Privacy Policy
This is a convenience translation. The German version is the legally binding one.
This policy applies to the website mosp-lab.dev and the services hosted under it.
Sections 1–5 are common to all services; service-specific details
— data processed, recipients, retention — are in section 6.
1. Controller
The controller under the General Data Protection Regulation (GDPR) is:
Philippe Reicher
Hauptstraße 68
90607 Rückersdorf
Germany
Email: [email protected]
2. Scope
mosp-lab.dev is a privately operated, non-commercial environment hosting individual
services. Unless stated otherwise, access to the services is by invitation only.
3. Legal bases (overview)
Unless stated otherwise for a specific service, processing is based on:
- performance of a contract / use relationship (Art. 6(1)(b) GDPR),
- legitimate interests (Art. 6(1)(f) GDPR) — security, abuse prevention, logging,
- consent (Art. 6(1)(a) GDPR) where required.
4. Hosting
The services are hosted on the controller's own infrastructure; no external cloud provider is used. Technically necessary server logs (IP address, timestamp, requested resource) are generated on access.
5. Cookies & tracking
The services set only strictly necessary session cookies to keep signed-in users authenticated. No analytics, tracking or advertising services and no third-party fonts or CDNs are used. The specific cookie name is listed with each service.
6. Service-specific processing
Coachpit — coachpit.mosp-lab.dev
Coachpit is team-management software for amateur and youth football clubs (roster management, player assessments, training planning), currently in a closed pilot.
Data processed:
- Account & access data: name, email, hashed password, role, session information.
- Workspace/club data: club/team names and settings.
- Player data: name, optional date of birth, squad number, position, preferred foot, status, notes.
- Assessment & training data: skill ratings, attendance, sessions, notes.
- Audit log: security-relevant events with timestamp and the acting person.
Recipients / processors:
- Email delivery: Sinch / Mailjet sends, on our behalf, only transactional emails (invitations, password reset, email verification) — no newsletters or marketing. Covered by a data-processing agreement (Art. 28 GDPR).
- Authentication (single sign-on): optionally via the self-hosted identity service “Authentik”; currently used internally by the controller only.
Cookie: a strictly necessary session cookie (tm_session, HttpOnly, SameSite=Lax).
Minors' data: youth-football rosters may include personal data of minors, entered by the respective clubs/coaches. The inviting club is responsible for ensuring a valid legal basis — in particular parental consent — and for limiting data to what is necessary.
Retention: account and content data are kept while the associated workspace exists and removed on its deletion. Audit entries are deleted automatically after a configurable period (180 days by default).
7. Your rights
Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and to withdraw consent (Art. 7(3)). A message to the contact address above is sufficient.
8. Right to complain
You have the right to lodge a complaint with a data protection supervisory authority.
9. Changes
We update this policy when the services or legal requirements change. The version published here applies.