Privacy Policy

Clubbie — clubb.ie

Contents

  1. Data Controller
  2. What We Collect
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. Third-Party Processors
  6. International Data Transfers
  7. Organiser & Coach Access
  8. Data Storage & Security
  9. Data Retention
  10. Your Rights
  11. Cookies & Local Storage
  12. Children
  13. Changes to This Policy
  14. Contact

1. Data Controller

The data controller for data processed through the Clubbie platform is:
Travis George trading as Clubbie, Ireland.
Contact: privacy@clubb.ie

2. What We Collect

When you use Clubbie, we collect the following categories of personal data:

Account Data

  • Email address
  • Full name and display name
  • Date of birth

Profile Data

  • Profile photo
  • Profile icon selection
  • Dominant hand
  • Racquet sports background
  • Pickleball experience level
  • Playing intent (social, competitive, or both)
  • Skill rating

Club Membership Data

  • Club role (player, coach, admin)
  • Membership status (active, pending, left)
  • Approval and joining timestamps

Booking Data

  • Session bookings and cancellations
  • Payment status
  • Waitlist position

Session and Game Data

  • Match results and scores
  • Player participation (partners and opponents per game)
  • Session attendance history

Social Data

  • Comments on sessions
  • Reactions to comments and content
  • Photo uploads and photo metadata (captions, upload time)

Communication Data

  • Feedback submissions
  • Bug reports, including device metadata: screen route, app version, OS version, and device model

Notification Data

  • Push notification tokens
  • Notification preferences (per-category opt-in/opt-out)
  • Email communication preferences

Analytics Preference

  • Your opt-in or opt-out choice for player analytics

Diagnostic & Usage Data (optional, consent-gated)

When (and only when) you opt in via the "Help Improve Clubbie" toggle in your Profile, the app sends diagnostics and usage analytics to Firebase Crashlytics, Firebase Performance Monitoring and Google Analytics for Firebase:

  • Crash stack traces and the application state captured at crash time
  • Operating system version, app version, and device model
  • A non-personal device identifier used to deduplicate reports
  • Performance traces (app start time, screen render times, network request latency)
  • Pseudonymous usage analytics (which screens are used and how often, session counts, app version adoption) — keyed to a per-install app identifier, not your name or Clubbie account

These reports are not linked to your name or Clubbie account; usage analytics is pseudonymous (a per-install identifier, not your identity). You can disable diagnostic and usage data collection at any time via your Profile settings. See Section 5 for the processors involved.

Invite Data

  • Invitations sent and received (invite codes, timestamps)

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Contract Performance — Article 6(1)(b)

Processing necessary to provide the Clubbie service to you, including: account creation and management, session bookings, payment tracking, club membership management, and communications directly related to your use of the platform.

Legitimate Interest — Article 6(1)(f)

Processing necessary for our legitimate interests (or those of the club), including: club administration and session management, sending relevant notifications about sessions and bookings, sending occasional service and product updates about Clubbie from us as the developer (not third-party marketing), which you can opt out of at any time (see Your Rights), maintaining platform security, preventing abuse, and improving the service. We balance these interests against your rights and freedoms.

Consent — Article 6(1)(a)

Where you have given explicit consent. A single in-app toggle ("Help Improve Clubbie", in your Profile settings) governs four consent-gated activities:

  • Anonymous crash reporting (Firebase Crashlytics)
  • Anonymous performance monitoring (Firebase Performance Monitoring)
  • Pseudonymous usage analytics (Google Analytics for Firebase) — keyed to a per-install app identifier, not your identity
  • Player analytics processing (the "personalised insights" feature, when launched)

You may withdraw consent at any time via your Profile settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. How We Use Your Data

Data Category Purpose
Account data Authentication, account identification, age verification
Profile data Displaying your profile to other club members, session balancing, skill-appropriate pairings
Club membership data Managing your membership, role-based access controls, approval workflows
Booking data Processing session bookings, managing waitlists, payment reconciliation
Session and game data Recording match results, displaying history, skill progression tracking (if opted in)
Social data Displaying comments and reactions to club members, photo galleries
Communication data Responding to feedback, diagnosing and resolving bugs
Notification data Delivering push notifications and emails about sessions, bookings, club updates, and occasional Clubbie service and product updates (opt-out available)
Analytics preference Respecting your choice on analytics processing
Invite data Managing club invitations and tracking invite usage

5. Third-Party Processors

We use the following third-party services to operate Clubbie. Each processes only the data necessary for their function:

Processor Service Location Data Processed
Google Firebase Firestore database, Authentication, Cloud Storage EU (europe-west1) All account and application data
Resend Transactional and service-update email delivery US Email address, name, role, country
Vercel Web application hosting Global CDN Web traffic, IP address (not stored)
Expo / EAS Push notification delivery US Push notification tokens, notification content
Apple (APNs) Push notifications to iOS devices US Push tokens, notification payloads
Google (FCM) Push notifications to Android and web US Push tokens, notification payloads
Google Ireland Limited (Firebase Crashlytics) Crash reporting (native app only) US (sub-processor; data-receiving entity: Google Ireland Limited, IE) Device identifier, OS version, app version, stack traces, custom keys — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR).
Google Ireland Limited (Firebase Performance Monitoring) App performance metrics (native app only) US (sub-processor; data-receiving entity: Google Ireland Limited, IE) App start time, screen render times, network request latency, custom traces — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR).
Google Ireland Limited (Google Analytics for Firebase) Usage analytics (native app only) US (sub-processor; data-receiving entity: Google Ireland Limited, IE) Pseudonymous app-instance identifier, screen views, session counts, app/OS version — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR).

6. International Data Transfers

Your primary data is stored in Google Firebase within the EU (europe-west1 region). However, some third-party processors are based in the United States (Resend, Expo/EAS, Apple, and Google's push notification services).

