Privacy Policy

Last Updated: January 7, 2026

1. Introduction

Welcome to Clutch Companion ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

Our servers are located in the European Union, and we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

For the purposes of GDPR, Clutch Companion is the data controller responsible for your personal information.

3. Information We Collect

3.1 Information You Provide

  • Account information (email address, username, password)
  • Profile information
  • User-generated content (lineup sheets, configurations, comments)
  • Communications with us

3.2 Automatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies
  • Log files and error reports

4. How We Use Your Information

We use your information for the following purposes:

  • To provide, maintain, and improve our services
  • To create and manage your account
  • To respond to your inquiries and provide customer support
  • To detect, prevent, and address technical issues and security threats
  • To enforce our Terms of Service
  • To comply with legal obligations
  • To send service-related notifications and updates
  • To analyze usage patterns and improve user experience

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Improving our services, security, and fraud prevention
  • Legal Obligation: Complying with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities

6. Third-Party Services

We use the following third-party service providers:

6.1 Supabase

We use Supabase for database hosting, authentication, and storage services. Supabase is GDPR-compliant and processes data according to their privacy policy. Data is stored on servers located in the European Union.

6.2 Cloudflare

We use Cloudflare for content delivery, DDoS protection, and security services. Cloudflare is GDPR-compliant and acts as a data processor. Their services may temporarily cache content at edge locations worldwide to improve performance.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (Supabase, Cloudflare)
  • Legal Requirements: When required by law or to respond to legal processes
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of Rights: To protect our rights, property, or safety, or that of others
  • With Your Consent: When you explicitly authorize us to share information

8. International Data Transfers

While our primary servers are located in the European Union, some third-party services (such as Cloudflare's global CDN) may process data in other jurisdictions. When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

9. Your Rights Under GDPR

As a user in the EU/EEA, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for processing based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us using the information provided in Section 14.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal compliance.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Secure backup procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our services.

Types of cookies we use:

  • Essential Cookies: Required for the service to function
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Help us understand how users interact with our service

13. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will provide additional notice through email or a prominent notice on our service.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: hello [at] goclutch.pro

For GDPR-related inquiries, you may also contact your local data protection authority.