Privacy Policy

Who we are

Sabra is a club-management platform. The fencing club whose instance you are using is the data controller for the personal data processed about you. LAbra Soft provides and operates the software on the club's behalf as a data processor.

If you have any question about this policy or your data, contact your club, which can reach the software provider where needed.

What data we process

Account data: your name, email address, and a securely hashed password (or a Google sign-in identifier if you use Google).

Profile data: athlete, coach, or parent profile details, which may include date of birth, medical-certificate validity, federation-licence details, and physical attributes relevant to training.

Club operational data: group membership, schedules and attendance, fees and payment status, development records, competition registrations, and private-lesson bookings.

Communications: in-app messages, notifications, and any support tickets you submit about Sabra itself.

Children's data: for athletes under 16, profile data is processed only after a parent or guardian records explicit consent.

Why we process it and our legal bases

To provide the club-membership service you or your club have requested — performance of a contract (GDPR Art. 6(1)(b)).

To meet legal and regulatory obligations, such as record-keeping — legal obligation (Art. 6(1)(c)).

To process a minor's personal data — consent of the holder of parental responsibility (Art. 6(1)(a) and Art. 8).

To send optional email notifications you have opted into — consent, which you can withdraw at any time in your profile.

To keep the service secure and operational — our legitimate interests (Art. 6(1)(f)).

Children's data

Athletes under 16 do not get accounts created directly. A parent or guardian is invited to the app, records GDPR consent for the named child, and then grants the child access where appropriate. Consent can be withdrawn, and the parent can manage the child's data.

Who we share data with

We use a small number of processors to run the service: an email provider (Mailjet) for transactional email; Google for optional sign-in; and a cloud host (DigitalOcean) for hosting and file storage within the European Union.

We do not sell your personal data, and we do not use it for advertising.

International transfers

Your data is hosted within the European Union. Where a processor needs to transfer data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

How long we keep it

We keep your data for as long as you are a member of the club and for any further period required by law (for example, financial record-keeping). Audit logs and support tickets are retained for operational and legal purposes and then deleted or anonymised.

Your rights

You have the right to access your data and to ask for it to be corrected, erased, restricted, or provided in a portable format. You can object to certain processing and withdraw any consent you have given.

To exercise these rights, contact your club as the controller. You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro).

How we protect your data

We encrypt data in transit, restrict access on a need-to-know basis, keep each club's data isolated, and record an audit trail of changes. No system can be guaranteed perfectly secure, but we take appropriate technical and organisational measures.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will make the updated version available here and, where appropriate, ask you to acknowledge it again.