Privacy Policy

Last updated: 7 June 2026

Who we are

TrustPadel is a service operated by BuiltByGo Limited(“BBG”, “we”), registered in England & Wales. We are the data controller for the personal data described in this notice. Contact: [email protected].

The data we hold about you

• Account & profile. Email, display name, handle, optional bio + avatar, date of birth (for age verification), country.
• Activity. Matches you log, scores you submit, MVP / vibe / safety reports you file, venues you favourite, follows, credits earned.
• Identity attributes (optional). Sport-specific tags (e.g. preferred discipline, level). Special-category tags (Art 9 — health, accessibility, identity) sit in a separate protected store and are NEVER aggregated, sold, or shown publicly unless you explicitly opt in per tag.
• Technical. IP-derived city, browser type, device, request logs. Raw IP is hashed at the edge before reaching our logging stack.
• Communications. Emails we send + your bounce / open status (used to keep our sending domain reputable).

Legal bases

We rely on:

• Contract (UK GDPR Art 6(1)(b)) — to provide the service you signed up for.
• Consent (Art 6(1)(a) + 9(2)(a)) — for analytics, performance monitoring, marketing, and any special-category tags. You can withdraw consent at any time via /cookies or your account settings.
• Legitimate interest (Art 6(1)(f)) — for security, fraud prevention, and integrity-of-rating monitoring. We balance this against your rights and you can object.
• Legal obligation (Art 6(1)(c)) — for accounting, safeguarding (where a junior is involved), and law-enforcement requests.

Minors

We treat you as a minor by default if your date of birth indicates you are under the adult age for your country (18 in the UK, sometimes higher elsewhere — country defaults in the table at /legal/adult-ages). Minor accounts are private by default: never appear in public ratings, never get a public handle, never feature in any commercial feed, and never receive marketing messages. Coaching / club relationships involving minors require guardian consent and (for coaches) DBS verification.

Where your data lives

Application data lives in Supabase (Postgres) hosted in EU regions. Auth + sessions go through Supabase Auth. Marketing emails are sent via Resend (EU). Optional analytics + performance signals — only if you consent — go to PostHog (EU) and Sentry (EU). Operational logs (with IPs hashed) flow through Cloudflare and our Grafana LGTM stack. We do not transfer your personal data outside the UK / EEA without an adequacy decision or appropriate safeguards in place.

What we never sell

The following data is never sold, ever:

• Date of birth, precise location, contact details.
• Any safety signal, special-category tag, or identity classification.
• Any data about a minor.
• Any data tied to a non-consenting adult.

Aggregate, anonymised rating + result data may be licensed to commercial partners under our Data Buyer Licence — only for accounts that have opted into the “commercial” feed via Trust+ and have cleared our integrity thresholds.

Cookies + trackers

We split cookies into four categories — necessary, analytics,performance (RUM), and marketing. Necessary cookies (auth, CSRF, language preference) are always on; the other three are opt-in via the banner shown on your first visit. You can change your choices at any time at /cookies.

Your rights

Under UK GDPR you have the right to:

• Access your data — self-serve JSON export at /api/account/export.
• Rectify any inaccuracy via your account settings or by emailing us.
• Erase your account — self-serve at /account/delete; 7-day grace window with a cancel link.
• Restrict processing or object to legitimate-interest processing — contact us.
• Port your data — the export endpoint above is machine-readable JSON.
• Withdraw consent at any time. Withdrawal does not affect lawfulness of processing before withdrawal.
• Complain to the ICO (ico.org.uk). We'd appreciate the chance to address concerns first via [email protected].

Retention

Account + profile data: kept while your account is active + 30 days after deletion request (during the grace window). Match results: aggregate participant records are retained for the integrity of other participants' ratings even after one party deletes, with that party's identifiers stripped. Audit logs: 1 year. Email logs: 90 days.

Changes to this notice

We'll post any material changes to this page and notify active users by email if the change affects how we handle data they've given us.