At Fightcard.live we take data protection seriously. Our platform is designed from the ground up to comply with the European Union's General Data Protection Regulation (GDPR) and to give fighters, promoters, staff, and federations full transparency and control.

This is a short, human-friendly overview of how we protect your data.

1. We never store medical or ID documents long-term

Medical and identity documents (such as blood tests, brain scans, medical certificates, or passport scans) are considered sensitive data in the EU.

To protect fighters:

• Files are uploaded directly to secure EU-region storage
• Files never pass through or live on our main servers
• Files are automatically deleted after promoter review
• Files are automatically deleted if not reviewed within a short time window
• Only a simple status (approved/expired/rejected) is kept

This ensures the absolute minimum possible retention of sensitive information.

2. EU-only storage for sensitive files

We use Cloudflare R2 located in the European Union for temporary document storage.

Files are encrypted at rest and never leave the EU region.

3. Full fighter control and explicit consent

Fighters must actively opt in before:

• editing their profile
• uploading medical or ID documents

Consent can be withdrawn at any time. When consent is withdrawn, all editing and uploading is disabled until consent is restored.

4. Promoters accept a Data Processing Agreement (DPA)

Promoters are the data controllers for medical and ID documents they request from fighters.

Fightcard.live processes those documents strictly on their instructions and deletes them automatically after review.

Every promoter must approve our DPA before accessing admin features.

5. Privacy-by-design architecture

We designed the platform to minimise data risk:

• Sensitive files kept only for the shortest time possible
• No permanent storage of medical documents
• No profiling or data sharing
• Strict role-based access for promoters and staff
• Audit logs for document access
• No advertising trackers
• Minimal cookie usage

6. Clear retention rules

• Fighter profile data is kept while the account is active
• Sensitive files are deleted automatically after review or timeout
• Fighters can delete their profile at any time
• Inactive accounts may be removed to comply with retention principles

7. Transparent international data handling

Standard profile data is stored on secure infrastructure in the United States using GDPR-approved safeguards (EU-US Data Privacy Framework or SCCs).

Sensitive medical/ID files are stored only in the EU.

8. You own your data

You can:

• request access to your data
• correct it
• delete your account
• withdraw consent
• request export of your profile

We never sell personal data and never use medical data for analytics or profiling.

⚖️ Still need the full legal details?

Read our full Privacy Policy for the complete legal wording:

View Privacy Policy