Personal Data Processing Policy
Operator: Individual Entrepreneur (Sole Proprietor) Dmitrii Tunguskov, registered in the Republic of Armenia.
Registration number: 286.1578794.
Legal address: Armenia, Yerevan, Arabkir district, Zaryan Street 22A SH PH / D:0051.
Email: info@rabbitmatch.pro.
Effective date: 01.01.2026.
Last updated: 28.05.2026.
1. General Provisions
1.1. This Personal Data Processing Policy (the "Policy") determines the procedure for collecting, using, storing, transferring, protecting, and deleting personal data of users of the RabbitMatch application (the "Application").
1.2. This Policy applies to all users of the Application regardless of their country of residence, if personal data are processed by the Operator in connection with the use of the Application, the web version, the Telegram Mini App, and related services and features.
1.3. This Policy has been prepared taking into account the applicable requirements of the laws of the Republic of Armenia, Georgia, Kazakhstan, and other countries of presence, as well as the countries from which Users access the Application, to the extent such laws are applicable.
1.4. If the laws of a particular jurisdiction require a stricter standard for personal data processing than this Policy, the mandatory requirements of such law shall prevail.
1.5. Use of the Application and/or provision of personal data means that the User has reviewed this Policy, but this does not by itself replace consent where consent is required by law.
2. Definitions
2.1. Personal data means any information relating to an identified or identifiable natural person.
2.2. Processing of personal data means any operation or set of operations performed on personal data, including collection, recording, organization, storage, updating, use, transfer, anonymization, blocking, deletion, and destruction.
2.3. Operator means Individual Entrepreneur (Sole Proprietor) Dmitrii Tunguskov, who determines the purposes and means of processing personal data.
2.4. User means a natural person using the Application.
2.5. Public data means data that the User has made available to an indefinite or broad circle of persons within the Application's functionality.
2.6. Special categories of data mean data relating to race, nationality, political opinions, religion, philosophical beliefs, trade union membership, health, sexual life, biometric data, and other sensitive data, if such categories apply under the law.
3. Operator Details
3.1. Full Operator details:
• Individual Entrepreneur (Sole Proprietor) Dmitrii Tunguskov;
• registration number: 286.1578794;
• address: Armenia, Yerevan, Arabkir district, Zaryan Street 22A SH PH / D:0051;
• email: info@rabbitmatch.pro.
3.2. Requests regarding personal data should be sent to the email specified in clause 3.1.
4. Categories of Data
4.1. Depending on how the Application is used, the Operator may process:
• Telegram ID;
• username;
• first and last name;
• profile photo;
• email;
• phone number, if provided;
• date of birth, if provided;
• gender and game level, if indicated in the profile;
• information about matches, tournaments, ratings, community participation;
• technical data, including IP address, device ID, device type, operating system, language, app version, access time;
• cookies, local storage, session storage, and similar identifiers for the web version and Telegram Mini App;
• payment data to the extent necessary to process payment through a payment provider;
• support requests, complaints, and messages sent to the Operator.
4.2. The Operator is not required to collect all listed data from every User; the scope depends on the specific functionality and account settings.
4.3. The Operator does not intentionally collect special categories of personal data unless the User discloses such data in content or the law requires it. If such data are processed, enhanced security measures and legal bases required by law apply.
5. Data Sources
5.1. The Operator receives personal data:
• from the User;
• from Telegram during authentication via Telegram;
• from Google or Apple, if the respective authentication method is used;
• from payment providers;
• from hosting, analytics, and infrastructure services;
• automatically when the Application is used;
• from other users, if the data were entered into shared match, tournament, rating, booking, or messaging functionality;
• from publicly available sources, if permitted by law and by the Application's functionality.
5.2. If the User provides data relating to third parties, the User confirms that there is a lawful basis for such transfer and agrees to indemnify the Operator for losses if the disclosure violates third-party rights.
