Kihapp Privacy Policy
Effective Date: 2025-10-01
Last Updated: 2025-10-01

This Privacy Policy describes how Kihapp AB (“Service Provider”, “we”) processes personal data when you use the Kihapp service (“Service”). It provides information required under the EU General Data Protection Regulation (GDPR).

Kihapp AB is a Swedish company. While our services are primarily directed towards the European Union, this policy also governs our operations in other countries.

The policy is divided into two parts based on our role in data processing.

Contact person for data protection matters: ville@kihapp.com

PART 1: KIHAPP AS A DATA CONTROLLER

This section applies when Kihapp acts as the data controller for personal data we collect for our own purposes. This includes data for managing User accounts, billing, developing the Service, and ensuring its security. The data Kihapp collects, how it is used, and who controls it, depends on how you use our services.

1.1. Purposes and Legal Basis for Processing

We collect your personal data for the following purposes:

  • To provide and develop the Service: We collect data to manage User accounts so that you can for example easily register for the competition without having to manually re-enter your information and to offer customer support. The legal basis is the performance of a contract between you and us, and our legitimate interest to develop our service.
  • To manage the contractual relationship: We process data for billing our service fees from Event Organizers and for communicating with all User types about the Service. The legal basis is the performance of a contract.
  • To ensure security and prevent misuse: We process technical data to monitor the security of our service. The legal basis is our legitimate interest.

1.2. Categories of Personal Data We Process

We process the following categories of personal data for the purposes described above.

If you have an account with Kihapp, we collect the following:

  • Your name (or other label - might not be your full or legal name)
  • Your email
  • Your club
  • The tournaments you have entered competitors in, or bought tickets to
  • The last IP address you used
  • Competition enrollment data (such as age and weight) that you have provided via your User account.

We collect this information so that we can offer the martial arts tournament management service (Kihapp Service) to you according to Terms and Conditions, personalize the way Kihapp works for you, so that you would more easily find the tournaments that are relevant to you and so that you could easily make new enrollments.

If you host tournaments with the help of Kihapp, we additionally collect the following:

  • The tournaments you have created
  • Your billing name
  • Your billing address

We collect this information for billing purposes. We use the information of which tournaments you have created so that we could better help you use Kihapp.

In addition, we collect following technical data to prevent misuse:

  • Technical and Usage Data: IP address, User Agent string.

1.3. How Kihapp Uses Data About You

Kihapp occasionally sends email updates about new features and other changes and improvements to Kihapp. To personalize these emails to make them more relevant to you, we use your data regarding tournaments you have created, as well as the tournaments you have made registrations in. If you want to stop receiving email updates from Kihapp, you can unsubscribe on your profile page.

In addition, Kihapp retains your competitor data after the tournament is completed, because you can use existing data as a template when registering for a new tournament.

1.4. Data Retention Periods

We store personal data only for as long as necessary for the purposes for which it was collected. The retention periods are determined by the following criteria:

  • User Account Data: Stored for as long as your User account is active. An account is considered active if a user has logged into it within the past two years. You can request to delete your account anytime by contacting us at hello@kihapp.com.
  • Billing Information: Stored for the period required by applicable accounting laws.

Upon the deletion of your account, your data for which we are the controller will be erased or anonymized without undue delay, unless legal obligations require longer storage.

1.5. Your Rights as a Data Subject

You have the following rights under the GDPR regarding the data for which we are the data controller. Requests to exercise these rights should be sent to the contact person mentioned above.

  • Right of Access: You have the right to obtain a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to have inaccurate or incomplete personal data corrected.
  • Right to Erasure (‘Right to be Forgotten’): You have the right to request the erasure of your data, for example, if it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing: You have the right to request the restriction of processing under certain conditions.
  • Right to Object: You have the right to object to processing that is based on our legitimate interest.
  • Right to Data Portability: You have the right to receive your personal data in a machine-readable format under certain conditions.
  • Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

1.6. Recipients and Transfers of Personal Data

Kihapp's data is accessible to the developer, and is protected by passwords and second-factor authentication. In addition, Kihapp may disclose or transfer or your data to:

  • Data Processors: We use third-party service providers for functions such as payment processing (e.g., Stripe) and cloud hosting. These processors are contractually bound to process data only on our behalf. Kihapp takes care to select only reputable and widely used processors.
  • Legal Requirements: We may disclose data if required by law or a binding order from a competent authority.

Kihapp uses the services of the following companies (Data Processors) to process your data.

