Startelf
Features How it works FAQ
DE | EN
Get the app

Legal

Privacy Policy

Last updated: July 2026

This is an English translation provided for convenience. The German version at startelf.at/datenschutz is legally binding.

This privacy policy informs you about which personal data we process when you visit the website startelf.at and when you use the Startelf app (iOS and Android), for what purpose this happens and which rights you have.

1. Data controller

The controller responsible for data processing within the meaning of the GDPR is:

David Krachler
Oeverseegasse 24
8020 Graz, Österreich
E-mail: support@startelf.at

2. Hosting

The website and the app backend are operated at AllInkl and Hostinger on servers located within the EU. The provider processes data exclusively on our behalf (processing on behalf of the controller pursuant to Art. 28 GDPR).

3. Visiting the website

Server log files

When you visit the website, technically necessary data transmitted by your browser is processed: IP address, date and time of access, page accessed, volume of data transferred, referrer URL as well as browser and operating system identifier. This serves the secure and stable provision of the website.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).

No cookies, no tracking

The website sets no analytics, marketing or tracking cookies and does not embed any web analytics services.

Fonts (Google Fonts)

The website loads fonts from Google Fonts (Google Ireland Ltd.). In doing so, your IP address is transmitted to Google when the page loads. Legal basis: Art. 6 (1) (f) GDPR. Further information: policies.google.com/privacy.

4. Using the app

Registration & sign-in

An account is required to use the app. Sign-in takes place via Apple Sign-In, Google Sign-In or with an e-mail address and password. Authentication is handled via Firebase Authentication (Google). Among others, the e-mail address, display name and a unique user ID are processed. The e-mail address is verified before access is granted.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

Profile and player data

You can voluntarily provide profile details, such as position, strong foot, height, date of birth, jersey number, country, profile picture and absences. This data is visible within your teams.
Legal basis: Art. 6 (1) (b) GDPR.

Team, event and chat data

When creating and managing teams, events, acceptances/declines and chat messages (including shared photos, videos and files), the respective content is stored on our server and displayed to the members of the team.
Legal basis: Art. 6 (1) (b) GDPR.

Push notifications

For reminders and notices (e.g. new events, pending responses) we use Firebase Cloud Messaging (Google). For this purpose a device token is processed. You can deactivate push notifications at any time in your device settings.
Legal basis: Art. 6 (1) (b) and (f) GDPR.

Subscriptions & payments

Manager subscriptions are concluded via the stores (Apple App Store or Google Play); payment processing is carried out exclusively by Apple or Google. To manage and check the status of subscriptions we use RevenueCat, Inc. In doing so, a pseudonymous user ID, purchase and subscription status as well as product and expiry information are processed – no complete payment data (credit card or similar).
Legal basis: Art. 6 (1) (b) GDPR.

Security & abuse protection

To protect against abusive use and automated requests, we verify the integrity of the app via Firebase App Check (Play Integrity on Android, App Attest on iOS). In doing so, device and integrity attributes are processed, but no profile content. To limit the frequency of requests, the IP address may also be processed briefly.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).

Error and crash diagnostics (Sentry)

For stability and troubleshooting we collect crash and error reports as well as technical device and app information via the service Sentry (Functional Software, Inc.). No automatic transmission of your IP address or other personal data takes place; no user context is transmitted. Sentry is operated in the EU region, and the data is stored in the EU.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stable and error-free operation).

5. Recipients / processors

To provide our services we use the following service providers:

  • Google (Firebase Authentication, Cloud Messaging & App Check) – sign-in, push and abuse protection
  • Apple – Apple Sign-In and payment processing in the App Store
  • Google Play – payment processing on Android
  • RevenueCat, Inc. – management of subscriptions
  • Sentry (Functional Software, Inc.) – error and crash diagnostics (EU region)
  • AllInkl and Hostinger – operation of the website and backend

6. Transfer to third countries

Some of the aforementioned services (Google, Apple, RevenueCat) may process data in the USA. The transfer takes place on the basis of the EU Commission's standard contractual clauses or – where certified – the EU-US Data Privacy Framework. Sentry is operated in the EU region; in this respect no transfer to a third country takes place.

7. Retention period

We store personal data only for as long as it is necessary for the stated purposes or as provided for by statutory retention periods. Account and content data is removed when you delete your account; server log files are automatically deleted after a short time.

8. Deleting your account

You can delete your account and the associated personal data at any time:

  • In the app: Profile → Settings → Delete profile. The account and your personal profile data are removed.
  • Without the app / by request: Write to us at support@startelf.at using the e-mail address of your account. We delete your account and the associated personal data and confirm the deletion to you.

In particular, profile data (name, e-mail, profile picture, profile details), team memberships as well as your chat/event references are deleted or anonymised. For reasons of data integrity, anonymised residual information (e.g. depersonalised author references to team content already created) may be retained; this no longer allows any conclusions to be drawn about your person. Subscription/purchase receipts may be subject to statutory retention periods. Server log files are in any case automatically deleted after a short time.

9. Your rights

Under the GDPR you have the following rights:

  • Access to the data stored about you (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection to the processing (Art. 21)

You also have the right to lodge a complaint with a data protection supervisory authority. In Austria this is the Österreichische Datenschutzbehörde (dsb.gv.at).

10. Contact

For matters relating to data protection you can reach us at:

David Krachler · Oeverseegasse 24, 8020 Graz, Österreich
E-mail: support@startelf.at

Startelf

The app for your amateur football team.

Features How it works FAQ Download Support Changelog Privacy Terms
DE | EN

© 2026 Startelf. Made with passion for amateur football.