Goality
Goality TMC
///
Security & Infrastructure

Tournament-grade security & uptime

GDPR-compliant data handling, encrypted backups, point-in-time database restore, daily off-site copies. Built for tournaments that take their data seriously.

  • GDPR-compliant by design — privacy controls down to per-player
  • Daily backups to Cloudflare R2 + pgBackRest WAL streaming
  • Hetzner snapshots + monitored deployment pipeline
See trust detailsStart a tournament

The problem

A federation can't trust software that runs on someone's laptop

Federations, schools and serious leagues need to know where the data lives, who can access it, and how fast you recover from disaster. Goality runs on dedicated infrastructure with multi-layer backups, GDPR-grade privacy controls and a transparent operations log — so the answer to 'is it safe?' is documented, not vibes.

What you get

How we keep your tournament safe

GDPR compliance

Per-player privacy levels, parental consent workflow, right-to-erasure within 30 days, anonymized analytics. Audit-ready.

Encrypted at rest & in transit

Database storage encrypted at rest, HTTPS-only transport, sensitive fields (medical, ID) extra-protected. No casual eavesdropping.

Daily off-site backups

Nightly backups streamed to Cloudflare R2 in a separate region. If the primary server burns down, the data isn't lost.

Point-in-time restore

pgBackRest WAL streaming means we can restore the database to any second in the recent past. Wrong delete? Recovered in minutes.

Server-level snapshots

Hetzner server snapshots layered on top of database backups. Triple redundancy: WAL + R2 + Hetzner.

Monitored deployments

Every deploy runs CI, builds a Docker image, atomically swaps on the server. Monitored via @goalityTMC_bot. Rollback is one command.

Who it's for

Built for

Federations and associationsSchools and academiesInternational tournamentsInsurance-sensitive events

FAQ

Frequently asked

Where is the data stored?
Primary database lives on a Hetzner server in the EU. Daily backups stream to Cloudflare R2 (also EU region). No transatlantic data shipping.
What's the recovery point objective?
WAL streaming gives us a recovery point of seconds. In a worst-case full restore, expect minutes — not hours of lost work.
Can I export all my tournament data?
Yes. Roster, schedule, results, payments — exportable as CSV or JSON. You always own your data.
What about minors' personal data?
Players under 16 require parental consent (captured electronically). Personal data is scoped to authorized roles, never appears in public pages, and is deletable within 30 days on request.

Keep exploring

Related features

Player rosters,

Photo, birth date, jersey, medical notes, ID documents. Build the roster once, export to PDF for the federation, keep it tidy season after season.

Every tournament you run,

Switch between cups, see registrations stack up, track revenue and finish the setup checklist — without 12 tabs and 4 spreadsheets.

Every team gets

Players, coaches, jerseys, documents, travel, services and a direct line to the organizer — all on one screen, on phone or laptop.

Run your tournament on serious infrastructure

Encrypted, backed up, GDPR-ready — without lifting a finger. Free to start.

Start a tournamentBrowse all features