These transfers are protected by appropriate safeguards including:

  • EU–US Data Privacy Framework — where the processor is a certified participant
  • Standard Contractual Clauses (SCCs) — as approved by the European Commission

We ensure that all international transfers of personal data comply with Chapter V of the GDPR.

7. Organiser & Coach Access

Club organisers (admins) and coaches have elevated access within their club as part of managing club operations. They can view:

  • Your membership status and role
  • Your booking history and session attendance
  • Your skill rating and playing profile
  • Coach notes recorded against your profile

This access is necessary for session planning, skill-appropriate pairings, and club administration. You have the right to request access to any coach or organiser notes held about you — see Section 10: Your Rights.

8. Data Storage & Security

Your data is stored in Google Cloud Firestore and Google Cloud Storage, both located in the EU (europe-west1 region, Belgium). We implement the following security measures:

  • Encryption at rest — all data in Firestore and Cloud Storage is encrypted using AES-256
  • Encryption in transit — all connections use TLS 1.2 or higher
  • Authentication — Firebase Authentication with secure password hashing
  • Access controls — Firestore Security Rules enforce role-based access (e.g., only admins can manage members)
  • Minimal data exposure — Cloud Functions process data server-side; clients receive only the data they are authorised to access

9. Data Retention

Active Account

Your personal data is retained for as long as your account remains active on the platform.

Leave Club

If you leave a club, your membership data is preserved for 30 days so you can rejoin without losing your history. After 30 days, club-specific data may be deleted by a club administrator.

Delete Account

When you delete your account, the following occurs immediately:

  • Your profile data, account data, and personal information are permanently deleted
  • Your profile photo is deleted from Cloud Storage
  • Your email contact is removed from Resend
  • Match history records, comments and photo comments you posted are anonymised — your name is replaced with "Former Member"
  • Community match photos you uploaded remain visible (metadata is anonymised)

Two categories of operational records are not automatically removed by the in-app delete flow today and so may persist after account deletion until they are removed by another mechanism: (1) push and email delivery event logs — retained for diagnosing notification problems and reconciling email-service usage — which are not deleted by the account-deletion cascade and persist until you request manual removal; and (2) operational and security logs stored in Google Cloud Logging, which roll off automatically under the 90-day retention window described below, with the limited exceptions noted there (some audit records may be preserved longer where required by law). To request manual removal of the delivery event records during or after account deletion, contact privacy@clubb.ie. We plan to add automatic cleanup of these records to the in-app delete flow in a future privacy enhancement.

Blocked Email Hashes

When a member is removed from a club by an administrator, a one-way cryptographic hash of their email address is retained. This is used solely to prevent the removed individual from re-joining the club. The hash cannot be reversed to recover the original email address.

Operational and Security Logs

We retain operational and security logs in Google Cloud Logging — including server-side request logs, Cloud Function execution logs, and Cloud Audit Log entries — for up to 90 days for service operation, security monitoring, fraud prevention, and dispute resolution. After this period, these logs are automatically deleted. Log entries may include your account ID, device type and operating system version, IP address, and the timestamps of actions you took in the app.

Where required by law or by our legitimate interest in defending against legal claims, individual audit records (for example, administrator actions, account deletions, role changes) may be preserved for longer than 90 days. Push and email delivery event records (covered in the "Delete Account" section above) are not automatically purged when you delete your account; they remain until you submit a manual removal request to privacy@clubb.ie.

This processing is based on our legitimate interest under GDPR Article 6(1)(f) (Recital 49 — network and information security).

10. Your Rights

Under GDPR Articles 15–22, you have the following rights regarding your personal data:

  • Right of Access (Art. 15) — You can download your personal data as a JSON file directly from the app (Profile → Settings → Download My Data).
  • Right to Rectification (Art. 16) — You can edit your profile information at any time through the app. For data you cannot edit directly, contact us.
  • Right to Erasure (Art. 17) — You can delete your account and all associated personal data from within the app (Profile → Settings → Delete Account).
  • Right to Data Portability (Art. 20) — Your data export is provided in JSON format, a structured, commonly used, and machine-readable format.
  • Right to Restrict Processing (Art. 18) — Contact privacy@clubb.ie to request restriction of processing in applicable circumstances.
  • Right to Object (Art. 21) — Contact privacy@clubb.ie to object to processing based on legitimate interest.
  • Right to Withdraw Consent (Art. 7(3)) — You can withdraw consent for analytics processing via the analytics toggle in your Profile settings, and manage email preferences in your notification settings. Withdrawal does not affect prior processing.
  • Right to Lodge a Complaint — You have the right to lodge a complaint with the Irish Data Protection Commission:
    Website: www.dataprotection.ie
    Phone: +353 (0)1 765 0100 / 1800 437 737

We will respond to all data rights requests within 30 days, as required by the GDPR.

11. Cookies & Local Storage

We use browser localStorage and IndexedDB for authentication session persistence only. These are necessary for the platform to function and keep you signed in.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No data is shared with advertising networks or data brokers.

12. Children

Clubbie is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. Users must confirm that they are at least 16 years old at sign-up.

If we become aware that we have collected data from a person under 16 without appropriate consent, we will delete that data promptly. If you believe a child under 16 has created an account, please contact privacy@clubb.ie.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Send an in-app notification to all active users
  • Send an email notification to your registered email address
  • Update the version number and date at the bottom of this page

We encourage you to review this policy periodically. Continued use of Clubbie after changes have been notified constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions, data access requests, or concerns about how your data is handled:

Travis George trading as Clubbie
Email: privacy@clubb.ie
Website: clubb.ie

Version 2.3 — Last updated: June 2026

← Back to Clubbie