Data Processing Terms

Version 2026-05-28 · Applies to aixi.football

1. Purpose of this document

These Data Processing Terms (the "DPA") set out the data-protection relationship between you, as an organiser using aixi to manage your game (the "Controller"), and us, the Service operator (the "Processor"). They are the Article 28 UK GDPR processor terms required when a controller uses a processor. By registering, you accept these DPA terms as part of our Terms of Use.

2. The parties

• Processor: Lukas Oberhuber, trading as Blabberate (a sole trader, based in England and Wales). Contact: info@blabberate.com.
• Controller: you, the registered account holder, using aixi to organise your weekly football game.

3. Subject matter, duration, nature and purpose

• Subject matter: processing of personal data on your behalf so you can use aixi to organise your game.
• Duration: for as long as you have an active aixi account, plus the limited windows described in clauses 9 and 10.
• Nature and purpose: storing your roster and game data; generating teams; producing bills; sending and editing messages in your Telegram chat at your instruction; capturing tap events on those messages and matching them to your roster.

4. Types of personal data

aixi processes the following categories on your behalf:

• Player records (name, optional phone number, position, your skill / fitness ratings, status, how you know them, attendance, team assignments, payment-tracking).
• Telegram interaction data (Telegram user ID, profile-shown first/last name, optional @username, the tap events on bot messages).
• Venue and invoice data (venue name and address, contact details, bank account number and sort code, line items and customer details).
• Any documents you upload (e.g. invoices, agreements).

5. Categories of data subjects

• The players you manage (who may not be aixi users themselves).
• People in your Telegram group who tap on the bot's messages.
• Venue contacts and people named on bills or invoices.

6. Your instructions

We process the personal data covered by this DPA only on your documented instructions, which you give by using the Service (the choices you make in the app are your instructions). If we believe an instruction would breach data-protection law, we'll tell you. We won't transfer your data outside the UK except via the safeguards used by our sub-processors (clause 8).

7. Confidentiality, security and people

We keep personal data confidential and ensure that anyone authorised to access it (currently only the operator) is under a duty of confidence. We maintain appropriate technical and organisational measures (UK GDPR Article 32) — see the security section of the Privacy Policy for the current measures.

8. Sub-processors

You give us general authorisation to engage the following sub-processors to deliver the Service:

• Cloudflare — hosting (Workers), storage (R2 / S3 API), and content delivery.
• Telegram — messaging via the Telegram Bot API, where you have connected a Telegram chat.

We will give you reasonable notice of any intended addition or replacement of a sub-processor (typically by updating this page and noting it in-app) so you have a chance to object. If you reasonably object, you may stop using the affected feature or terminate your account.

9. Helping you meet your obligations

Taking into account the nature of the processing and the information available to us, we will assist you with: (a) responding to requests from individuals to exercise their rights (access, rectification, erasure, restriction, objection, portability); (b) ensuring security and notifying you of a personal data breach affecting your data without undue delay; (c) any required data protection impact assessment or prior consultation. Where you can fulfil a request yourself in the app (e.g. editing or removing a player), we expect you to do so.

10. Return and deletion

On termination of your account, we will delete the personal data we process on your behalf within a reasonable period, except where storage is required by law. You may also ask us to delete specific records (e.g. an individual player) at any time by emailing info@blabberate.com.

11. Information and audits

We will make available the information reasonably necessary to demonstrate compliance with this DPA. Given the size and nature of the Service, we expect this to take the form of written responses to a reasonable number of questions per year, plus updates to our internal compliance documents (ROPA, retention schedule, security measures, breach response).

12. Liability and changes

Each party's liability under this DPA is subject to any limitations set out in the Terms of Use. We may update this DPA as the Service develops; the version date at the top of this page reflects the current version, and substantive changes will be notified in-app where reasonable.

Questions? Email info@blabberate.com. See also our Privacy Policy and Terms of Use.