6. Purposes of Processing
6.1. The Operator processes personal data for the following purposes:
• creating and managing an account;
• authentication and authorization;
• ensuring the operation of matches, tournaments, ratings, profiles, communities, and bookings;
• identifying the User and preventing fraud;
• providing support and responding to requests;
• notifications about matches, tournaments, changes to terms, security, and service operation;
• processing payments, subscriptions, refunds, and financial accounting;
• analytics, product improvement, and bug fixing;
• ensuring security, detecting abuse, and investigating incidents;
• complying with legal requirements, tax accounting, and protection of the Operator's rights;
• marketing messages, if the User has given separate consent;
• displaying a public profile, rating, and statistics, if this feature is enabled by the User or provided by the Application's rules.
6.2. The Operator does not use personal data for purposes incompatible with those stated in this Policy unless otherwise permitted by law.
7. Legal Grounds
7.1. Depending on the jurisdiction and the type of data, the Operator may process personal data on the following grounds:
• the User's consent;
• performance of a contract or provision of the service at the User's request;
• compliance with legal obligations;
• the Operator's legitimate interest, provided it does not override the User's rights and freedoms;
• protection of the vital interests of the User or third parties;
• exercise of the Operator's legal rights and claims;
• other grounds expressly provided by applicable law.
7.2. Where consent is required, it must be separate, informed, specific, and voluntary.
7.3. The User may withdraw consent where processing is based on consent, but this does not affect the lawfulness of processing before withdrawal.
7.4. If processing is necessary for contract performance, withdrawal of consent does not stop processing if the Operator has another lawful basis to continue it.
8. Processing within the Application
8.1. When registering through Telegram, the Operator may receive Telegram ID, username, first name, last name, and profile photo to the extent available through the relevant API.
8.2. When registering through email and password, the Operator may process email, password in hashed form, and technical data necessary for authentication and account protection.
8.3. When using Google or Apple authentication, the Operator may receive account identifiers, email, and user name to the extent permitted by the relevant provider.
8.4. When creating games, matches, tournaments, ratings, and profiles, data may be shown to other users within the Application's functionality.
8.5. When using the Telegram Mini App and the web version, the Operator may use technical identifiers and cookie-like technologies for session management, security, and analytics.
9. Public Data
9.1. The User may see some of their data in the Application as public data if this is necessary for the operation of ratings, profiles, matches, tournaments, and communities.
9.2. Public data may include name, username, photo, rating, match statistics, community membership, city, game level, and other data that the User has made available or that are displayed by the Application's functionality.
9.3. The User understands that publicly displayed data may be accessible to other users and may be retained by them outside the Application to the extent permitted by law and technically possible.
9.4. The User may restrict the publicity of certain data if such functionality is provided by the Application.
10. Disclosure to Third Parties
10.1. The Operator may transfer personal data to:
• payment providers;
• hosting providers;
• analytics services;
• notification services;
• Telegram;
• Google and Apple, if their authentication services are used;
• contractors who help maintain and develop the Application;
• public authorities, if required by law.
10.2. The Operator transfers only the amount of data necessary for the specific purpose.
10.3. Where required, the Operator seeks to use contractual and technical measures to protect data when dealing with third parties.
10.4. Key providers for data processing are Railway, GitHub, Expo, Firebase, CloudeFlare, Sentry, Google Analytics, Yandex Analytics, and Apple.
11. Cross-Border Transfer
11.1. Personal data may be transferred and processed outside the User's country of residence if this is necessary for the operation of the Application.
11.2. In cross-border transfers, the Operator takes the measures required by applicable law, including contractual safeguards, adequacy assessment, consent where required, and other security measures.
11.3. For Armenia, cross-border transfer is permitted with the data subject's consent or on other grounds provided by law and where an adequate level of protection exists; for certain destinations, approval or another procedure may be required.
11.4. For Georgia, cross-border transfer is permitted in compliance with the requirements on an adequate level of protection or other safeguards provided by law.
11.5. For Kazakhstan, requirements on localization, cross-border transfer, security, and breach notification must also be taken into account.
12. Retention Periods
12.1. The Operator stores personal data no longer than necessary for the purposes of processing, unless a longer period is required by law, contract, or to protect the Operator's rights.
