Last updated: April 17, 2026 · Version 1.1 beta
English is the legally authoritative version.
Terminia is a SaaS platform for attendance and member management in sports clubs, schools, and fitness centers. We act as Controller for organization accounts (admins, trainers) and as Processor for the member data that organizations enter into the platform.
Data Controller identity: Terminia is operated from Serbia. A registered legal entity will be established before public launch. For all data protection matters and to exercise your GDPR rights, contact: privacy@terminia.net.
From visitors: IP address, country (offline lookup), browser, pages visited, scroll depth — only after you accept cookies. Purpose: site analytics. Legal basis: consent (Art. 6.1.a).
From admins/trainers at registration: name, email, password (hashed), organization name and type, acceptance timestamp + IP. Purpose: account, authentication, billing, compliance proof. Legal basis: contract (Art. 6.1.b) and legal obligation (Art. 6.1.c).
From organizations on behalf of their members: name, contact, date of birth, parent contact (for minors), attendance, payments, optional photo, optional PIN/QR. Purpose: providing the service the club purchased. Legal basis: contract with the club; the club is responsible for its own legal basis toward members (typically legitimate interest or consent).
We do not sell personal data, use it for advertising, or make automated decisions that significantly affect you.
We use the following sub-processors, each bound by a Data Processing Agreement:
We do not share data with anyone else unless required by law or to protect our rights.
Active account data: while the account is active. Deleted accounts: 30-day recovery window, then permanently deleted. Anonymized member records: aggregated statistics retained; PII permanently erased. Financial records: 5–7 years (tax law). Server, session, and email-delivery logs: 30–90 days. Aggregated analytics: 24 months.
If you are in the EU/EEA (or covered by similar law) you may: access your data, correct it, request erasure, restrict or object to processing, receive it in a portable format (JSON), and withdraw consent at any time.
How to exercise:
Right to complain: you may lodge a complaint with your local data protection authority — see the EDPB list of EU/EEA DPAs — or with the Finnish DPA (where data is hosted) or the Serbian DPA (where Terminia is operated).
Terminia stores data about minors only when the organization (typically a school or sports club) enters it on their behalf. The organization must obtain parental consent before doing so. Where organizations use the in-app consent tool, we record timestamp, IP address, parent name and a signature. Minors do not create their own accounts.
We use HTTPS/TLS in transit, encryption at rest for sensitive identifiers using per-organization keys, password hashing, multi-tenant isolation, parameterized queries, a default-deny firewall, and intrusion detection. In the event of a personal data breach we will notify affected organizations within 72 hours of becoming aware, as required by GDPR Art. 33.
Material changes to this policy will be announced 30 days in advance by email or in-app notice. During beta, minor clarifications may be made without notice; the "Last updated" date reflects the most recent change.
Contact: privacy@terminia.net · info@terminia.net