BadInCo Logo

Privacy Policy

Draft for Review

Version: 1.0

Effective date: 30 Sep 2025

Jurisdiction: India (DPDP Act, 2023 and rules). Federation contexts may add sport-specific requirements.

1. Who we are

BadInCo ("we", "us") operates a tournament and ranking platform for badminton in India (web + mobile).
Contact: info@badinco.in, +91 7501335123.
Grievance Officer (India): _Name/Contact_
Registered office: _Address_

2. Scope

This Policy covers personal data we process to: register players and officials; manage tournaments (entries, draws, schedules, live scoring); publish results and rankings; operate player profiles; run payments; provide support; ensure security; and comply with law or federation obligations.

3. Legal basis & consent

We act as a Data Fiduciary under India's DPDP Act. Our primary legal bases are: (a) consent, (b) performance of a service requested by you (e.g., event registration), and (c) legitimate sporting interests such as integrity, transparency of results, and historical archives, where permitted by law. We will request verifiable parental consent for users under 18.

4. Categories of personal data

Identity & contact

Name, DOB/age band, photo (optional), gender category, club/association, state, identifiers.

Competition

Entries, seedings, draws, match events (points, cards), results, rankings/history, eligibility/discipline where lawful.

Account & usage

Login identifiers, preferences, device/IP, app telemetry, cookies similar technologies.

Payments

Payer contact, amount, method token, status; we do not store card PAN/CVV (handled by RBI-regulated gateway).

Support & compliance

Communications, documents you upload (e.g., age proof), fraud/abuse indicators, audit logs.

5. Purposes

  • Provide and improve the platform (registration → draws → live scoring → results → rankings).
  • Display public draws, live scores, results, and historical leaderboards.
  • Create and maintain verified player profiles and ELO-style ratings.
  • Ensure safety, prevent abuse, detect fraud, and secure our systems.
  • Process payments, refunds, and invoices via licensed financial partners.
  • Send essential service messages (entry confirmations, schedules, changes).
  • Research/analytics in aggregate (non-identifying) to improve fairness and performance.

6. Children & young players

  • Under-18s require verifiable parental consent to create or manage an account or to be entered by a guardian/club.
  • We do not offer targeted ads to minors; profiling is limited to tournament operations and rankings.

7. Publishing & transparency

We publicly display tournament draws, live scores, results, seedings, and rankings (with player name, club, category, and applicable identifiers). By entering a sanctioned competition, you acknowledge that this publication is necessary for fair and transparent sport administration. Video or photos from events may be published for reporting and promotion within lawful limits.

8. Sharing of data

Vendors/Processors: hosting, communications (email/SMS), analytics, support, KYC (if used), and payments — bound by contracts and reasonable security safeguards.

Federations/Associations/Clubs: limited competition data (entries, results, rankings) for sanctioning, eligibility, and archives, per contracts and law.

Legal/Integrity: disclosures to law-enforcement or integrity bodies when required.

Corporate changes: in mergers or acquisitions, subject to continuity of protections.

9. International transfers

If personal data is processed outside India, we use transfer mechanisms allowed by law and contracts. Security logs required by CERT-In remain stored in India for the mandated period.

10. Security

We implement proportional technical and organisational measures, including: TLS in transit; encryption at rest; access control and 2FA for admins; least-privilege; secure coding and dependency scanning; continuous logging and monitoring; backup and disaster recovery; vendor reviews; and periodic testing.

11. Retention

We keep data only as long as needed for the purposes above. Competition records (draws, results, rankings) are kept as a sporting archive. Accounts can request deletion; where deletion is not possible due to legal or integrity reasons, we will restrict and archive.

12. Your rights

Subject to law, you can: access, correct, update, and request deletion of your information; withdraw consent for optional features; and raise complaints with the Data Protection Board of India. We will verify identity before fulfilling requests.

13. Cookies & similar technologies

We use essential cookies for login and session security, and limited analytics for product improvement. You may control non-essential cookies via in-app settings where available.

14. Payments

Payments are handled by RBI-regulated Payment Aggregators/Gateways. We do not store raw card data. Refunds follow tournament and gateway policies.

15. Incident response & notifications

We maintain an incident-response plan. Notifiable cyber incidents are reported to CERT-In within 6 hours of awareness. If a breach risks your rights, we will notify you and, where required, the Data Protection Board of India.

16. Grievance & contact

Grievance Officer (India): _Name, designation_

Email: info@badinco.in

Phone: +91 7501335123

Postal: _Registered address_

17. Changes to this Policy

We will post updates with a new "Effective date" and, when changes are material, we will notify you through the product or by email.

*This draft is provided for product planning and legal review. It is not legal advice. Please consult counsel before publishing.*