Privacy Policy

Effective: November 1, 2025

Who we are & Scope

Mufus Software provides reservation apps and tools for sports clubs in Serbia (e.g., padel/tennis/other courts). This Privacy Policy explains how we process personal data in our apps and related support channels.

• Controller. Mufus Software is the controller for the processing described here.

• Clubs. Each club that receives your booking details is an independent controller for its own use of that data (pricing, penalties, facility rules, or any advertising it chooses to run in its own branded app). Clubs must provide their own notices where required.

What we Collect

We minimize data and collect only what’s necessary to run bookings and support you:

• Contact info – full name, mobile phone number, email address.

• User content (optional) – profile photo; messages you send to us or (if enabled) to a club via in-app forms, SMS, or email.

• Booking data – club(s) you book with, court/time/participants, cancellations/no-shows. (If you input teammates’ names/phones/emails, we process those to complete the booking and notify them.)

• Purchases / payment metadata – whether a booking was prepaid or paid on-site. For clubs that use Raiffeisen Bank APIs or another gateway, we receive only payment status/identifiers; we don’t store card numbers.

• Usage data (product interaction) – basic in-app events needed to operate features (e.g., steps to complete a booking, error states).

• Support – your messages and our responses.

We do not collect precise location, contacts, calendar data, advertising IDs, or run third-party advertising SDKs in Mufus Software-controlled builds.

Why we process your data (legal bases)

• Provide the service (contract / legitimate interests): create your account, manage bookings, send confirmations/reminders/changes (SMS/email).

• Payments (contract / legal obligation): pass payment info to the club’s processor or bank and keep necessary records.

• Support & safety (legitimate interests): handle requests; prevent misuse/fraud; enforce bans where terms are violated.

• Compliance (legal obligation): accounting and lawful requests.

Where we rely on consent (e.g., optional photo), you may withdraw it at any time.

Who we share data with

• Clubs you book with – to run your reservation and apply their posted policies.

• Service providers (sub-processors) – only what’s necessary:

  • Hosting: Hostinger — data center: Germany (EEA).

  • Telecom/SMS: mobile carriers and/or our SMS gateway provider(s) for verification codes and service reminders.

  • Payments (club-specific): Raiffeisen Bank or the club’s chosen payment gateway; we receive status/IDs only.

• Authorities/legal – when required by law or to protect rights/safety.

• Change of control – if our business is transferred, your data remains protected under this Policy.

Data Location & Transfers

Data location. We host personal data on Hostinger servers located in Germany (EEA). We process data in Serbia and store it in the EEA.
International transfers. We do not intentionally transfer personal data outside Serbia/EEA. If a transfer outside the EEA ever becomes necessary (e.g., a new vendor), we will use appropriate safeguards (such as the EU Standard Contractual Clauses) and update this Policy.

Clubs that run ads or extra SDKs

Mufus Software does not run ads. If a club adds advertising or marketing SDKs in its own branded app, the club is responsible for those tools, any required consent mechanisms, and its own privacy notice. Where technically possible, we will display an in-app notice naming any ad/marketing SDKs a club has added. Mufus Software does not sell personal data or share it for cross-context behavioral advertising.

Retention

• Account & bookings: kept until you ask us to delete; once verified, we delete within 30 days.

• Payment records/meta: retained only as required by accounting/chargeback rules.

• Support logs: up to 24 months, unless needed longer to resolve a dispute.

Backups follow rolling cycles; deleted data falls out of backups automatically after the cycle. We may retain minimal records (e.g., phone/email and ban flags) where necessary to comply with law, resolve disputes, or enforce bans and prevent fraud.

Your Rights

You may access, correct, delete, object, restrict, and (where applicable) port your data, and withdraw consent.

• How to submit: email contact@mufussoftware.com from your registered email/phone.

• Verification & timing: we may ask for information to verify your identity. We respond within 30 days (we may extend once for complex requests and will tell you why).
  You can also lodge a complaint with Serbia’s Commissioner for Information of Public Importance and Personal Data Protection. We encourage you to write to us first.

Children & Minors

• Serbia: you must be 15+ to use the services on your own; if you are under 15, a parent/guardian must consent.

• U.S. (COPPA): we do not knowingly collect data from children under 13. If you believe we have such data, contact us and we will delete it.
  (Apple’s “13+” content rating does not override the legal age/consent rules above.)

Security

We apply appropriate technical and organizational safeguards (encrypted transport, restricted access, monitoring). No system is 100% secure; we continually improve protections and will notify you when the law requires.

Your Choices

• You can update contact info or remove your optional photo at any time.

• To delete your account, use the in-app option (if available) or email contact@mufussoftware.com; once verified, we’ll delete it within 30 days.

Changes and Updates

We’ll post updates here and, for material changes, notify you in-app or by email before they take effect.