Privacy Policy

Clubbie — clubb.ie

1. Data Controller

The data controller for data processed through the Clubbie platform is:
Travis George trading as Clubbie, Ireland.
Contact: privacy@clubb.ie

2. What We Collect

When you use Clubbie, we collect the following categories of personal data:

Account Data

• Email address
• Full name and display name
• Date of birth

Profile Data

• Profile photo
• Profile icon selection
• Dominant hand
• Racquet sports background
• Pickleball experience level
• Playing intent (social, competitive, or both)
• Skill rating

Club Membership Data

• Club role (player, coach, admin)
• Membership status (active, pending, left)
• Approval and joining timestamps

Booking Data

• Session bookings and cancellations
• Payment status
• Waitlist position

Session and Game Data

• Match results and scores
• Player participation (partners and opponents per game)
• Session attendance history

Social Data

• Comments on sessions
• Reactions to comments and content
• Photo uploads and photo metadata (captions, upload time)

Communication Data

• Feedback submissions
• Bug reports, including device metadata: screen route, app version, OS version, and device model

Notification Data

• Push notification tokens
• Notification preferences (per-category opt-in/opt-out)
• Email communication preferences

Analytics Preference

• Your opt-in or opt-out choice for player analytics

Invite Data

• Invitations sent and received (invite codes, timestamps)

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Contract Performance — Article 6(1)(b)

Processing necessary to provide the Clubbie service to you, including: account creation and management, session bookings, payment tracking, club membership management, and communications directly related to your use of the platform.

Legitimate Interest — Article 6(1)(f)

Processing necessary for our legitimate interests (or those of the club), including: club administration and session management, sending relevant notifications about sessions and bookings, maintaining platform security, preventing abuse, and improving the service. We balance these interests against your rights and freedoms.

Consent — Article 6(1)(a)

Where you have given explicit consent, including: opting in to player analytics processing. You may withdraw consent at any time via your Profile settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. How We Use Your Data

Data Category	Purpose
Account data	Authentication, account identification, age verification
Profile data	Displaying your profile to other club members, session balancing, skill-appropriate pairings
Club membership data	Managing your membership, role-based access controls, approval workflows
Booking data	Processing session bookings, managing waitlists, payment reconciliation
Session and game data	Recording match results, displaying history, skill progression tracking (if opted in)
Social data	Displaying comments and reactions to club members, photo galleries
Communication data	Responding to feedback, diagnosing and resolving bugs
Notification data	Delivering push notifications and emails about sessions, bookings, and club updates
Analytics preference	Respecting your choice on analytics processing
Invite data	Managing club invitations and tracking invite usage

5. Third-Party Processors

We use the following third-party services to operate Clubbie. Each processes only the data necessary for their function:

Processor	Service	Location	Data Processed
Google Firebase	Firestore database, Authentication, Cloud Storage	EU (europe-west1)	All account and application data
Resend	Transactional email delivery	US	Email address, name, role, country
Vercel	Web application hosting	Global CDN	Web traffic, IP address (not stored)
Expo / EAS	Push notification delivery	US	Push notification tokens, notification content
Apple (APNs)	Push notifications to iOS devices	US	Push tokens, notification payloads
Google (FCM)	Push notifications to Android and web	US	Push tokens, notification payloads

6. International Data Transfers

Your primary data is stored in Google Firebase within the EU (europe-west1 region). However, some third-party processors are based in the United States (Resend, Expo/EAS, Apple, and Google's push notification services).

These transfers are protected by appropriate safeguards including:

• EU–US Data Privacy Framework — where the processor is a certified participant
• Standard Contractual Clauses (SCCs) — as approved by the European Commission

We ensure that all international transfers of personal data comply with Chapter V of the GDPR.

7. Organiser & Coach Access

Club organisers (admins) and coaches have elevated access within their club as part of managing club operations. They can view:

• Your membership status and role
• Your booking history and session attendance
• Your skill rating and playing profile
• Coach notes recorded against your profile

This access is necessary for session planning, skill-appropriate pairings, and club administration. You have the right to request access to any coach or organiser notes held about you — see Section 10: Your Rights.

8. Data Storage & Security

Your data is stored in Google Cloud Firestore and Google Cloud Storage, both located in the EU (europe-west1 region, Belgium). We implement the following security measures:

• Encryption at rest — all data in Firestore and Cloud Storage is encrypted using AES-256
• Encryption in transit — all connections use TLS 1.2 or higher
• Authentication — Firebase Authentication with secure password hashing
• Access controls — Firestore Security Rules enforce role-based access (e.g., only admins can manage members)
• Minimal data exposure — Cloud Functions process data server-side; clients receive only the data they are authorised to access

9. Data Retention

Active Account

Your personal data is retained for as long as your account remains active on the platform.

Leave Club

If you leave a club, your membership data is preserved for 30 days so you can rejoin without losing your history. After 30 days, club-specific data may be deleted by a club administrator.

Delete Account

When you delete your account, the following occurs immediately:

• Your profile data, account data, and personal information are permanently deleted
• Your profile photo is deleted from Cloud Storage
• Your email contact is removed from Resend
• Match history records are anonymised — your name is replaced with "Former Member"
• Community match photos you uploaded remain visible (metadata is anonymised)

Blocked Email Hashes

When a member is removed from a club by an administrator, a one-way cryptographic hash of their email address is retained. This is used solely to prevent the removed individual from re-joining the club. The hash cannot be reversed to recover the original email address.

10. Your Rights

Under GDPR Articles 15–22, you have the following rights regarding your personal data:

• Right of Access (Art. 15) — You can download your personal data as a JSON file directly from the app (Profile → Settings → Download My Data).
• Right to Rectification (Art. 16) — You can edit your profile information at any time through the app. For data you cannot edit directly, contact us.
• Right to Erasure (Art. 17) — You can delete your account and all associated personal data from within the app (Profile → Settings → Delete Account).
• Right to Data Portability (Art. 20) — Your data export is provided in JSON format, a structured, commonly used, and machine-readable format.
• Right to Restrict Processing (Art. 18) — Contact privacy@clubb.ie to request restriction of processing in applicable circumstances.
• Right to Object (Art. 21) — Contact privacy@clubb.ie to object to processing based on legitimate interest.
• Right to Withdraw Consent (Art. 7(3)) — You can withdraw consent for analytics processing via the analytics toggle in your Profile settings, and manage email preferences in your notification settings. Withdrawal does not affect prior processing.
• Right to Lodge a Complaint — You have the right to lodge a complaint with the Irish Data Protection Commission:
  Website: www.dataprotection.ie
  Phone: +353 (0)1 765 0100 / 1800 437 737

We will respond to all data rights requests within 30 days, as required by the GDPR.

11. Cookies & Local Storage

We use browser localStorage and IndexedDB for authentication session persistence only. These are necessary for the platform to function and keep you signed in.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No data is shared with advertising networks or data brokers.

12. Children

Clubbie is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. Users must confirm that they are at least 16 years old at sign-up.

If we become aware that we have collected data from a person under 16 without appropriate consent, we will delete that data promptly. If you believe a child under 16 has created an account, please contact privacy@clubb.ie.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Send an in-app notification to all active users
• Send an email notification to your registered email address
• Update the version number and date at the bottom of this page

We encourage you to review this policy periodically. Continued use of Clubbie after changes have been notified constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions, data access requests, or concerns about how your data is handled:

Travis George trading as Clubbie
Email: privacy@clubb.ie
Website: clubb.ie

Version 2.0 — Last updated: March 2026

← Back to Clubbie