Privacy Policy

1. Introduction

Step on Court ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, applications, and services (collectively, the "Service").

This policy is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are (The Data Controller)

For the purpose of the UK GDPR, the data controller is:

We are registered with the Information Commissioner's Office (ICO) if required by law.

3. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: Includes first name, last name, and nickname.
• Contact Data: Includes email address.
• Profile Data: Includes your password (encrypted), biography, avatar URL, ELO rating, rank, match history, and availability slots.
• Technical Data: Includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, and other technology on the devices you use to access this Service.
• Usage Data: Includes information about how you use our Service, such as the features you use and the time you spend on the platform.

4. How We Collect Your Data

• Direct Interactions: You give us your Identity, Contact, and Profile Data by filling in forms or by corresponding with us. This includes data you provide when you create an account or update your profile.
• Automated Technologies: As you interact with our Service, we automatically collect Technical and Usage Data. We collect this data by using cookies and other similar technologies.
• Third Parties: We may receive personal data about you from third parties, such as when another user invites you to a group or a match.

5. How We Use Your Personal Data & Legal Basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To Perform a Contract: To register you as a user and to provide the core functionalities of the Service, such as managing your profile, groups, matches, availability, and calculating your ELO rating.
• For Our Legitimate Interests: To improve our Service, keep our platform secure, and for analytics to understand how our Service is used. We make sure we consider and balance any potential impact on you and your rights before we process your data for our legitimate interests.
• With Your Consent: For non-essential cookies. You have the right to withdraw consent at any time.

6. Disclosures of Your Personal Data

We may share your personal data with the parties set out below:

• Other Users: Your name, nickname, rank, points, and match history are visible to other members of your group(s).
• Service Providers: We use third-party service providers to help us operate our Service, including:
  • Supabase Inc., which provides our database, authentication, and backend infrastructure. Their services are based globally.
• Analytics Providers:
  • Google Analytics, to help us understand how our Service is used.
• Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Legal Authorities: If required by law or to protect our rights.

7. International Transfers

Some of our external third parties (like Supabase and Google) are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are in place, such as using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those employees and third parties who have a business need to know.

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Generally, we will retain your data for as long as you have an active account with us. If you delete your account, your personal data will be deleted or anonymized in accordance with our data retention schedule.

10. Your Legal Rights

Under data protection law, you have rights including:

• Right of access: To request a copy of the personal data we hold about you.
• Right to rectification: To request correction of inaccurate personal data.
• Right to erasure: To request that we delete your personal data.
• Right to restrict processing: To request that we suspend the processing of your personal data.
• Right to data portability: To request the transfer of your personal data to you or a third party.
• Right to object: To object to our processing of your personal data.

To exercise any of these rights, please contact us at [email protected].

11. Cookies

Our website uses cookies to distinguish you from other users. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer.

We use the following cookies:

• Strictly Necessary Cookies: These are required for the operation of our Service, such as the cookies used by Supabase for authentication (sb-*-auth-token).
• Analytical/Performance Cookies: We use Google Analytics (_ga, _gid) to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our Service works. We will only place these cookies with your consent.

You can block cookies by activating the setting on your browser that allows you to refuse all or some cookies. However, if you block all cookies (including essential cookies), you may not be able to access all or parts of our site.

12. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].

You also have the right to complain to the ICO if you are unhappy with how we have used your data.

13. Changes to this Privacy Policy

We keep our privacy policy under regular review. Any changes will be posted on this page, and, where appropriate, you may be notified by email.