Last updated: February 10, 2026
BattleDome is the data controller for personal data processed through battledome.ai. Contact: dpo@battledome.ai
Contract Performance (Art. 6(1)(b)): Processing your account data, battle queries, and history is necessary to provide the Service you've signed up for.
Legitimate Interest (Art. 6(1)(f)): Generating anonymized benchmarks, preventing fraud, improving the Service, and maintaining security.
Consent (Art. 6(1)(a)): Marketing emails, newsletter subscriptions, and optional analytics cookies. You may withdraw consent at any time.
Legal Obligation (Art. 6(1)(c)): Retaining payment records for tax compliance.
As an EU/EEA resident, you have the following rights:
Right of Access (Art. 15): Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data.
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). We will comply within 30 days unless we have a legal obligation to retain data.
Right to Restrict Processing (Art. 18): Request we limit how we use your data.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON). Use the Export feature in your account or email us.
Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling.
Right re: Automated Decision-Making (Art. 22): ThunderScore and TruthLock are automated scoring systems. They do not make decisions with legal or similarly significant effects on you. They are informational tools only.
Data is processed in the United States via Vercel and Supabase infrastructure. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transfers outside the EU/EEA. Our sub-processors (Vercel, Supabase, Stripe) maintain their own SCCs and certifications.
Supabase Inc. — Database hosting, authentication (US) — Processes account data, battle history.
Vercel Inc. — Application hosting, edge functions (US/Global) — Processes requests and serves content.
Stripe Inc. — Payment processing (US) — Processes payment data under PCI-DSS compliance.
Anthropic PBC — AI model provider (US) — Processes queries for Claude responses.
OpenAI Inc. — AI model provider (US) — Processes queries for GPT responses.
Google LLC — AI model provider (US) — Processes queries for Gemini responses.
xAI Corp. — AI model provider (US) — Processes queries for Grok responses.
Account data: Retained until account deletion + 30 days for processing.
Battle history: Retained while account is active. Deleted within 30 days of account deletion.
Payment records: 7 years (legal obligation).
Server logs: 90 days.
Anonymized analytics: Indefinitely (not personal data).
Contact our DPO: dpo@battledome.ai
You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
Enterprise and Team plan customers can request a Data Processing Agreement (DPA) at legal@battledome.ai.
Email dpo@battledome.ai with subject line "GDPR Request — [Right]". Include your account email. We will verify your identity and respond within 30 days. Requests are free unless manifestly unfounded or excessive.