Legal

Official platform policies and legal information for Turbo Trophy. Provided for transparency and convenience; it does not replace independent legal advice.

Privacy Policy

How Turbo Trophy collects, uses, shares, and protects your personal data.

Last updated: 14 December 2025Contact: info@turbotrophy.com

This Privacy Policy explains how Turbo Trophy (“Turbo Trophy”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use https://www.turbotrophy.com and related applications and APIs (the “Service”). This Policy is intended to align with applicable privacy laws, including (where applicable) the Swiss Federal Act on Data Protection (DSG) and the EU/EEA/UK General Data Protection Regulation (GDPR). Additional notices for certain regions (e.g., California) are included below.

1. Controller and Contact

2. Scope


This Policy applies to:
  • visitors to our website;

  • registered users (players);

  • prize recipients and shipping contacts (where applicable);

  • support contacts; and

  • administrators and authorized personnel (where applicable).

3. Personal Data We Collect


We may collect the following categories of personal data (depending on how you use the Service):
  • Account and profile data: email, username, display name, profile settings, optional profile information, and role/permissions.

  • Authentication and security data: session identifiers, authentication events, security logs, audit logs for sensitive operations, device/browser details, IP address, and fraud/abuse signals.

  • Gameplay and platform data: challenge participation, entries, scores, plays, leaderboard positions, integrity/validation signals, cooldown/limit enforcement signals, and prize award status.

  • Purchase and billing metadata: purchase records, amounts, currency, timestamps, taxes/fees (if applicable), payment processor identifiers (e.g., Stripe session IDs), and refund/chargeback status. We do not store full payment card numbers (PAN) or CVV.

  • Communications: messages and attachments you submit through support or contact channels, and preferences/consents where applicable.

  • Cookies and similar technologies: as described in the Cookie Policy.

4. Sources of Personal Data


  • directly from you (registration, profile updates, challenge participation, purchases, support);

  • automatically through your use of the Service (logs, device data, cookies); and

  • from service providers (e.g., payment status from Stripe).

5. Purposes of Processing and Legal Bases


Where the GDPR (or similar laws) applies, we process personal data based on one or more of the following legal bases:
  • Contract necessity: to provide the Service, operate your account, process entries, display leaderboards, and fulfill prizes.

  • Legitimate interests: to secure the platform, prevent fraud/abuse, maintain fair play, debug issues, and improve reliability and user experience.

  • Legal obligations: to comply with accounting/tax rules, anti-fraud obligations, lawful requests, and regulatory requirements.

  • Consent: for non-essential cookies/analytics and certain marketing communications where consent is required. You may withdraw consent at any time.

6. Cookies and Similar Technologies


We use cookies and similar technologies for authentication, security, preferences, and (where enabled) analytics. See the Cookie Policy for categories, retention, and how to control your preferences. Where required by law, non-essential cookies will be used only after obtaining consent.

7. Sharing of Personal Data

We share personal data only as necessary to operate the Service, including with:
  • Hosting and database providers (e.g., Supabase): to host the platform, database, storage, and authentication. Access controls and row-level security are used to restrict data exposure.
  • Payment processors (e.g., Stripe): to process payments, handle fraud prevention, and manage chargebacks/refunds. We do not share full card data because we do not store it.
  • Operational service providers: such as email/notification providers, monitoring, logging, analytics (if enabled), and customer support tooling, subject to contractual confidentiality and data protection terms.
  • Legal/compliance: authorities, regulators, courts, or other parties where required by law or necessary to protect our rights, users, and platform integrity.

8. International Transfers


Your personal data may be processed in countries outside your country of residence, depending on our providers and infrastructure. Where required, we implement appropriate safeguards (e.g., adequacy decisions, standard contractual clauses, or equivalent mechanisms).

9. Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including:
  • Account data: for as long as your account remains active, and thereafter as required for legitimate interests or legal obligations.
  • Gameplay/integrity records: for audits, fairness, dispute handling, and leaderboard integrity; some records may be archived.
  • Security logs: for incident response, abuse prevention, and platform security.
  • Financial records: as required by applicable tax and accounting laws.

If you request deletion, we delete or anonymize data where feasible, while retaining data required for legal obligations, security, fraud prevention, and dispute resolution.

10. Security Measures

We implement technical and organizational measures appropriate to the risk, including:
  • access controls and least privilege;
  • row-level security at the database layer;
  • encryption in transit (TLS) and provider-level encryption at rest;
  • audit logging for sensitive administrative actions;
  • segregation of payment processing via third-party processors.

No system is perfectly secure. If you believe your account or data may be at risk, contact info@turbotrophy.com.

11. Your Rights

Depending on your location and applicable law, you may have rights including:
  • access to your personal data;
  • correction/rectification;
  • deletion/erasure;
  • restriction of processing;
  • objection to processing (including certain legitimate interest processing);
  • data portability; and
  • withdrawal of consent (where processing is based on consent).

We may need to verify your identity before fulfilling requests. To exercise your rights, contact info@turbotrophy.com.

12. Marketing Communications

If we send marketing communications, you can opt out using the unsubscribe link where provided or by contacting info@turbotrophy.com. Service-related communications (e.g., security or account notifications) may still be sent as necessary.

13. Automated Decision-Making

We may use automated signals for fraud prevention, integrity checks, and enforcement of challenge limits. Where such processing produces legal or similarly significant effects, we provide appropriate safeguards as required by law.

14. Children

The Service is intended for adults (18+ or age of majority). We do not knowingly collect personal data from children. If you believe a minor has provided data, contact info@turbotrophy.com.

15. Region-Specific Notice (California)

If you are a California resident, you may have rights under the CCPA/CPRA (as applicable), including the right to know, delete, correct, and opt out of certain “sharing”/“selling” of personal information. Turbo Trophy does not sell personal information in the traditional sense. To exercise applicable rights, contact info@turbotrophy.com.

16. Changes to This Policy

We may update this Policy to reflect changes to the Service or legal requirements. Material changes will be communicated through the Service where appropriate. Continued use after the effective date of changes constitutes acceptance where permitted by law.