Privacy Policy
Last updated: 8 June 2026
Who we are
matday is an attendance and membership management application for Brazilian jiu-jitsu academies, operated from Portugal. If you have questions about this policy, contact us at hello@matday.app.
What we collect and why
Account information
When you create an account, we collect your email address and the display name you choose. This is used to identify you within the app and to communicate with you about your account.
Your email address is also used to send one-time verification codes for account confirmation and password reset.
Profile information
You may optionally upload a profile photo. This is stored securely and displayed to members of academies you belong to or manage.
Academy information
If you create an academy, we store the academy name and any logo image you upload.
Membership and attendance data
We store records of which academy you belong to, your membership status, class session registrations, and attendance check-ins. Academy owners can view this data for their own academy.
Training logs
If you log training sessions, we store the details you enter. This data is private to your account.
Academy referral requests
If you submit a request for an academy to join matday, we store the academy name, optional location, and any contact information you choose to provide (such as an email address or social media handle for the academy). This information is used solely to reach out to the academy on your behalf. It is not shared publicly or used for any other purpose.
Push notification tokens
With your permission, we store a push notification token for your device. This is used solely to send you notifications relevant to your membership — such as membership approval or new member requests (for owners). We do not use push tokens for marketing.
Analytics
We use PostHog to understand how the app is used. PostHog collects anonymised event data such as feature interactions and navigation patterns. No personally identifiable information — such as your name, email, or academy name — is included in event properties. Analytics data helps us improve the product.
Legal basis for processing (GDPR)
| Data | Legal basis |
|---|---|
| Account and profile information | Contract — necessary to provide the service |
| Membership and attendance data | Contract — core function of the service |
| Training logs | Contract — you create this data to use the service |
| Academy referral request data | Consent — you voluntarily submit this information |
| Push notification tokens | Consent — we request permission before collecting |
| Analytics data | Legitimate interest — improving the product |
| Anonymised attendance records retained after account deletion | Legitimate interest — preserving academy attendance history integrity |
You may withdraw consent for push notifications at any time in your device settings. This will not affect your ability to use matday.
How long we keep your data
Account, profile, and membership data is retained for as long as your account is active. If you delete your account, your personal data is deleted within 30 days, except where we are required to retain it by law.
Attendance records (class registrations and check-ins) are anonymised rather than deleted when you delete your account. The anonymised records retain no link to your identity and are kept to preserve the integrity of academy attendance history.
Push notification tokens are deleted when you sign out or when your device token is refreshed.
Anonymised analytics data is retained per PostHog's default retention policy.
Who we share your data with
We use the following third-party processors to operate the service:
| Processor | Purpose | Region |
|---|---|---|
| Supabase | Database and authentication hosting | EU (where available) |
| Resend | Transactional email delivery (account confirmation and password reset) | EU |
| Expo / EAS | App build and push notification delivery infrastructure | US |
| PostHog | Product analytics | EU (EU Cloud) |
| Apple (iOS) / Google (Android) | Push notification delivery | Global |
We do not sell your data. We do not share it with any party not listed above, except where required by law.
Your rights under GDPR
As a resident of the EU or EEA, you have the right to:
- Access —the personal data we hold about you
- Rectify —inaccurate data
- Erase —your data (right to be forgotten)
- Restrict —processing in certain circumstances
- Object —to processing based on legitimate interest
- Portability —receive your data in a structured, machine-readable format
To exercise any of these rights, email hello@matday.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Portuguese data protection authority, the CNPD (Comissão Nacional de Proteção de Dados), at www.cnpd.pt.
Children
matday is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us at hello@matday.app and we will delete it promptly.
Security
We use industry-standard measures to protect your data, including encrypted connections (TLS), row-level security on our database, and access controls that limit which users can read which data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated via the app or by email. The date at the top of this page reflects when the policy was last updated.
Contact
Questions or requests regarding your data: hello@matday.app