This Privacy Policy explains what BTop collects, why, and what we do with it. We keep this honest and short. Questions? Email hello@btop.app.
BTop is operated by Mahadik Digital. We are the data controller for the information described below.
The short version
- We collect what we need to run tournaments — your email, venue name, and the player names and match results you enter.
- We use Stripe for payments. We never see your card number.
- We don't sell your data. We don't run third-party ad networks.
- You can request an export or deletion of your data at any time.
1. What we collect
| Category | What it is | Why we have it |
|---|---|---|
| Operator account | Email, password (hashed), venue name, slug, signup date. | Sign in, send service emails, identify your venue. |
| Tournament data | Tournament names, settings, player names, match results, bracket state. | Run the tournament. Display the live bracket. |
| Payment records | Stripe customer ID, transaction ID, amount, date, token type. | Receipts, refunds, tax compliance. |
| Server logs | IP address, user agent, request path, error traces (via Sentry). | Debug crashes, prevent abuse. Retained 30 days. |
| Newsletter signups | Email + signup timestamp (footer form only). | Product updates. One-click unsubscribe in every email. |
| Support chat | Messages via Crisp chat widget. | Answer your support questions. |
We do not collect player accounts, card numbers, location data, device IDs, or third-party ad tracking.
2. Cookies and analytics
BTop sets first-party cookies for sign-in and CSRF protection. We use Plausible for privacy-respecting, cookieless analytics. We do not use Google Analytics, Facebook Pixel, or any cross-site tracking.
3. Service providers
- Supabase — database, auth, file storage.
- Stripe — payment processing.
- Railway — application hosting.
- Sentry — error tracking (PII scrubbed from request bodies).
- Crisp — support chat.
- Plausible — anonymous, aggregated analytics.
- Google Fonts / Cloudflare CDN — font and asset delivery.
4. The public TV view
The active tournament bracket and player names are published at a public URL (btop.app/tv/<your-slug>) so the bar can watch the bracket live. Anything you enter as a player name will be visible on this public URL.
5. Data retention
- Active accounts: while the account is open.
- Deleted accounts: removed within 30 days of request.
- Payment records: retained 7 years (tax law), even after deletion.
- Server logs: 30 days unless tied to a security incident.
6. Your rights
You have the right to access, correct, or delete your data; object to processing; or lodge a complaint with your local data protection authority. Email hello@btop.app — we respond within 30 days.
7. Children
BTop is not directed at children under 13. If you believe a child has signed up, email us and we'll remove the account.
8. Security
HTTPS everywhere, hashed passwords (Supabase Auth), least-privilege database access, Stripe-tokenized card handling. We don't store card numbers on our servers.
9. Changes
If we make material changes we'll email registered operators and post a notice here for at least 30 days.
10. Contact
hello@btop.app — a real human reads it.