Privacy Policy

1. Who We Are

ScoreThis ("we", "us", "our") operates the ScoreThis mobile application (the "App") available on iOS and Android. ScoreThis is a tournament management application designed for Padel and Pickleball organizers, clubs, and venues.

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@scorethis.app.

2. Information We Collect

2.1 Information You Provide

• Email address — used for authentication via magic link / OTP. Required to use the App.
• Player profiles — names, skill level (beginner / intermediate / advanced / pro), and gender that you enter for players in your organisation. This is data you enter voluntarily to manage tournaments.
• Tournament data — tournament names, formats, court counts, scores, and match results you record during tournaments.
• Organisation details — the name of your club or organisation that you create within the App.

2.2 Information Collected Automatically

• Authentication tokens — session tokens managed by Supabase to keep you signed in securely.
• Device information — basic device type and operating system version collected by our analytics and crash reporting services.
• Usage data — aggregate, anonymised data about how features are used (e.g., which tournament formats are most popular) to help us improve the App. This data is not linked to your individual identity.
• Crash reports — if the App crashes, anonymised diagnostic information is collected to help us fix bugs.

2.3 Information We Do Not Collect

• We do not collect precise GPS or location data.
• We do not access your contacts, photos, or camera (unless you grant explicit permission for a specific feature).
• We do not collect payment card information directly — all payments are processed by third-party processors.
• We do not build advertising profiles or share data with ad networks.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service — to authenticate you, store your tournaments, manage player libraries, calculate standings, and deliver real-time leaderboard updates.
• Account management — to send magic-link / OTP emails for signing in, and transactional emails related to your account.
• Improving the App — anonymised usage data helps us understand which features are valuable and where we can improve.
• Bug fixes & support — crash reports and support emails help us diagnose and fix technical issues.
• Legal compliance — to comply with applicable laws and regulations, or to respond to valid legal requests.

We do not use your data for targeted advertising, profiling, or any purpose not listed above.

4. How We Share Your Information

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

4.1 Service Providers

We use a limited number of third-party services to operate ScoreThis:

• Supabase — database and authentication infrastructure. Your data is stored in Supabase's PostgreSQL database hosted on AWS.
• Vercel — API server hosting.
• Ably — real-time messaging for live leaderboard updates. Only match score events are transmitted, not personal data.
• OneSignal — push notification delivery. We share your device push token with OneSignal to send you tournament notifications.
• RevenueCat — subscription and in-app purchase management, if applicable.

These providers are contractually bound to process your data only as instructed by us and to maintain appropriate security standards.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of ScoreThis, our users, or the public.

4.3 Business Transfers

If ScoreThis is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or in-app notice before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data (email, session tokens) — retained until you delete your account.
• Tournament and player data — retained until you delete your account or explicitly delete specific records within the App.
• Anonymised usage analytics — retained indefinitely as aggregate statistical data.
• Crash logs — retained for up to 90 days.

When you delete your account, we will delete or anonymise all personal data associated with your account within 30 days, except where we are required by law to retain certain records.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data ("right to be forgotten").
• Portability — request your data in a structured, machine-readable format.
• Objection — object to certain types of processing of your data.
• Restriction — request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at hello@scorethis.app. We will respond within 30 days.

7. Security

We take the security of your data seriously. We implement the following measures:

• All data is transmitted over HTTPS/TLS encryption.
• Authentication uses Supabase's secure magic-link / OTP system — no passwords are stored.
• Database access is restricted using row-level security (RLS) policies so users can only access their own organisation's data.
• API endpoints require valid JWT authentication tokens.
• We use environment variables and secrets management to protect API keys and credentials.

Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to hello@scorethis.app.

8. Children's Privacy

ScoreThis is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at hello@scorethis.app and we will take steps to delete that information.

Users between the ages of 13 and 18 should use the App only with the consent of a parent or legal guardian.

9. Push Notifications

ScoreThis may send push notifications to your device for tournament-related updates (e.g., when a new round is ready or a score has been confirmed). You can disable push notifications at any time through your device's notification settings. Disabling notifications does not affect your ability to use the App.

10. Third-Party Services

The App integrates with the following third-party services. We encourage you to review their privacy policies:

• Supabase — supabase.com/privacy
• Vercel — vercel.com/legal/privacy-policy
• Ably — ably.com/privacy
• OneSignal — onesignal.com/privacy_policy
• RevenueCat — revenuecat.com/privacy

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you via email or in-app notification at least 14 days before the changes take effect.

Your continued use of the App after the effective date of the revised policy constitutes your acceptance of the changes. If you do not agree with the changes, you should stop using the App and delete your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@scorethis.app
• App: Use the in-app contact option on the Profile screen.

We will respond to all privacy-related inquiries within 30 days.