Privacy Policy

Last updated: 5 May 2026 · Effective: 5 May 2026

1.  Who we are

Courtr is a mobile app that lets friend groups create and run padel leagues — handling session scheduling, draw generation, live leaderboards, and season standings. We’re based in the United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, the data controller is Courtr.

If you have questions about how we handle your personal data, contact us at privacy@courtr.co.uk.

2.  What data we collect

We only collect data we actually need to run the app.

CategoryExamplesWhen collected
Account dataName, email address, profile photo (optional)When you sign up or use Apple / Google Sign-In
League & session dataLeague names, session results, scores, standingsWhen you create or participate in a league
Invite dataInvite codes generated; whether a link was followedWhen you invite another player
Device & usage dataDevice type, OS version, app events, crash reportsAutomatically, while you use the app
CommunicationsPush notification token, support messagesWhen you grant notification permission or contact us

Name-only guests. If an organiser adds a guest player by name only (no account), we store only the display name you provide. No email address, no device data. These entries are not linked to any real-world individual unless they later create an account.

We do not collect location data, contacts from your phone, or any sensitive personal data as defined by UK GDPR.

3.  How we use your data

PurposeData used
Provide and run the appAccount data, league & session data, invite data
Authenticate your identityEmail address or Apple / Google token
Send session reminders and score updatesAccount data, push notification token (only where you have granted notification permission via your device)
Process cost-split paymentsPayment data (via Stripe — we never see your card number)
Fix bugs and improve reliabilityCrash reports, device & usage data
Understand feature usage and improve the productAnonymised usage events (via Mixpanel or Amplitude)
Respond to support requestsAccount data, communications
Comply with legal obligationsAs required by applicable law

4.  Legal basis for processing

Under UK GDPR, we need a legal basis to process your personal data. We rely on:

  • Contract — processing necessary to deliver the service you’ve signed up for (running your leagues, storing scores, sending session notifications).
  • Legitimate interests — crash reporting and anonymous product analytics, where our interest in maintaining a reliable, improving product does not override your privacy rights.
  • Legal obligation — where we are required to process or retain data by law.
  • Consent — for push notifications, which require your explicit permission via your device’s operating system. You can withdraw this at any time in your device settings.

5.  Third-party services

We use a small number of trusted third-party services to operate Courtr. Each is bound by contractual data processing terms consistent with UK GDPR.

  • Supabase — our backend database and authentication provider. Your account data, league data, and session results are stored here. Supabase is GDPR-compliant and we have a Data Processing Agreement in place.
  • Stripe — payment processing for the cost-splitting feature. Stripe handles all card data directly — Courtr never stores or sees your full payment details. Stripe is PCI DSS Level 1 certified.
  • Sentry — crash reporting and error monitoring. Sentry may capture device type, OS version, and a stack trace when the app crashes. We configure Sentry to minimise the capture of personal data in error reports.
  • Mixpanel / Amplitude — product analytics. We use one of these tools to understand how features are used — for example, how many leagues complete a full session. Events are tied to a pseudonymous ID, not your name or email address. To opt out, contact us at privacy@courtr.co.uk and we will action this promptly.
  • Apple / Google — if you sign in with Apple or Google, their authentication services verify your identity. We receive only a token and the data you choose to share (typically name and email). Their own privacy policies apply to this step.

We do not share your data with any other third parties except where required by law.

6.  Data retention

Data typeRetention period
Account dataUntil you delete your account, then 30 days before permanent deletion
League and session historyAs long as the league exists; deleted when the league is deleted by the organiser
Crash reports90 days
Analytics eventsAs per Mixpanel / Amplitude retention settings

When a league is deleted, the data of players who are members of only that league will also be removed, subject to any legal retention obligations.

7.  International transfers

Some of our third-party providers are based outside the UK. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place — typically the International Data Transfer Agreement (IDTA) or Standard Contractual Clauses approved for UK transfers.

If you’d like details of the specific safeguards in place for any transfer, please contact us.

8.  Your rights

RightDescription
AccessRequest a copy of the personal data we hold about you.
RectificationAsk us to correct inaccurate or incomplete data.
ErasureRequest deletion of your data where there is no compelling reason to keep it.
RestrictionAsk us to limit how we use your data in certain circumstances.
PortabilityReceive your data in a structured, machine-readable format.
ObjectObject to processing based on legitimate interests, including analytics.

To exercise any of these rights, contact us at the address in section 11. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

9.  Children

Courtr is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

Users aged 13–17 may use the app, but an organiser who adds a minor to a league is responsible for ensuring that parent or guardian consent has been obtained where required.

10.  Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we’ll notify you via the app or by email before the changes take effect. The “last updated” date at the top of this page will always reflect the most recent version.

Continued use of Courtr after a change takes effect constitutes acceptance of the updated policy.

11.  Contact us

If you have any questions about this policy or want to exercise your data rights, you can reach us at:

privacy@courtr.co.uk