Open TT — The Community Ladder

Privacy Policy

Last updated: 31 May 2026

At Open TT we take your privacy seriously. This policy explains what personal data we process when you use the platform, for what purpose, and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish data protection law (LOPDGDD).

Data controller

The controller of your data is José Manuel Muñoz García, with tax ID (NIF) 43423347Z and address in Barcelona, Spain.

For any privacy matter or to exercise your rights, you can contact us at mg.jmanuel@gmail.com.

Data we process

Account data: the email address and password you provide when registering. Passwords are always stored encrypted, never in plain text.

Player profile data: your sporting name or alias, your club and the sporting information linked to your activity (results, ranking and Elo · Glicko rating).

Technical and usage data: aggregated, anonymous information about how the website is used, collected through cookieless analytics (see below). This analytics data does not allow us to identify you.

Purpose and legal basis

We process your account and profile data to provide the service, manage your session, maintain your profile and calculate and display community rankings. The legal basis is the performance of the relationship you accept when registering (Art. 6.1.b GDPR).

We process usage data in aggregated, anonymous form to understand how the platform is used and to improve it, on the basis of our legitimate interest (Art. 6.1.f GDPR). As this is cookieless analytics with no personal data, it does not affect your individual rights.

Retention period

We keep your data for as long as your account remains active. If you close your account, we will delete or duly block your data for the periods legally required, after which it will be permanently erased.

Recipients

We do not share your data with third parties except where legally required. To provide the service we may rely on infrastructure providers (hosting) acting as processors under our instructions and with the safeguards required by the GDPR.

Security

We apply technical and organisational measures to protect your data. Your session is managed through an encrypted, httpOnly cookie that the browser carries but cannot read, and access tokens are never exposed to the client or stored in the browser.

Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability at any time by writing to mg.jmanuel@gmail.com, stating the right you wish to exercise.

If you believe the processing of your data does not comply with the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).