12.2. General retention periods may depend on the category of data:
• account data — while the account is active and for a reasonable period after deletion for dispute resolution, security, and recordkeeping purposes;
• payment and accounting data — for the periods required by law;
• technical logs — for the period necessary for security, diagnostics, and incident prevention;
• marketing data — until consent is withdrawn or the purpose is achieved;
• correspondence and support requests — for the period necessary to review, protect rights, and maintain records of requests.
13. User Rights
13.1. Depending on applicable law, the User may have the right to:
• obtain information about what data are processed;
• request access to their data;
• request correction of inaccurate or incomplete data;
• request deletion of data where there are lawful grounds;
• request blocking or restriction of processing;
• object to processing for marketing purposes;
• withdraw consent;
• receive a copy of the data or data portability, where provided by law;
• complain about the Operator's actions to the competent authority and/or a court.
13.2. The Operator reviews requests within the period established by applicable law, and if no period is defined by law, within a reasonable time, usually up to 30 days.
13.3. To confirm identity, the Operator may request additional information if necessary to protect data and prevent unauthorized access.
14. Data Security
14.1. The Operator applies organizational and technical measures to protect personal data, including access restriction, encryption, logging, backup, access rights control, and incident monitoring.
14.2. The Operator takes reasonable measures to protect data from loss, unauthorized access, alteration, disclosure, or destruction.
14.3. If the Operator uses contractors, it seeks to enter into confidentiality and data protection agreements with them.
15. Breach Notification
15.1. In the event of an incident that may affect personal data, the Operator will take reasonable steps to contain, investigate, and remediate it.
15.2. If the law requires notification of users or regulators, the Operator will make such notification within the time and in the manner required by applicable law.
15.3. For Armenia and Georgia, the notification deadlines and procedure may differ depending on the nature of the incident and its consequences; if necessary, the Operator will notify the relevant authority and/or Users.
15.4. For Kazakhstan, special breach-notification requirements may also apply.
16. Marketing and Communications
16.1. Marketing messages, including news, promotions, tournaments, and offers, are sent only if there is separate consent where required by law.
16.2. The User may withdraw from marketing messages at any time through the Application settings, an "Unsubscribe" link in the message, or by contacting the Operator by email.
16.3. Refusing marketing messages does not affect access to the Application's core functionality.
17. Cookies and Similar Technologies
17.1. The Operator may use cookies, local storage, session storage, and similar technologies for the website, Mini App, authentication, security, analytics, and service improvement.
17.2. Necessary technologies are used for service operation, while analytical and marketing technologies are used only to the extent permitted by applicable law and, where required, only with the User's consent.
17.3. More detailed rules are set out in the separate Cookie Policy.
18. Children
18.1. The Application is intended for persons aged 18 and older, unless otherwise expressly permitted by separate rules or law.
18.2. If the Operator receives data of a minor without proper legal basis, it may take steps to restrict access, delete the data, and request confirmation of a lawful basis for processing.
19. Amendments to This Policy
19.1. The Operator may amend this Policy.
19.2. The new version takes effect from the moment of publication, unless a different date is specified separately.
19.3. If the changes are material, the Operator will notify users in the Application and/or by email.
20. Contact
20.1. For questions regarding personal data processing, the User may contact the Operator by email at info@rabbitmatch.pro.
20.2. All data subject requests are recommended to include the email address of the account, Telegram ID, or other details that allow the account to be identified.
21. Final Provisions
21.1. This Policy remains in force until replaced by a new version.
21.2. In case of conflict between language versions, the version designated by the Operator as the principal version shall prevail.
21.3. This Policy applies together with the User Agreement, Cookie Policy, Subscription Terms, Refund Policy, and Booking Rules.
Delete your RabbitMatch account.
You can delete your account and associated personal data at any time.
In the app: open RabbitMatch, sign in, go to Profile → Settings → Delete account, and confirm. Deletion is immediate.
What is deleted:
– your name,
– email address,
– profile photo, and Telegram/Google/Apple sign-in links are permanently erased.
What is kept (anonymized): an anonymized record of your match and tournament participation (without your name or contacts) may be retained so other players' history and statistics stay intact. You cannot be identified from it.
No app access? Email info@rabbitmatch.pro asking to delete your account; we will erase your data within 30 days.