Privacy Policy

Last updated: March 2026

1. Data Controller

The entity responsible for processing your personal data is Widdo Inc., a corporation incorporated under the laws of the State of Delaware, USA. For any inquiries regarding data processing, contact us at hey@widdo.co.

2. Data We Collect

Identity & Contact Data

  • Full name, government ID number, date of birth
  • Email address, phone number, physical address
  • Profile photo (optional)

Club Member Data

  • Player information: name, age, category, position, relevant medical data
  • Parent/guardian information: name, contact, relationship to athlete
  • Coach information: name, specialization, certifications

Payment Data

  • Billing details and payment method (securely processed via certified payment providers)
  • Transaction history and account statements

Usage Data

  • IP address, browser type, device information
  • Pages visited, session duration, navigation patterns
  • Attendance records and in-platform activity

3. Purposes of Processing

  • Service delivery: Manage clubs, players, attendance, schedules, and communications.
  • Billing: Process subscriptions, invoices, and payment collection.
  • Communications: Send service notifications, updates, and support responses.
  • Support: Respond to inquiries and resolve issues.
  • Analytics: Improve the platform based on aggregated usage patterns.
  • Legal compliance: Fulfill tax, regulatory, and legal obligations.
  • Marketing: Send promotional content only with your prior consent; you may opt out at any time.

4. Legal Basis

We process personal data based on the applicable legal framework in your jurisdiction. The following table summarizes the primary data protection laws and supervisory authorities:

CountryApplicable LawAuthority
USACOPPA, CCPAFTC
ColombiaLey 1581/2012SIC
MexicoLFPDPPPINAI
ArgentinaLey 25.326AAIP
BrazilLGPDANPD
ChileLey 19.628Consejo Transparencia
PeruLey 29733APDP
EcuadorLOPDPSPDP
SpainRGPD / LOPDGDDAEPD
UruguayLey 18.331URCDP

Depending on your location, processing may be based on contractual necessity, legitimate interest, legal obligation, or your consent.

5. Data Sharing

We share data only with trusted third-party service providers necessary to operate the platform. We never sell your personal data.

  • Stripe — Payment processing
  • Vercel — Frontend hosting and CDN
  • DigitalOcean — Backend infrastructure and database
  • Resend — Transactional email delivery
  • Google Analytics — Aggregated usage analytics

Each provider is contractually obligated to protect your data and process it only for the stated purposes.

6. Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Hashed and salted passwords (bcrypt)
  • Automated daily backups
  • Role-based access control (RBAC) across the platform
  • Server monitoring and intrusion detection

7. Your Rights by Jurisdiction

USA

  • COPPA: Parental consent is required for children under 13.
  • CCPA (California): Right to know, delete, and opt out of the sale of personal information. Widdo does not sell personal data.

EU / Spain (GDPR)

  • Right of access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, and objection.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with the AEPD or relevant supervisory authority.

Brazil (LGPD)

  • Right of access, correction, anonymization, portability, deletion of unnecessary data, and information about sharing.
  • Right to revoke consent.

Colombia & LATAM (ARCO Rights)

  • Access: know what data we hold about you.
  • Rectification: correct inaccurate data.
  • Cancellation: request deletion of your data.
  • Opposition: object to certain processing activities.

To exercise any of these rights, contact us at hey@widdo.co.

8. Cookies

  • Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Analytics cookies: Google Analytics for aggregated usage statistics. You may opt out via browser settings or the Google Analytics opt-out extension.

9. Data Retention

  • Active account: Data is retained for the duration of your subscription.
  • Billing records: Retained for 5 years to comply with tax and accounting regulations.
  • Usage data: Aggregated and anonymized after the subscription ends.
  • Account deletion: Upon request, personal data is deleted within 30 days, except where retention is required by law.

10. International Data Transfers

Your data may be processed in the United States, where Widdo Inc. is incorporated, or in other countries where our infrastructure providers operate. We apply adequate safeguards — including standard contractual clauses and data processing agreements — to protect your data during international transfers in accordance with applicable law.

11. Minors

Widdo manages data about athletes who may be minors. In the USA, parental consent is required for children under 13 (COPPA). In other jurisdictions, the applicable age threshold is observed. Club administrators are responsible for obtaining and documenting parental consent before registering minors on the platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a new "Last updated" date. For substantial changes, we will notify you via the platform or email.

13. Contact

For privacy-related inquiries or to exercise your data protection rights, contact us at hey@widdo.co.

Widdo Inc. — Incorporated in the State of Delaware, USA.