Legal

Privacy Policy

Last updated: 2026-04-12. For the Terms of Service, see Terms of Service.

1. Introduction

This Privacy Policy explains how the operator of DrawGen (“we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with the DrawGen websites, applications, and related services (collectively, the “Services”), including when you visit drawgen.app, create an account, build or publish tournament information, or contact us for support.

By using the Services, you acknowledge that you have read this policy. If you do not agree, do not use the Services.

2. Who is responsible for your information?

For the purposes of applicable data protection laws, the operator of DrawGen is the controller of personal information described in this policy, unless we state otherwise (for example, where we process information solely on behalf of an organizer as a processor—see Section 4).

Contact: support@drawgen.app

3. Personal information we collect

We collect information in the following categories (specific fields may evolve as the product changes):

3.1 Information you provide

Account and profile: email address, password or authentication credentials, display name, role (for example organizer vs player), and settings you save in the app.
Billing (when enabled): subscription selections, billing contact details, and payment-related identifiers. Card data is processed by our payment processor (Stripe); we do not receive your full card number.
Support and communications: messages you send us (including via contact forms or email), and metadata needed to respond.
Tournament and event content: player names, match results, schedules, club or event names, published portal content, invite lists, notification preferences, and similar operational data you enter to run events.

3.2 Information collected automatically

Device and technical data: IP address, browser type, device type, operating system, approximate location derived from IP, referrer URLs, and timestamps.
Usage data: pages and features viewed, actions taken in the Services, diagnostic events, and performance metrics needed to operate and secure the platform.
Cookies and similar technologies: we use cookies and local storage as needed for authentication, preferences, security, and (if enabled) analytics. You can control many cookies through browser settings.

3.3 Information from third parties

Authentication provider: our auth infrastructure (Supabase) processes sign-in according to its terms and our configuration.
Payment processor: Stripe provides payment status, customer IDs, and fraud signals as needed to operate billing.
AI provider: when you use AI features, prompts and contextual information are transmitted to our AI vendor to generate responses.
Email delivery: when we send email through our provider (for example Resend), the provider processes recipient addresses and delivery events.

4. Organizer content and player information

Organizers may upload or enter personal information about players (for example names and contact information used for invites). Organizers are responsible for having a lawful basis to collect and use that information and for providing any required notices to participants. Where we process such information strictly to provide the Services to an organizer, we may act as a processor on the organizer’s behalf.

Published portals and share links may expose non-sensitive event information to anyone with access to the link. Do not publish data you are not permitted to share.

5. How we use personal information

We use personal information to:

Provide, maintain, improve, and secure the Services;
Create and manage accounts, authenticate users, and enforce role-based access;
Process subscriptions, invoices, and payment-related communications when billing is enabled;
Operate AI-assisted features when enabled for your account tier;
Send transactional and service messages (for example security alerts, receipts, delivery failures);
Provide customer support and respond to inquiries;
Detect, prevent, and respond to fraud, abuse, security incidents, and illegal activity;
Comply with law, enforce our Terms, and protect rights, safety, and property; and
Analyze usage in aggregate or de-identified form to improve the product.

6. Legal bases (EEA, UK, and Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of:

Contract — processing necessary to perform our agreement with you;
Legitimate interests — securing the Services, improving features, preventing abuse, and internal analytics, balanced against your rights;
Consent — where required for specific activities (for example certain cookies or marketing communications, if offered); and
Legal obligation — where we must retain or disclose information to comply with law.

7. How we disclose information

We disclose personal information as follows:

Service providers (subprocessors) who assist us under contractual obligations (see Section 8);
Organizers and players through features you use (for example publishing draws);
Legal and safety when required by law, legal process, or to protect users and the public; and
Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell personal information for money as “sale” is commonly understood in U.S. state privacy laws.

8. Subprocessors

We use the categories of vendors below. Specific vendors and purposes may change; we will update this policy or a linked page for material changes where required.

Category	Examples / purpose
Hosting & infrastructure	Application hosting and serverless execution (for example Vercel or comparable).
Database & authentication	Supabase (account storage, database, authentication).
Payments	Stripe (checkout, billing, fraud prevention).
Email	Resend or comparable transactional email delivery.
AI	OpenAI or other model providers for assistant features.
Analytics (if enabled)	Product analytics vendors if we enable them.

9. International transfers

We may process information in the United States and other countries where we or our vendors operate. If we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms, where required.

10. Retention

We retain personal information for as long as necessary to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention periods depend on the data category (for example billing records may be retained longer for tax and accounting obligations). You may request deletion subject to Section 11 and legal exceptions.

11. Your privacy rights

11.1 General

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority.

11.2 EEA / UK / Switzerland

You may exercise GDPR (or UK/Swiss equivalent) rights by emailing support@drawgen.app. We may verify your request and ask for additional information.

