Privacy Policy

Effective date: 29 May 2026 · Operator: Ashok Kumar (“we”, “Madbinton”) · Contact: madbintonninja@gmail.com

Madbinton is a badminton scoring, tournament, and club-management app. This Privacy Policy explains what personal data we collect through the Madbinton mobile app and backend services, how we use it, who we share it with, and the rights you have over it.

By using Madbinton you agree to this policy. If you don’t agree, please don’t use the app.

1. What we collect

1.1 Account data (provided by you)

Mobile number — used for OTP-based sign-in.
Display name and user ID — shown on scorecards, leaderboards, and club rosters.
Country and state — used to surface relevant clubs and tournaments.
Gender and date of birth — used for tournament eligibility (age categories, gender brackets) and demographics.
Profile photo (optional) — only if you upload one.

1.2 Sports activity (generated by your use of the app)

Match results, scores, rallies.
ELO ratings, win/loss counts, tournament standings.
Club memberships, join requests, organizer assignments.

1.3 Device data (collected automatically)

Authentication tokens issued by Firebase Authentication.
App version, OS version, and device model in crash and error logs.
IP address — used by our rate-limiter to block abuse; not stored long-term.

1.4 Contacts (only if you grant the permission)

If you tap “Add player from contacts,” Madbinton reads contact name and phone number for the contact you select — only at the moment of selection, never in bulk. We do not upload, store, or analyze your contacts list. If you deny the permission, the feature falls back to manual entry.

We do not collect: precise GPS location, microphone audio, camera images, browsing history, financial data, health/biometric data, or advertising identifiers.

2. How we use it

To run your account (sign-in, profile, sessions).
To match you with clubs, tournaments, and other players in your geography.
To compute and display ELO rankings and stats.
To send OTP codes via SMS for sign-in and account claim.
To send push and in-app notifications about your matches and tournaments (you can disable these in Profile → Notifications).
To enforce our rate-limits and detect abuse (e.g., OTP brute-force protection).

We do not sell or rent your personal data to third parties. We do not run advertising in Madbinton.

3. Who we share it with

We share the minimum necessary data with these processors so the app can function:

Processor	What we share	Where it’s processed
Google Firebase Authentication	Mobile number, Firebase user ID	United States
Amazon Web Services (AWS) — EC2 / RDS	All app data (encrypted in transit and at rest)	Mumbai, India
AWS Simple Notification Service (SNS)	Mobile number + OTP code	Mumbai / global SMS carriers

Each provider is bound by contractual data-processing terms and serves a specific operational function only. We do not share data with advertisers or analytics brokers.

4. Data retention

Account data is retained while your account exists.
Match results, tournament records, and club history are retained indefinitely so that other players’ rankings, brackets, and stats remain coherent.
OTP codes and login attempt counters are held in memory for 10–15 minutes and then deleted.
Server logs containing IP addresses are retained for up to 30 days for security analysis.

5. Your rights

You can, at any time:

Access your data — open Profile to view everything we hold about you.
Correct your data — edit your display name, country/state, gender, or date of birth in Profile.
Delete your account — Profile → Delete Account → type DELETE and confirm. When you delete:
- Your display name is replaced with “Deleted User.”
- Your mobile number and avatar are erased.
- Your authentication is revoked and your sessions ended.
- Past match results stay visible to other players (because their rankings and tournaments would otherwise break) but no longer identify you.
- This action is permanent. We cannot restore a deleted account.
Withdraw consent — uninstalling the app revokes its access to your device contacts and push notifications. Account deletion is still required to remove server-side data.

You can also email madbintonninja@gmail.com with any of these requests and we will action them within 30 days.

6. Children

Madbinton is intended for users aged 13 and over. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has registered, contact us and we’ll delete the account.

7. Security

All traffic between the app and our servers is encrypted with TLS (HTTPS).
Authentication is handled by Firebase using short-lived ID tokens — we never see a password (there isn’t one; we use OTP).
OTP endpoints are rate-limited and locked after 5 wrong attempts within 15 minutes.
Database backups are encrypted at rest on AWS.

No system is perfectly secure. If we ever experience a breach affecting your personal data, we will notify you and the relevant authorities within 72 hours per applicable law.

8. International transfers

Some of our processors operate outside India (Firebase / Google in the United States). By using Madbinton you consent to your data being transferred to and processed in these locations under the safeguards described above.

9. Legal basis (DPDPA 2023, India)

We process your personal data under the following bases:

Consent — for collecting your phone, profile fields, and contacts.
Legitimate use — for processing match results, club memberships, and security logs.

You may withdraw consent at any time via Profile → Delete Account or by emailing us.

10. Changes to this policy

We may update this policy from time to time. The “Effective date” at the top will change. Material changes will be announced in the app on next sign-in.

11. Contact

Questions or requests:
Ashok Kumar
madbintonninja@gmail.com