Privacy Policy

This policy explains what personal data Taekwondo Competition Manager (operated by WebMatter) collects, how we use it, and the rights you have under UK GDPR and the Data Protection Act 2018.

1. Who we are

Taekwondo Competition Manager ("we", "us", "our") is operated by WebMatter, a United Kingdom sole trader providing competition management software for martial arts organisations. You can contact us at info@webmatter.co.uk.

For the purposes of UK GDPR, WebMatter is the data controller for personal data you provide directly to us (for example when you create an account or contact support). When you use our software to run a competition, you are the controller for your competitors' data and we act as a data processor on your behalf.

2. What data we collect

Information you give us

• Account details: name, email address, organisation name, optional club name and country.
• Billing information: billing email, postal address, and payment records. Card details are handled by our PCI-compliant payment provider (Stripe) — we never see or store full card numbers.
• Competition data: contestants, categories, matches, rings, scores, and results you enter into the platform.
• Support messages: any emails or feedback you send us.

Information collected automatically

• Anonymous page-view statistics on our public marketing pages. We store the page path, referrer, and a one-way hash of your IP address and user agent. We do not store the raw IP, and this data cannot be used to identify you.
• Server logs used for debugging and security (retained 14 days).

We do not use Google Analytics, Facebook Pixel, or any third-party advertising tracker.

3. Legal bases

We process personal data on the following UK GDPR bases:

• Contract — to create and operate your account and deliver the services you have purchased.
• Legitimate interests — to keep the platform secure, prevent abuse, measure anonymous traffic, and improve the product.
• Consent — for marketing emails (you can opt out at any time via the unsubscribe link in every email).
• Legal obligation — to retain invoices and tax records as required by HMRC.

4. How we use your data

• To provide, operate, and maintain the service you signed up for.
• To process payments and send receipts and licence keys.
• To respond to support requests and feedback.
• To send service emails (security, billing, product updates you opted in to).
• To diagnose bugs and improve the platform.
• To comply with UK law (tax, fraud prevention).

5. Sharing

We never sell your personal data. We share limited data only with the following processors, all under written data-processing agreements:

• Stripe — payment processing.
• Our UK hosting provider — to run the servers and databases that store your account and competition data.
• Transactional email provider — to deliver receipts, password resets, and service emails.

We will also disclose data if required by a valid legal order (for example a court order or a request from UK law enforcement).

6. International transfers

Our primary servers are located in the United Kingdom. Some sub-processors (such as Stripe) may transfer data outside the UK/EEA. Where this happens, we rely on UK International Data Transfer Agreements or adequacy decisions to ensure your data is protected.

7. How long we keep data

• Account data — while your account is active, plus 12 months after closure.
• Competition data — until you delete it or close your account.
• Invoices and tax records — 6 years (HMRC requirement).
• Anonymous page-view stats — 24 months then purged.
• Support tickets — 24 months.

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion ("right to be forgotten") subject to our legal retention duties.
• Restrict or object to processing.
• Request a copy in a machine-readable format (data portability).
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email info@webmatter.co.uk. We will respond within one month.

9. Security

All traffic to and from the platform is encrypted with TLS. Passwords are salted and hashed with bcrypt. Database backups are encrypted at rest. Access to production systems is restricted and audited.

10. Children

The platform is designed for adult competition organisers. We do not knowingly collect personal data directly from children under 13. Where organisers enter minors as competitors, the organiser is the controller for that data.

11. Changes

We may update this policy from time to time. The "last updated" date at the top of this page indicates when the most recent change was made. Material changes will be announced via email or an in-app notice.

Cookie Policy →   |   Terms of Service →