Privacy Policy

CourtGo ("we", "us", "our") operates the CourtGo platform and the website at www.courtgo.com. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over your information. It applies to all users of the CourtGo platform — facility operators, club members, and website visitors.

1. Data We Collect

We collect personal data in the following ways:

• Account registration — name, email address, and password (stored as a salted hash).
• Facility operator data — organisation name, contact details, and payment provider credentials needed to enable Stripe or Viva Wallet payouts.
• Booking data — court, date/time, slot type, participants, and payment status.
• Payment data — transactions are processed by Stripe or Viva Wallet. We do not store raw card numbers; only tokenised references and transaction IDs are retained.
• Digital membership cards — member name, membership type, expiry date, and a unique member identifier encoded in the Wallet pass QR code.
• Match scores and rankings — results submitted by users and the resulting Glicko-based rating values.
• Usage and technical data — IP address, browser type, and pages visited, collected automatically via server logs for security and performance purposes.

2. How We Use Your Data

We use your personal data to:

• Provide and maintain the CourtGo service.
• Process bookings and payments, including sending receipts and cancellation notices by email.
• Issue and update Apple Wallet and Google Wallet membership passes.
• Display leaderboards and calculate match rankings.
• Send transactional emails (booking confirmations, membership renewals, payment receipts, score notifications). We do not send marketing email without explicit consent.
• Detect and prevent fraud and security incidents.
• Comply with legal obligations.

3. Legal Basis for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases:

• Contract performance — processing necessary to fulfil bookings, memberships, and payments.
• Legitimate interests — security monitoring, service improvement, and fraud prevention.
• Legal obligation — retaining financial records as required by applicable law.
• Consent — where we ask for optional data or send optional communications.

4. Data Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal and accounting obligations (typically 7 years for financial records). You may request deletion of your account and associated data at any time; see Section 7.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe / Viva Wallet — to process payments. Each provider's own privacy policy governs data they receive.
• Apple / Google — Wallet pass libraries receive the pass payload (name, member ID, expiry) to generate and update passes in your device wallet.
• Cloud infrastructure providers — servers that host the CourtGo application (acting as data processors under a Data Processing Agreement).
• Facility operators — the operator of your club can view your booking history, membership status, and match results within their CourtGo dashboard. They act as a separate data controller for their club's data.
• Legal authorities — where required by law or to protect rights and safety.

6. Cookies

The CourtGo application uses a session cookie for authentication and a CSRF token cookie for security. This website (www.courtgo.com) does not set any tracking or advertising cookies.

7. Your Rights

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Data Security

We use industry-standard measures to protect your data, including TLS encryption in transit, hashed passwords, CSRF protection, and role-based access controls. No system is completely secure; please use a strong, unique password and contact us immediately if you suspect unauthorised access.

9. International Transfers

If your data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children

CourtGo is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

12. Contact

Questions about this Privacy Policy? Contact us at [email protected] or write to us at the address on file with your local company registry.