Company Location
Amazon, Inc. United States
Google, Inc. United States
Heroku, Inc., a subsidiary of Salesforce, Inc. United States
Memcachier, Inc. United States
Slack, Inc. United States
Stripe Payments Europe, Ltd Ireland
Wideko AB Sweden

Data is primarily processed within the EU/EEA as the main storage location of user data is in the Republic of Ireland. Because Kihapp has users and customers worldwide, data is additionally stored and processed in all countries where we have processors, including the United States. If data is transferred outside the EU/EEA, we ensure that the transfer is lawful by using appropriate safeguards.

1.7. Regular Sources of Data

Personal data associated with a User account is provided directly by the account holder when they register for or use the Service. A User (account holder) may also provide personal data of other individuals, for instance, when registering a family member for an event. In order to ease re-registration, the Service may retrieve the competitor's previous registration details and pre-fill them when the competitor registers for a new event.

1.8. Requirement to Provide Data

Providing the personal data required for creating a User account is a contractual requirement. Without this information, you cannot use the Service.

1.9. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that would have legal or similarly significant effects on you.

1.10. Data Security

Your data is protected by passwords (both the host's and Kihapp's own), as well as second-factor authentication.

Kihapp uses data processing services from companies that specialize in that activity, and as such can provide top-class security. The companies from which Kihapp purchases physical data storage services are Heroku, Inc. and Amazon, Inc.

The physical security measures of the centers your data is stored are described here and here by our processors.

1.11. Minors

If you are under 16, you may only use the Service with the consent and supervision of a parent or legal guardian.

PART 2: KIHAPP AS A DATA PROCESSOR

This section applies when Kihapp AB acts as a data processor on behalf of an Event Organizer. In this role, the Event Organizer is the Data Controller.

2.1. Our Role and the Event Organizer's Responsibilities

When you register for a tournament for example as a competitor, coach, or referee, you enter into a relationship with the Event Organizer.

The Event Organizer determines the purposes and means of processing personal data for their specific event. The Event Organizer is responsible for providing you with information on how your data is used for their event and for the lawfulness of the data processing. It is also up to them to decide how to handle it, who to share it with and when to delete it.

Kihapp processes this data based on a written agreement and on the instruction of the Event Organizer.

2.2. Categories of Personal Data We Process

Data practices vary by tournament, but the most common cases are described here.

Competitor data is most often collected through a registration form on kihapp.com. Tournament hosts also have the ability to input competitor data into Kihapp that they have received by other means.

The data collected by the host varies by tournament, and depends on what kind of categories the tournament contains. Common attributes by which categories are defined are:

  • Age
  • Gender
  • Weight
  • Height
  • Level of experience (such as rank, number of previous fights, or time of training)

Collecting this data is important in the interest of safety of the competitors - so that competitors who are too far apart in terms of their physical attributes or their skills wouldn't accidentally compete against each other.

In addition, the following data is often also collected:

  • Name
  • Email
  • Phone number
  • Club affiliation
  • Nationality
  • Photo

Name, email and phone number are collected so that the host would be able to contact you.

Club affiliation and nationality are often used to determine competition arrangements, so that competitors would have opponents who are unfamiliar to them.

Photos are sometimes used for identification purposes.

We access competitor data on behalf of tournament hosts if it is necessary to correct errors or solve problems.

2.3. Publicity of Competition Information

The Event Organizer decides which information is made public within the Service.

However it’s important to notice that your name, club, competition category, and other information essential to the tournament (such as draw positions and results) will presumably be published in the Service. This information will be publicly visible as part of the event's participant lists, brackets, and results service, which is necessary for the execution of the competition.

Furthermore, when you sign up as a competitor from a specific club, your information is made visible to the club's representative to allow for the verification of their information and confirmation of their membership status.

2.4. Data Retention and Exercising Your Rights

Data processed on behalf of Event Organizers is stored in accordance with the instructions of the Event Organizer. This means that also the retention of your data is controlled by the tournament host.

As the Event Organizer is the data controller for this data, any requests to exercise your data subject rights (such as access or erasure) regarding information related to a specific tournament should be directed to the relevant Event Organizer.

Kihapp helps Event Organizers erase competitor data that is no longer required. The default retention period is 18 months after the tournament has been completed. However it's important to keep in mind that it is the Event Organizer who determines the data retention period.

If the Event Organizer decides to delete the event, all related data that we processed solely on their behalf will also be deleted. Similarly, if an Event Organizer decides to stop using our Service, we will delete all data that we have processed on their behalf, unless we are required to retain certain information for legitimate reasons, such as for billing and accounting purposes.