Clubbie — clubb.ie
The data controller for data processed through the Clubbie platform is:
Travis George trading as Clubbie, Ireland.
Contact: privacy@clubb.ie
When you use Clubbie, we collect the following categories of personal data:
When (and only when) you opt in via the "Help Improve Clubbie" toggle in your Profile, the app sends diagnostics and usage analytics to Firebase Crashlytics, Firebase Performance Monitoring and Google Analytics for Firebase:
These reports are not linked to your name or Clubbie account; usage analytics is pseudonymous (a per-install identifier, not your identity). You can disable diagnostic and usage data collection at any time via your Profile settings. See Section 5 for the processors involved.
We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
Processing necessary to provide the Clubbie service to you, including: account creation and management, session bookings, payment tracking, club membership management, and communications directly related to your use of the platform.
Processing necessary for our legitimate interests (or those of the club), including: club administration and session management, sending relevant notifications about sessions and bookings, sending occasional service and product updates about Clubbie from us as the developer (not third-party marketing), which you can opt out of at any time (see Your Rights), maintaining platform security, preventing abuse, and improving the service. We balance these interests against your rights and freedoms.
Where you have given explicit consent. A single in-app toggle ("Help Improve Clubbie", in your Profile settings) governs four consent-gated activities:
You may withdraw consent at any time via your Profile settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
| Data Category | Purpose |
|---|---|
| Account data | Authentication, account identification, age verification |
| Profile data | Displaying your profile to other club members, session balancing, skill-appropriate pairings |
| Club membership data | Managing your membership, role-based access controls, approval workflows |
| Booking data | Processing session bookings, managing waitlists, payment reconciliation |
| Session and game data | Recording match results, displaying history, skill progression tracking (if opted in) |
| Social data | Displaying comments and reactions to club members, photo galleries |
| Communication data | Responding to feedback, diagnosing and resolving bugs |
| Notification data | Delivering push notifications and emails about sessions, bookings, club updates, and occasional Clubbie service and product updates (opt-out available) |
| Analytics preference | Respecting your choice on analytics processing |
| Invite data | Managing club invitations and tracking invite usage |
We use the following third-party services to operate Clubbie. Each processes only the data necessary for their function:
| Processor | Service | Location | Data Processed |
|---|---|---|---|
| Google Firebase | Firestore database, Authentication, Cloud Storage | EU (europe-west1) | All account and application data |
| Resend | Transactional and service-update email delivery | US | Email address, name, role, country |
| Vercel | Web application hosting | Global CDN | Web traffic, IP address (not stored) |
| Expo / EAS | Push notification delivery | US | Push notification tokens, notification content |
| Apple (APNs) | Push notifications to iOS devices | US | Push tokens, notification payloads |
| Google (FCM) | Push notifications to Android and web | US | Push tokens, notification payloads |
| Google Ireland Limited (Firebase Crashlytics) | Crash reporting (native app only) | US (sub-processor; data-receiving entity: Google Ireland Limited, IE) | Device identifier, OS version, app version, stack traces, custom keys — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR). |
| Google Ireland Limited (Firebase Performance Monitoring) | App performance metrics (native app only) | US (sub-processor; data-receiving entity: Google Ireland Limited, IE) | App start time, screen render times, network request latency, custom traces — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR). |
| Google Ireland Limited (Google Analytics for Firebase) | Usage analytics (native app only) | US (sub-processor; data-receiving entity: Google Ireland Limited, IE) | Pseudonymous app-instance identifier, screen views, session counts, app/OS version — only when you have enabled data sharing in your profile settings. Legal basis: explicit consent (Art. 6(1)(a) GDPR). |
Your primary data is stored in Google Firebase within the EU (europe-west1 region). However, some third-party processors are based in the United States (Resend, Expo/EAS, Apple, and Google's push notification services).
These transfers are protected by appropriate safeguards including:
We ensure that all international transfers of personal data comply with Chapter V of the GDPR.
Club organisers (admins) and coaches have elevated access within their club as part of managing club operations. They can view:
This access is necessary for session planning, skill-appropriate pairings, and club administration. You have the right to request access to any coach or organiser notes held about you — see Section 10: Your Rights.
Your data is stored in Google Cloud Firestore and Google Cloud Storage, both located in the EU (europe-west1 region, Belgium). We implement the following security measures:
Your personal data is retained for as long as your account remains active on the platform.
If you leave a club, your membership data is preserved for 30 days so you can rejoin without losing your history. After 30 days, club-specific data may be deleted by a club administrator.
When you delete your account, the following occurs immediately:
Two categories of operational records are not automatically removed by the in-app delete flow today and so may persist after account deletion until they are removed by another mechanism: (1) push and email delivery event logs — retained for diagnosing notification problems and reconciling email-service usage — which are not deleted by the account-deletion cascade and persist until you request manual removal; and (2) operational and security logs stored in Google Cloud Logging, which roll off automatically under the 90-day retention window described below, with the limited exceptions noted there (some audit records may be preserved longer where required by law). To request manual removal of the delivery event records during or after account deletion, contact privacy@clubb.ie. We plan to add automatic cleanup of these records to the in-app delete flow in a future privacy enhancement.
When a member is removed from a club by an administrator, a one-way cryptographic hash of their email address is retained. This is used solely to prevent the removed individual from re-joining the club. The hash cannot be reversed to recover the original email address.
We retain operational and security logs in Google Cloud Logging — including server-side request logs, Cloud Function execution logs, and Cloud Audit Log entries — for up to 90 days for service operation, security monitoring, fraud prevention, and dispute resolution. After this period, these logs are automatically deleted. Log entries may include your account ID, device type and operating system version, IP address, and the timestamps of actions you took in the app.
Where required by law or by our legitimate interest in defending against legal claims, individual audit records (for example, administrator actions, account deletions, role changes) may be preserved for longer than 90 days. Push and email delivery event records (covered in the "Delete Account" section above) are not automatically purged when you delete your account; they remain until you submit a manual removal request to privacy@clubb.ie.
This processing is based on our legitimate interest under GDPR Article 6(1)(f) (Recital 49 — network and information security).
Under GDPR Articles 15–22, you have the following rights regarding your personal data:
We will respond to all data rights requests within 30 days, as required by the GDPR.
We use browser localStorage and IndexedDB for authentication session persistence only. These are necessary for the platform to function and keep you signed in.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No data is shared with advertising networks or data brokers.
Clubbie is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. Users must confirm that they are at least 16 years old at sign-up.
If we become aware that we have collected data from a person under 16 without appropriate consent, we will delete that data promptly. If you believe a child under 16 has created an account, please contact privacy@clubb.ie.
We may update this Privacy Policy from time to time. When we make material changes, we will:
We encourage you to review this policy periodically. Continued use of Clubbie after changes have been notified constitutes acceptance of the updated policy.
For any privacy-related questions, data access requests, or concerns about how your data is handled:
Travis George trading as Clubbie
Email: privacy@clubb.ie
Website: clubb.ie
Version 2.3 — Last updated: June 2026
← Back to Clubbie