Login / Sign up

OpenCourt

Friendly meet-up tennis court finder

Privacy Policy

Last updated: 10 October 2025

1. Who We Are

OpenCourt (“we”, “us”, “our”) is an independent community platform that helps UK players discover public tennis courts, share reviews, and plan games. We act as the data controller for personal data collected through the OpenCourt website and app.

If you have questions, email bunoujr@gmail.com.

2. Data We Collect

Category What we collect How it’s collected
Account details Name, email address, and optional display username (auto-generated if you don’t choose one). Provided when you sign in via Supabase authentication.
Reviews & contributions Ratings, text reviews, photo uploads (stored in Supabase Storage), timestamps, and related venue IDs. Submitted by you through the review form.
Technical data IP address (via our rate limiter), device/browser type, cookies, and crash/error logs. Captured automatically when you use the site.
Location inputs Postcodes you enter to search for nearby courts or plan meet-ups. Entered manually by you; resolved through postcodes.io.
Session cookies sb-access-token, sb-refresh-token, oc-username Set when you log in to maintain your session.

We do not intentionally collect sensitive personal data (e.g. health, religion) or any payment information.

3. How We Use Your Data

We use your data to:

  • Operate the service (authenticate users, display courts and reviews).
  • Moderate content and prevent spam or misuse.
  • Improve performance and plan new features.
  • Respond to support messages or policy updates.

Legal bases:

  • Contractual necessity – to provide your account and features you request.
  • Legitimate interests – for security, moderation, and improvement.
  • Consent – for optional features like marketing emails (none currently).

4. Cookies and Similar Technologies

  • sb-access-token and sb-refresh-token (HTTP-only) — keep you signed in via Supabase.
  • oc-username — stores your display name for convenience.

No advertising or tracking cookies are used. Most browsers allow you to disable cookies, but authentication will not work without the required session cookies.

5. Third-Party Services & Data Sharing

We share data only with service providers that help us run OpenCourt:

  • Supabase – authentication, PostgreSQL database, photo storage.
  • Railway / Redis – caching and rate-limiting (stores temporary IP data).
  • postcodes.io – geocoding of postcodes you submit.
  • Gmail – for user support emails.

These vendors act as data processors, following our instructions and security measures. Some may store or access data outside the UK/EU; we rely on Standard Contractual Clauses or equivalent safeguards.

We never sell or share your data for advertising.

6. Data Retention

  • Account & reviews: kept while your account is active.
  • Photos: stored until you delete them or we remove them under our policies.
  • Logs & IP data: typically retained up to 30 days for security purposes.
  • Backups: may persist for ≤90 days before automatic overwrite.

You can request deletion of your account by emailing bunoujr@gmail.com. We may keep minimal records to comply with legal obligations or resolve disputes.

7. Your Rights (UK GDPR)

You have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion.
  • Object to or restrict processing.
  • Receive a copy of your data (portability).
  • Lodge a complaint with the Information Commissioner’s Office (ICO) – ico.org.uk.

To exercise your rights, email bunoujr@gmail.com. We’ll respond within one month.

8. Security

We use HTTPS, HTTP-only cookies, and role-based access controls. Supabase and our hosting providers apply encryption and monitoring. No online service is 100% secure, so please protect your login credentials and notify us if you suspect unauthorised access.

9. Children

OpenCourt is intended for users aged 16 or over. If you are 16–17, you confirm you have permission from a parent or guardian. Accounts discovered to belong to users under 16 will be deleted.

10. International Transfers

Supabase and certain infrastructure providers may store data in the EU or transfer it outside the UK/EU. When this occurs, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer safeguards approved under UK GDPR.

11. Updates to This Policy

We may update this Privacy Policy as OpenCourt evolves. The “Last updated” date above shows the latest version. We will notify users of significant changes on the site or by email (if applicable). Continued use after updates means you accept the revised policy.

12. Contact

Questions, requests, or feedback about privacy? Email bunoujr@gmail.com.