Privacy Policy

Last Updated: October 26, 2025

1. Introduction

Welcome to CourtFlow. This Privacy Policy explains how CourtFlow ("we", "us", "our") collects, uses, and protects personal information when tennis clubs and coaches use our coaching management platform.

CourtFlow is a B2B (business-to-business) software platform operated from the United Kingdom. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

            Important: CourtFlow provides software tools to tennis clubs and coaches. The clubs and coaches who use our platform are responsible for ensuring they have appropriate consent from parents/guardians before entering any personal data into our system. Each club is the data controller for their members' data.
        

2. Our Role as Data Processor

CourtFlow acts as a data processor on behalf of tennis clubs and coaches (the data controllers). This means:

Tennis clubs and coaches decide what data to collect and why
Clubs and coaches are responsible for obtaining consent from parents/guardians
CourtFlow provides secure technology to store and manage that data
We only process data according to the club's instructions
Each club can only access their own data (data isolation)

3. Information We Process

3.1 Coach and Club Account Information

When coaches register for CourtFlow, we collect:

Name and email address
Password (encrypted and stored securely via AWS Cognito)
Club affiliation and coaching credentials

3.2 Player Data (Entered by Coaches)

Coaches upload and manage data about their programme participants, which may include:

Player name and date of birth
Programme enrollment information
Attendance records (registers)
Coaching assessments and progress reports
Photos (with appropriate consent obtained by the club)

            Children's Data: CourtFlow may process personal data about children under 16 (including under 13). However, it is the responsibility of the tennis club or coach to ensure they have obtained proper consent from parents or guardians before entering any child's data into CourtFlow. Clubs must have their own privacy policies and consent procedures in place.
        

3.3 Technical Information

We automatically collect technical data to operate our service:

Device information (device type, operating system)
App usage data and error logs
IP addresses (for security purposes)

4. How We Use Information

4.1 Providing the Platform

Enabling coaches to create and manage coaching programmes
Storing attendance registers and progress reports
Facilitating communication between coaches and their club administrators
Generating reports and analytics for coaching purposes

4.2 Account Management

Authenticating coach and club administrator accounts
Sending account-related notifications (password resets, updates)
Providing customer support

4.3 Service Improvement

Improving platform functionality and user experience
Detecting and fixing technical issues
Ensuring security and preventing fraud

5. Club Responsibilities as Data Controllers

Tennis clubs and coaches using CourtFlow are data controllers and must:

Obtain proper consent: Get consent from parents/guardians before entering children's data
Have their own privacy policy: Inform parents about data collection and processing
Comply with GDPR: Follow UK GDPR requirements for their members' data
Ensure data accuracy: Keep player information up to date
Respond to data requests: Handle requests from parents regarding their children's data
Only upload authorized data: Ensure they have permission to process all data entered into CourtFlow

6. Data Security and Storage

6.1 Where We Store Data

Data is stored securely using Amazon Web Services (AWS):

AWS Cognito: Secure authentication and user management
PostgreSQL Database: Encrypted storage for programme and player data
AWS S3: Secure storage for photos and documents

6.2 Security Measures

Encryption of data in transit (HTTPS/TLS)
Encryption of data at rest
Secure password hashing and authentication
Role-based access controls
Data isolation (clubs can only access their own data)
Regular security assessments
Biometric authentication options (Face ID/Touch ID)

6.3 Data Isolation

Each club's data is isolated and can only be accessed by:

Coaches and administrators from that specific club
CourtFlow system administrators (only for technical support and security purposes)

6.4 Data Retention

Data is retained according to each club's requirements:

Active data remains while clubs use our service
When a club cancels their account, data can be deleted or exported
Backup copies are retained for up to 30 days for recovery purposes
We comply with any legal retention requirements

7. Data Sharing and Sub-Processors

We do not sell or share data with third parties for marketing purposes. We only share data with:

7.1 Sub-Processors (Service Providers)

Amazon Web Services (AWS): Cloud infrastructure and data storage
AWS SES: Transactional email delivery

All sub-processors are contractually required to protect data in accordance with UK GDPR.

7.2 Legal Requirements

We may disclose data if required by law to:

Comply with legal obligations or court orders
Protect the safety and welfare of children
Enforce our terms of service

8. Your Rights (Coaches and Club Administrators)

As a coach or club administrator using CourtFlow, you have rights regarding your account data:

8.1 Access and Portability

You can request a copy of your account data and export player data you've entered.

8.2 Correction

You can update and correct data directly through the platform.

8.3 Deletion

You can request deletion of your account and associated data.

8.4 For Player Data Requests

If parents/guardians contact CourtFlow directly about their child's data, we will refer them to the appropriate club, as the club is the data controller. Clubs are responsible for handling data subject requests from their members.

9. Cookies and Tracking

Our mobile app does not use cookies. Our web platform uses only essential cookies for:

Authentication and session management
Security and fraud prevention

We do not use advertising or tracking cookies.

10. International Data Transfers

Data is primarily stored in AWS data centers. When data is transferred outside the UK/EEA, we ensure appropriate safeguards through:

AWS's Standard Contractual Clauses
AWS's security certifications and compliance programs

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated via:

Email notification to registered coaches
In-app notifications
Updated "Last Updated" date at the top of this policy

12. Contact Us

If you have questions about this Privacy Policy or data processing:

Email: ottosterner1@gmail.com
App: CourtFlow
Location: London, United Kingdom

13. Supervisory Authority

If you have concerns about how we handle data, you can contact the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: https://ico.org.uk
Helpline: 0303 123 1113

For Parents/Guardians: If you have questions about how your child's data is being used, please contact your tennis club directly. Your club is responsible for managing consent and data protection for programme participants.