FACEITSync Branding FACEITSync

Privacy Policy

FACEITSync – Data Protection Information

Status: October 2025

We take the protection of your personal data very seriously. This Privacy Policy explains how FACEITSync processes and protects your data when you use our services, including FACEITSync Premium, Twitch and FACEIT integrations, and all associated web features. We handle your information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Controller

The controller responsible for data processing on this website is:
Ioannis Pavlou
Ringstraße 20, 72119 Ammerbuch, Germany
Email: [email protected]

2. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional website, our FACEITSync services (including FACEITSync Premium), and to fulfill contractual obligations. The legal bases for processing are, in particular:

  • Art. 6(1)(a) GDPR (Consent)
  • Art. 6(1)(b) GDPR (Performance of a contract)
  • Art. 6(1)(f) GDPR (Legitimate interests, e.g. IT security, service optimization)

Where legal obligations apply (e.g., tax retention requirements), processing is based on Art. 6(1)(c) GDPR.

3. Data Collection When Using FACEITSync

3.1 Twitch Integration

When you sign in with your Twitch account, we receive the following data: Twitch ID, username, profile picture, email address, and permissions to manage Predictions. These are required to authenticate your account and provide FACEITSync’s core functions.
Legal basis: Art. 6(1)(b) GDPR (Performance of a contract)

3.2 Steam Integration

When linking your Steam account, we receive your Steam ID. This is used to associate your FACEIT account and retrieve statistics. Legal basis: Art. 6(1)(b) GDPR

3.3 FACEIT Integration

You can alternatively authenticate via your FACEIT account. We receive your FACEIT ID, username, profile data, and gameplay statistics (e.g., ELO, level, match history). These are used solely to provide core features such as ELO display and automatic predictions. Legal basis: Art. 6(1)(b) GDPR

3.4 FACEIT Data

Through the FACEIT API, we process your FACEIT ID, username, level, ELO, K/D ratio, win rate, and match data (e.g., match ID, results, demo URLs). These are used for your statistics, Twitch overlays, and automatic prediction generation. Legal basis: Art. 6(1)(b) GDPR

Important: FACEITSync does not store any passwords. Authentication uses secure OAuth 2.0 (Twitch, Steam, FACEIT). Access tokens are encrypted and used only for the intended purpose.

4. FACEITSync Premium & PayPal Payments

When you purchase a FACEITSync Premium subscription, we process your order, contract, and payment data (e.g., selected plan, duration, transaction ID, status). Payments are processed via PayPal, which acts as an independent data controller under GDPR. We transmit only the data required to complete the payment (e.g., amount, order ID, email address).

Legal basis: Art. 6(1)(b) GDPR (Contract performance), Art. 6(1)(f) GDPR (Fraud prevention), and Art. 6(1)(c) GDPR (Legal obligations). Accounting data is retained for up to 10 years in compliance with tax laws.

5. Email Delivery & Live Chat via Brevo

We use Brevo (formerly Sendinblue) to send transactional and support emails and provide our live chat system. This may include processing your email address, chat messages, IP address, browser data, and timestamps. The purpose is to ensure communication, support handling, and reliable email delivery.

Legal basis: Art. 6(1)(b) GDPR (Communication) and Art. 6(1)(f) GDPR (Customer support). Where applicable, processing may also occur based on your consent (Art. 6(1)(a) GDPR), for example when chat cookies are used.

6. Cloudflare

We use Cloudflare to protect our website against cyberattacks (e.g., DDoS) and to improve performance via a global CDN. Cloudflare may process technical data such as IP addresses, system configuration, and access timestamps. Cloudflare acts as a data processor under Art. 28 GDPR.
Legal basis: Art. 6(1)(f) GDPR (Security & Performance)

7. Server Log Files & Hosting

When visiting our website, certain technical data is automatically recorded (e.g., IP address, timestamp, URL, referrer, user agent). These server logs are used for IT security and troubleshooting and are deleted periodically. Legal basis: Art. 6(1)(f) GDPR

8. Cookies & Local Storage

We use necessary cookies and local storage entries (e.g., session, consent status) to provide essential functionality. Optional tracking or marketing cookies are used only after your consent via the cookie banner.

Legal basis: Art. 6(1)(f) GDPR in conjunction with §25(2) TTDSG (necessary cookies) or Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG (consent).

9. Google Analytics

We use Google Analytics to anonymously analyze user behavior and improve our website. Cookies are used to collect information such as anonymized IP address, device, browser type, session duration, and page views. Data may be transferred to Google servers in the United States.

Legal basis: Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG (consent). You can withdraw your consent at any time through the cookie settings. Google Privacy Policy: policies.google.com/privacy

10. Matomo Analytics

We also use Matomo for privacy-friendly analytics and visitor statistics. Where possible, IP anonymization is applied. Cookies are only used if you have given consent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).

11. Data Retention & Deletion

Personal data is retained only for as long as necessary to fulfill the stated purposes or legal requirements. After deleting your account, personal data is generally erased within 30 days unless retention obligations apply.

12. Recipients & Processors

We engage service providers (e.g., hosting, Cloudflare, Brevo, Google Analytics) who process data solely according to our instructions (Art. 28 GDPR). Data is shared with third parties only where legally required or based on your consent.

13. Data Transfers to Third Countries

If personal data is transferred to recipients in third countries (e.g., the USA – Google, Brevo, Cloudflare), this is done based on appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions.

14. Minors

Our services are intended only for individuals aged 16 or older. Users under 16 may only use FACEITSync with the consent of a parent or legal guardian.

15. Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy if our services or legal requirements change. The latest version is always available on our website.

17. Contact

For any questions regarding the collection, processing, or use of your personal data, please contact:
Ioannis Pavlou
Email: [email protected]