Legal · Privacy
Privacy Policy
How LUT Wrestling collects, uses, and protects your personal information.
Last updated: April 17, 2026 · Effective: April 17, 2026
1. Introduction & Identity of the Data Controller
LUT Wrestling / LambConnect ("we", "our", "us") operates the LUT Wrestling mobile application (the "App") available on iOS and Android. This Privacy Policy explains, in accordance with GDPR Article 13 and 14, what personal data we collect, why we collect it, the legal basis for processing, your rights, and how to exercise them.
By using the App, you confirm you have read and understood this policy. If you do not agree, please stop using the App and delete your account.
Data Controller:
LUT Wrestling / LambConnect
Email: privacy@lutwrestling.sn
Support: support@lutwrestling.sn
Website: https://lutwrestling.com
2. Data We Collect
2.1 Data You Provide Directly
- Account registration: username, email address, password (stored as a one-way hash — never in plain text), optional profile photo
- Wrestler profile: fighting name, weight category, fight record, biography, photos and videos you choose to upload
- Promoter / Sponsor data: company or organisation name, contact email, event listings, sponsorship details
- Voting activity: fight selection and vote cast (one per active fight per account)
- Community content: comments and reactions you post
- Support communications: the content of messages you send to our support team
2.2 Data Collected Automatically
- Usage data: features accessed, pages viewed, buttons tapped, in-app navigation path
- Device identifiers: IDFA (iOS) or GAID (Android), device model, OS version, app version
- Network data: IP address, connection type (Wi-Fi / mobile data)
- Log data: date and time of access, crash reports, error logs, session duration
- Performance metrics: loading times, feature response times (anonymised)
2.3 Location Data
- Coarse location (city / region level) may be inferred from IP address to surface nearby events — this is not stored
- Precise GPS location is only requested if you explicitly enable the event-locator feature; it is processed in-session only and never stored on our servers
2.4 Data Categories (Apple App Privacy / Google Data Safety)
For transparency with Apple App Store and Google Play Store requirements, here is a mapping of our data collection:
| Category | Data types collected | Purpose | Linked to identity? |
|---|---|---|---|
| Contact Info | Email address, username | Account creation, authentication | Yes |
| Identifiers | User ID, device ID (IDFA/GAID) | Analytics, crash reporting | Yes (User ID) / No (Device ID) |
| Usage Data | Product interactions, in-app navigation | App improvement, personalisation | No (anonymised) |
| Location | Coarse location (city level) | Local event discovery | No |
| User Content | Photos, videos, comments (optional) | Wrestler profile, community | Yes |
| Diagnostics | Crash data, performance data | App stability | No (anonymised) |
We do not collect: financial information, health data, sensitive categories of personal data, contacts list, calendar data, microphone audio, camera data, or browsing history outside the App.
3. Legal Basis for Processing (GDPR Article 6)
| Processing activity | Legal basis |
|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) |
| Processing votes on fights | Contract performance (Art. 6(1)(b)) |
| Improving the App (analytics) | Legitimate interests (Art. 6(1)(f)) |
| Fraud detection and security | Legitimate interests (Art. 6(1)(f)) |
| Marketing notifications | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Legal compliance / dispute resolution | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
- Create and maintain your account
- Record and process your votes on fights
- Display wrestler profiles and event listings
- Personalise event and content recommendations
- Send push notifications about fights and events (opt-out via Settings → Notifications)
- Improve App performance, features, and stability
- Detect and prevent fraud, abuse, and security threats
- Comply with applicable laws and regulations
- Respond to support and data subject requests
We do not use your data for automated decision-making or profiling with legal or significant effects.
We do not sell your personal data to any third party.
5. Third-Party Service Providers
We share data with the following categories of service providers under strict data processing agreements. They may only use your data to provide services to us:
| Provider category | Purpose | Data shared |
|---|---|---|
| Cloud hosting (servers) | App infrastructure and data storage | Account data, app content |
| Crash & error reporting | App stability (anonymised crashes) | Device type, OS version, error logs (no PII) |
| Analytics | Understand usage patterns (anonymised) | Aggregated session data (no PII) |
| Push notifications | Deliver in-app notifications | Device token (no personal data) |
| Email delivery | Account verification, password reset | Email address only |
We also disclose data to law enforcement or courts when legally required by a valid order or court decision.
6. International Data Transfers
Our servers and some service providers may be located outside your country of residence. When we transfer personal data outside the European Economic Area (EEA), we use one or more of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Binding corporate rules where applicable
7. Data Retention Periods
| Data type | Retention period | Reason |
|---|---|---|
| Account profile data | Until account deletion + 30 days | Contract performance |
| Voting history (linked) | Until account deletion + 30 days | Contract performance |
| Vote aggregates (anonymised) | Indefinite | Statistical integrity of fight results |
| Location data | Session only — never stored | Minimal data principle |
| Analytics data | 13 months, then deleted | Industry standard analytics window |
| Crash / error logs | 90 days | App stability debugging |
| Support communications | 2 years | Legal compliance, fraud prevention |
| Legal / compliance records | 7 years | Statutory obligations |
8. Your Rights (GDPR Article 15–22)
If you are located in the European Union or European Economic Area, you have the following rights:
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your personal data — see our Data Deletion page
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests or direct marketing
- Right to restriction (Art. 18): Request that we restrict processing in specific circumstances
- Right to withdraw consent (Art. 7): Withdraw consent for notification and marketing at any time via Settings → Notifications
To exercise any right: email privacy@lutwrestling.sn with subject "Data Subject Request" or use Settings → Account → Privacy in the App. We will respond within 30 days (extendable by 2 months for complex requests with notice).
You have the right to lodge a complaint with your supervisory authority — e.g. CNIL (France), ICO (United Kingdom), or the relevant national authority in your country.
9. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to delete: Request deletion of your personal information
- Right to opt-out of sale or sharing: We do not sell or share personal information for cross-context behavioural advertising
- Right to non-discrimination: We will not discriminate against you for exercising these rights
To exercise CCPA rights, contact privacy@lutwrestling.sn.
10. Account Deletion
If you create an account, you can delete it at any time directly from the App via Settings → Account → Delete Account. You can also request deletion by email without logging in — see our Account & Data Deletion page for full instructions.
11. Children's Privacy
The App is intended for users 13 years of age or older (16 in EU / EEA jurisdictions under GDPR). We do not knowingly collect personal data from children below these ages. If you believe we have inadvertently collected such data, contact privacy@lutwrestling.sn immediately and we will delete it promptly.
12. Security Measures
- All data transmitted between the App and our servers uses TLS 1.2 or higher encryption
- Passwords are stored using bcrypt (one-way hashing) — we never store plain-text passwords
- Access to personal data is restricted to authorised personnel on a need-to-know basis
- We conduct regular security audits and vulnerability assessments
- In the event of a data breach that risks your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33–34
13. Third-Party Links
The App may contain links to third-party websites. We are not responsible for their privacy practices. Review their policies before providing personal data.
14. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated at least 14 days in advance via email or in-app notification. The "Last Updated" date reflects the most recent revision. Continued use after the effective date constitutes acceptance.
15. Contact & Data Subject Requests
Privacy / data subject requests: privacy@lutwrestling.sn
General support: support@lutwrestling.sn
Data Deletion: Account & Data Deletion page
Help Center: Support