deletion by the user.

b) Tournament, match and generated content data
Retained for the time necessary to provide the service. Following account deletion, they may be anonymized or maintained in non-user-identifiable form, when necessary for statistical purposes or to preserve historical consistency of tournaments.

c) Security and audit logs
Retained approximately for 12โ€“24 months, except for additional retention needs in case of security incidents or legal defense.

d) Fiscal and billing data
Retained for terms provided by Italian regulations (e.g. 10 years).

6) Data recipients

Personal data may be processed by:

  • hosting and cloud infrastructure providers
  • authentication providers
  • payment services
  • consultants or authorized processing subjects

These subjects operate as Data Processors under Art. 28 GDPR.

The updated list of processors is available upon request.

Data is not sold nor transferred to third parties for autonomous commercial purposes.

7) Extra-EU data transfers

Where some providers operate outside the European Economic Area, data transfer occurs in compliance with Arts. 44โ€“49 GDPR, through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCC)
  • further guarantees required by GDPR

8) Data subject rights

The user may exercise at any time the rights provided by Arts. 15โ€“22 GDPR, including:

  • access to personal data
  • rectification and update
  • deletion ("right to be forgotten")
  • processing limitation
  • opposition
  • data portability

Requests must be sent to: info@mecci.app

The user also has the right to lodge a complaint with the Data Protection Authority.

9) Cookies

{appName} uses technical cookies necessary for website and user area operation.

Any analytical or profiling cookies are activated only with prior consent through the appropriate banner, when provided.

For more details, a dedicated Cookie Policy is available (if adopted).

10) Minors

The service is not intended for minors under 14 without parental or guardian consent.

The user registering an account declares to have the minimum required age.

11) Changes to this notice

This Privacy Policy may be updated over time. Changes will be published on this page and, where relevant, communicated via email or in-app notifications.

Continued use of the service implies acceptance of the updated version of the notice.

See also the Terms of Service of Mecci