Skip to content
Legal

Privacy Policy

Last updated: May 13, 2026

1. Overview

IT-Lampe, owned by Emmanuel Lampe, operates the Scrimora.app website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services, in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

The data controller responsible for processing your personal data is:

IT-Lampe
Owner / Inhaber: Emmanuel Lampe
Rotenwaldstr. 104
70197 Stuttgart
Germany

For additional provider information, see our Imprint. For data protection inquiries, please contact us at [email protected].

3. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), profile information, login history, and linked account information
  • Team data: team name, roster information, champion pools, coaching notes, availability, schedules, scrims, compositions, match statistics, and team settings
  • Connected account data: provider name, provider user ID, provider email, display name, avatar URL, verification status, provider metadata, and when the linked account was last used
  • Riot account and game data: Riot ID, region, PUUID, summoner ID, rank snapshots, sync status, imported match data, and statistics derived from Riot data or files you upload
  • Usage and analytics data: pages visited, features used, product events, approximate technical context, referrer information, and interactions with the platform
  • Technical data: IP address, browser type, device information, operating system, log data, error reports, and security events
  • Billing data: billing email, Stripe customer and subscription IDs, selected plan, subscription status, billing interval, invoices, and related accounting records. Card numbers and payment method details are handled by Stripe
  • Communication data: support requests, feedback, and correspondence, including messages sent through email or Discord support channels

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Art. 6 GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our services, manage your account, and fulfill our contractual obligations.
  • Legitimate interest (Art. 6(1)(f)): Product analytics, error monitoring, service improvement, abuse prevention, security, and keeping the platform reliable.
  • Consent (Art. 6(1)(a)): Optional cookies, marketing communications, and optional account connections where consent is the appropriate legal basis.
  • Legal obligation (Art. 6(1)(c)): Tax and accounting requirements, legal proceedings, and regulatory compliance.

5. Cookies & Tracking

We use cookies and similar technologies to operate our platform. Essential cookies are required for core functionality such as authentication and session management, security, preferences, and remembering your selected appearance.

We use a self-hosted Umami instance for analytics. It helps us understand which pages are visited and which product events happen, so we can improve Scrimora. Umami may receive page URLs, referrer information, browser and device information, IP address data processed by the analytics service, and event metadata such as route names, team identifiers, and feature usage.

Our cookie banner lets visitors save preferences for optional analytics and marketing categories. At the moment, it stores those preferences locally in your browser. It does not control every server-side log, security event, or product event that is necessary for operating and improving the service. You can also limit tracking through your browser settings.

6. Data Sharing & Third Parties

We may share your data with the following categories of recipients:

  • Payment processing: Stripe processes checkout, billing portal, subscription, invoice, payment, tax, and fraud prevention data. We store Stripe identifiers and subscription status so we can manage plans and billing access.
  • Login providers: Google and Discord may be used to sign in or link an account. When you use them, we receive the identity data needed for that login flow, such as your provider user ID, email address, name, avatar, and verification status.
  • Discord integrations: If a team enables Discord features, we may process Discord webhook URLs, Discord user IDs, server installation data, channel IDs, and notification settings to send team updates or support the official Scrimora Discord integration.
  • Riot Games data: When you save a Riot account or import match data, we use Riot account identifiers and match data to sync ranks, parse games, and show statistics for your team.
  • Hosting & infrastructure: Our servers and cloud infrastructure providers process data to deliver our services.
  • Analytics: Umami is used for website and product analytics. Our Umami deployment is self-hosted for Scrimora.
  • Error monitoring: Sentry helps us find and fix errors. Error reports may include stack traces, browser and device details, URLs, release and environment information, and related technical context. We configure browser error tracking not to send default personal information automatically.

We do not sell your personal data. Any data transfers outside the EU/EEA are safeguarded by appropriate measures such as Standard Contractual Clauses (SCCs) per Art. 46 GDPR.

7. Data Retention

We retain your personal data only as long as necessary for the purposes stated in this policy, or as required by law. Account data is retained for the duration of your account and is deleted or anonymized within 30 days after account deletion unless we need to keep it for security, billing, legal, or abuse prevention reasons. Connected account records are kept while the account is linked. Team data is kept while the team workspace exists, subject to deletion requests and legal retention duties. Financial records are retained for 10 years in accordance with German tax law (§ 147 AO).

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18): Request restricted processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.

To exercise your rights, email us at [email protected]. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS/SSL), hashed passwords, access controls, and regular security reviews. Despite our efforts, no method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "last updated" date. Continued use of the platform after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related inquiries, contact us at [email protected].

← Back to Home