SILRYU Sign in
Privacy

Privacy notice

Last updated: 1 January 2026

This notice explains what personal data Silryu collects when you and your athletes use the platform, how we use it, who can see it, and the rights you have over it. We follow GDPR by design — privacy is not a footnote in our product, it is part of the product.

Who controls your data

Silryu Lda. (Lisbon, Portugal) is the data controller for visitor and account data. For data your club uploads about its athletes, your club is the controller and Silryu is the processor under a Data Processing Agreement that ships with every plan.

What we collect

When you sign up: name, email, phone (optional), club role. When your club operates: athlete records (name, birth date, belt, attendance), parent records (name, contact), session photos (with EXIF stripped), billing details, and audit logs of staff actions. Browser fingerprint and IP are kept for 30 days for security and fraud prevention only.

Why we are allowed to process data

Account data: contract performance (Art. 6(1)(b) GDPR). Athlete records: legitimate interest of the club, with explicit parental consent for minors. Marketing emails: opt-in only. Cookies: essential cookies do not require consent; functional cookies are opt-in via the consent banner.

How long we keep data

Active club data is kept while your subscription is active. After cancellation, full export is available for 30 days, then the database is purged. Payment records are kept for 10 years to meet tax law. Audit logs roll off after 2 years. Session photos older than 5 years are automatically deleted unless your club opts to keep them.

International transfers

All personal data lives in our Frankfurt (EU) data centre. We do not transfer athlete data outside the European Economic Area. Some sub-processors (Stripe, SendGrid, Twilio) may process data in the United States under Standard Contractual Clauses; the full list with locations is in our DPA.

Your rights

You can request access (Art. 15), correction (Art. 16), deletion (Art. 17), portability (Art. 20), restriction (Art. 18) and object to processing (Art. 21) — all from the dashboard, or by emailing [email protected]. We answer within 30 days. You can also lodge a complaint with your national data protection authority (CNPD in Portugal).

Data Protection Officer

Email [email protected]. Replies within 5 business days. For urgent requests, write URGENT in the subject and we will reply within 24 hours.

How we update this notice

Material changes are emailed to all account owners 30 days in advance and are highlighted with a banner inside the app. Minor wording changes are tracked at the bottom of this page; older versions are kept on request.