Legal
Privacy Policy
Last updated: July 2026
This is an English translation provided for convenience. The German version at startelf.at/datenschutz is legally binding.
This privacy policy informs you about which personal data we process when you visit the website startelf.at and when you use the Startelf app (iOS and Android), for what purpose this happens and which rights you have.
1. Data controller
The controller responsible for data processing within the meaning of the GDPR is:
David Krachler
Oeverseegasse 24
8020 Graz, Österreich
E-mail: support@startelf.at
2. Hosting
The website and the app backend are operated at AllInkl and Hostinger on servers located within the EU. The provider processes data exclusively on our behalf (processing on behalf of the controller pursuant to Art. 28 GDPR).
3. Visiting the website
Server log files
When you visit the website, technically necessary data transmitted by your browser is
processed: IP address, date and time of access, page accessed, volume of data transferred,
referrer URL as well as browser and operating system identifier.
This serves the secure and stable provision of the website.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
No cookies, no tracking
The website sets no analytics, marketing or tracking cookies and does not embed any web analytics services.
Fonts (Google Fonts)
The website loads fonts from Google Fonts (Google Ireland Ltd.). In doing so, your IP address is transmitted to Google when the page loads. Legal basis: Art. 6 (1) (f) GDPR. Further information: policies.google.com/privacy.
4. Using the app
Registration & sign-in
An account is required to use the app. Sign-in takes place via
Apple Sign-In, Google Sign-In or with an e-mail address
and password. Authentication is handled via Firebase Authentication
(Google). Among others, the e-mail address, display name and a unique user ID are processed.
The e-mail address is verified before access is granted.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).
Profile and player data
You can voluntarily provide profile details, such as position, strong foot, height,
date of birth, jersey number, country, profile picture and absences. This data is
visible within your teams.
Legal basis: Art. 6 (1) (b) GDPR.
Team, event and chat data
When creating and managing teams, events, acceptances/declines and chat messages
(including shared photos, videos and files), the respective content is stored on our
server and displayed to the members of the team.
Legal basis: Art. 6 (1) (b) GDPR.
Push notifications
For reminders and notices (e.g. new events, pending responses) we use
Firebase Cloud Messaging (Google). For this purpose a device token is
processed. You can deactivate push notifications at any time in your device settings.
Legal basis: Art. 6 (1) (b) and (f) GDPR.
Subscriptions & payments
Manager subscriptions are concluded via the stores (Apple App Store or
Google Play); payment processing is carried out exclusively by Apple or
Google. To manage and check the status of subscriptions we use
RevenueCat, Inc. In doing so, a pseudonymous user ID, purchase and
subscription status as well as product and expiry information are processed –
no complete payment data (credit card or similar).
Legal basis: Art. 6 (1) (b) GDPR.
Security & abuse protection
To protect against abusive use and automated requests, we verify the integrity of the app
via Firebase App Check (Play Integrity on Android, App Attest on iOS).
In doing so, device and integrity attributes are processed, but no profile content.
To limit the frequency of requests, the IP address may also be processed briefly.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
Error and crash diagnostics (Sentry)
For stability and troubleshooting we collect crash and error reports as well as
technical device and app information via the service Sentry
(Functional Software, Inc.). No automatic transmission of your IP address or
other personal data takes place; no user context is transmitted.
Sentry is operated in the EU region, and the data is stored in the EU.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stable and error-free
operation).
5. Recipients / processors
To provide our services we use the following service providers:
- Google (Firebase Authentication, Cloud Messaging & App Check) – sign-in, push and abuse protection
- Apple – Apple Sign-In and payment processing in the App Store
- Google Play – payment processing on Android
- RevenueCat, Inc. – management of subscriptions
- Sentry (Functional Software, Inc.) – error and crash diagnostics (EU region)
- AllInkl and Hostinger – operation of the website and backend
6. Transfer to third countries
Some of the aforementioned services (Google, Apple, RevenueCat) may process data in the USA. The transfer takes place on the basis of the EU Commission's standard contractual clauses or – where certified – the EU-US Data Privacy Framework. Sentry is operated in the EU region; in this respect no transfer to a third country takes place.
7. Retention period
We store personal data only for as long as it is necessary for the stated purposes or as provided for by statutory retention periods. Account and content data is removed when you delete your account; server log files are automatically deleted after a short time.
8. Deleting your account
You can delete your account and the associated personal data at any time:
- In the app: Profile → Settings → Delete profile. The account and your personal profile data are removed.
- Without the app / by request: Write to us at support@startelf.at using the e-mail address of your account. We delete your account and the associated personal data and confirm the deletion to you.
In particular, profile data (name, e-mail, profile picture, profile details), team memberships as well as your chat/event references are deleted or anonymised. For reasons of data integrity, anonymised residual information (e.g. depersonalised author references to team content already created) may be retained; this no longer allows any conclusions to be drawn about your person. Subscription/purchase receipts may be subject to statutory retention periods. Server log files are in any case automatically deleted after a short time.
9. Your rights
Under the GDPR you have the following rights:
- Access to the data stored about you (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Objection to the processing (Art. 21)
You also have the right to lodge a complaint with a data protection supervisory authority. In Austria this is the Österreichische Datenschutzbehörde (dsb.gv.at).
10. Contact
For matters relating to data protection you can reach us at:
David Krachler · Oeverseegasse 24, 8020 Graz, Österreich
E-mail: support@startelf.at