Privacy Policy

Last Updated: February 20, 2026

1. Introduction

CombatForge ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information in compliance with GDPR (EU) and other applicable laws.

2. Information We Collect

2.1 Personal Information

  • Name and contact details (email, phone)
  • Account credentials (QR codes, encrypted passwords)
  • Training data (attendance, belt rank, progress)
  • Payment information (processed by Stripe, not stored by us)
  • Uploaded videos (technique demonstrations)

2.2 Technical Information

  • Device type and browser
  • IP address (anonymized)
  • Usage analytics
  • Nostr public keys (for messaging)

3. How We Use Your Information

PurposeLegal Basis
Provide the ServiceContract performance
Process paymentsContract performance
Send notificationsLegitimate interest
Improve the ServiceLegitimate interest
Comply with lawsLegal obligation

4. Data Storage and Security

  • Location: EU (Germany) via Neon PostgreSQL
  • Encryption: All data encrypted in transit (TLS) and at rest
  • Backups: Daily encrypted backups
  • Retention: Data kept while account is active, deleted 30 days after account closure

5. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, email: privacy@dojopop.com

6. Data Sharing

We do NOT sell your data. We share data only with:

  • Service providers (hosting, payment processing)
  • Legal authorities when required by law
  • Other users (only what you choose to share publicly)

7. Third-Party Services

We use these third-party services:

  • Neon (database hosting)
  • Stripe (payment processing)
  • Resend (email delivery)
  • Nostr relays (decentralized messaging)

Each has their own privacy policies.

8. Cookies and Tracking

We use minimal cookies:

  • Essential cookies: Session management, authentication
  • Analytics: Anonymous usage statistics

You can disable non-essential cookies in your browser.

9. Children's Privacy

  • Users under 13 are not permitted
  • Users 13-16 require parental consent
  • Parents can request access to their child's data

10. International Transfers

Data is stored in the EU. If transferred outside the EU (e.g., for disaster recovery), we ensure adequate protection via EU Standard Contractual Clauses.

11. Data Breaches

If a data breach occurs:

  • We will notify affected users within 72 hours
  • We will report to supervisory authorities as required
  • We will take immediate steps to secure data

12. Changes to This Policy

We may update this policy. Significant changes will be notified via email.

13. Contact Us

Data Protection Officer:

Email: privacy@dojopop.com

Supervisory Authority:

You have the right to complain to your local data protection authority.

14. Consent

By using CombatForge, you consent to this Privacy Policy.