11.3 United States — California and other states

If a U.S. state privacy law applies to you, you may have rights to access, delete, correct, and opt out of certain processing (including targeted advertising or “sales”/sharing where defined by law). Contact us at the email above. We do not discriminate for exercising rights.

11.4 Canada

If Canadian privacy law applies, you may have rights to access and challenge the accuracy of your personal information. Contact us at the email above.

12. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and vendor security requirements. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

13. Children

The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

14. Third-party links and services

The Services may link to third-party sites or integrate third-party features. Their collection and use of information is governed by their policies, not this one.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. If changes are material, we will provide additional notice as required by law (for example email or in-app notice).

16. Contact

Questions or requests: support@drawgen.app or Contact.

Legal

Privacy Policy

Last updated: 2026-04-12. For the Terms of Service, see Terms of Service.

1. Introduction

By using the Services, you acknowledge that you have read this policy. If you do not agree, do not use the Services.

2. Who is responsible for your information?

Contact: support@drawgen.app

3. Personal information we collect

We collect information in the following categories (specific fields may evolve as the product changes):

3.1 Information you provide

Account and profile: email address, password or authentication credentials, display name, role (for example organizer vs player), and settings you save in the app.
Billing (when enabled): subscription selections, billing contact details, and payment-related identifiers. Card data is processed by our payment processor (Stripe); we do not receive your full card number.
Support and communications: messages you send us (including via contact forms or email), and metadata needed to respond.
Tournament and event content: player names, match results, schedules, club or event names, published portal content, invite lists, notification preferences, and similar operational data you enter to run events.

3.2 Information collected automatically

Device and technical data: IP address, browser type, device type, operating system, approximate location derived from IP, referrer URLs, and timestamps.
Usage data: pages and features viewed, actions taken in the Services, diagnostic events, and performance metrics needed to operate and secure the platform.
Cookies and similar technologies: we use cookies and local storage as needed for authentication, preferences, security, and (if enabled) analytics. You can control many cookies through browser settings.

3.3 Information from third parties

Authentication provider: our auth infrastructure (Supabase) processes sign-in according to its terms and our configuration.
Payment processor: Stripe provides payment status, customer IDs, and fraud signals as needed to operate billing.
AI provider: when you use AI features, prompts and contextual information are transmitted to our AI vendor to generate responses.
Email delivery: when we send email through our provider (for example Resend), the provider processes recipient addresses and delivery events.

4. Organizer content and player information

Published portals and share links may expose non-sensitive event information to anyone with access to the link. Do not publish data you are not permitted to share.

5. How we use personal information

We use personal information to:

Provide, maintain, improve, and secure the Services;
Create and manage accounts, authenticate users, and enforce role-based access;
Process subscriptions, invoices, and payment-related communications when billing is enabled;
Operate AI-assisted features when enabled for your account tier;
Send transactional and service messages (for example security alerts, receipts, delivery failures);
Provide customer support and respond to inquiries;
Detect, prevent, and respond to fraud, abuse, security incidents, and illegal activity;
Comply with law, enforce our Terms, and protect rights, safety, and property; and
Analyze usage in aggregate or de-identified form to improve the product.

6. Legal bases (EEA, UK, and Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of:

Contract — processing necessary to perform our agreement with you;
Legitimate interests — securing the Services, improving features, preventing abuse, and internal analytics, balanced against your rights;
Consent — where required for specific activities (for example certain cookies or marketing communications, if offered); and
Legal obligation — where we must retain or disclose information to comply with law.

7. How we disclose information

We disclose personal information as follows:

Service providers (subprocessors) who assist us under contractual obligations (see Section 8);
Organizers and players through features you use (for example publishing draws);
Legal and safety when required by law, legal process, or to protect users and the public; and
Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell personal information for money as “sale” is commonly understood in U.S. state privacy laws.

8. Subprocessors

We use the categories of vendors below. Specific vendors and purposes may change; we will update this policy or a linked page for material changes where required.

Category	Examples / purpose
Hosting & infrastructure	Application hosting and serverless execution (for example Vercel or comparable).
Database & authentication	Supabase (account storage, database, authentication).
Payments	Stripe (checkout, billing, fraud prevention).
Email	Resend or comparable transactional email delivery.
AI	OpenAI or other model providers for assistant features.
Analytics (if enabled)	Product analytics vendors if we enable them.

9. International transfers

10. Retention

11. Your privacy rights

11.1 General

11.2 EEA / UK / Switzerland

You may exercise GDPR (or UK/Swiss equivalent) rights by emailing support@drawgen.app. We may verify your request and ask for additional information.

11.3 United States — California and other states

11.4 Canada

If Canadian privacy law applies, you may have rights to access and challenge the accuracy of your personal information. Contact us at the email above.

12. Security

13. Children

14. Third-party links and services

The Services may link to third-party sites or integrate third-party features. Their collection and use of information is governed by their policies, not this one.

15. Changes to this policy

16. Contact

Questions or requests: support@drawgen.app or Contact.