Privacy Policy

Last updated: 5 May 2026 · Effective: 5 May 2026

Who we are

Courtr is a mobile app that lets friend groups create and run padel leagues — handling session scheduling, draw generation, live leaderboards, and season standings. We're based in the United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, the data controller is Courtr. Our ICO registration number is [ADD ONCE REGISTERED].

If you have questions about how we handle your personal data, contact us at privacy@courtr.co.uk.

What data we collect.

We only collect data we actually need to run the app.

CATEGORY

EXAMPLES

WHEN COLLECTED

Account data

Name, email address, profile photo (optional)

When you sign up or use Apple / Google Sign-In

League & session data

League names, session results, scores, standings

When you create or participate in a league

Invite data

Invite codes generated; whether a link was followed

When you invite another player

Device & usage data

Device type, OS version, app events, crash reports

Automatically, while you use the app

Communications

Push notification token, support messages

When you grant notification permission or contact us

Name-only guests. If an organiser adds a guest player by name only (no account), we store only the display name you provide. No email address, no device data. These entries are not linked to any real-world individual unless they later create an account.

We do not collect location data, contacts from your phone, or any sensitive personal data as defined by UK GDPR.

How we use your data

PURPOSE

DATA USED

Provide and run the app

Account data, league & session data, invite data

Authenticate your identity

Email address or Apple / Google token

Send session reminders and score updates

Account data, push notification token (only where you have granted notification permission via your device)

Process cost-split payments

Payment data (via Stripe — we never see your card number)

Fix bugs and improve reliability

Crash reports, device & usage data

Understand feature usage and improve the product

Anonymised usage events (via Mixpanel or Amplitude)

Respond to support requests

Account data, communications

Comply with legal obligations

As required by applicable law

Legal basis for processing

Under UK GDPR, we need a legal basis to process your personal data. We rely on:

  • Contract — processing necessary to deliver the service you've signed up for (running your leagues, storing scores, sending session notifications).

  • Legitimate interests — crash reporting and anonymous product analytics, where our interest in maintaining a reliable, improving product does not override your privacy rights.

  • Legal obligation — where we are required to process or retain data by law.

  • Consent — for push notifications, which require your explicit permission via your device's operating system. You can withdraw this at any time in your device settings.

Third-party services

We use a small number of trusted third-party services to operate Courtr. Each is bound by contractual data processing terms consistent with UK GDPR.

  • Supabase Our backend database and authentication provider. Your account data, league data, and session results are stored here. Supabase is GDPR-compliant and we have a Data Processing Agreement in place.

  • StripePayment processing for the cost-splitting feature. Stripe handles all card data directly — Courtr never stores or sees your full payment details. Stripe is PCI DSS Level 1 certified.

  • SentryCrash reporting and error monitoring. Sentry may capture device type, OS version, and a stack trace when the app crashes. We configure Sentry to minimise the capture of personal data in error reports.

  • Mixpanel / AmplitudeProduct analytics. We use one of these tools to understand how features are used — for example, how many leagues complete a full session. Events are tied to a pseudonymous ID, not your name or email address. If you'd like to opt out of analytics, contact us at privacy@courtr.co.uk and we will action this promptly.

  • Apple / GoogleIf you sign in with Apple or Google, their authentication services are used to verify your identity. We receive only a token and the data you choose to share (typically name and email). Their own privacy policies apply to this step.

We do not share your data with any other third parties except where required by law.

Data retention

DATA TYPE

RETENTION PERIOD

Account data

Until you delete your account, then 30 days before permanent deletion

League and session history

As long as the league exists, deleted when the league is deleted by the organiser

Crash reports

90 days

Analytics events

As per Mixpanel retention settings

When a league is deleted, the data of players who are members of only that league will also be removed, subject to any legal retention obligations.

International transfers

Some of our third-party providers are based outside the UK. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place — typically the International Data Transfer Agreement (IDTA) or Standard Contractual Clauses approved for UK transfers.

If you'd like details of the specific safeguards in place for any transfer, please contact us.

Your rights

RIGHT

DESCRIPTION

Access

Request a copy of the personal data we hold about you.

Retification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your data where there is no compelling reason to keep it.

Restriction

Ask us to limit how we use your data in certain circumstances.

Portability

Receive your data in a structured, machine-readable format.

Object

Object to processing based on legitimate interests, including analytics.

To exercise any of these rights, contact us at the address in section 11. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

Children

Courtr is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

Users aged 13–17 may use the app, but an organiser who adds a minor to a league is responsible for ensuring that parent or guardian consent has been obtained where required.

Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we'll notify you via the app or by email before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

Continued use of Courtr after a change takes effect constitutes acceptance of the updated policy.

Contact us

If you have any questions about this policy or want to exercise your data rights, you can reach us at:

privacy@courtr.co.uk

Courtr

©️

2026

Made for organisers, by organisers