Privacy policy

Who we are

Peak Play Academy(the “Academy”, “we”, “us”) operates this app to manage member bookings and payments. Contact us at ydu018@gmail.com. We are based in Australia.

Information we collect

• Account info: name, email, phone, password (hashed), date of birth (optional), address (optional).
• Health info you choose to provide:medical conditions and notes you add for the coach's safety. We treat this as sensitive data.
• Payments:Stripe processes card payments. We store a Stripe customer reference, a redacted card descriptor (e.g. “Visa ending 4242”), and invoice records. We do NOT store full card numbers.
• Usage: bookings, attendance, wallet ledger, audit log entries.
• Technical: session cookies, an anonymous request id per HTTP request, error logs (with PII redacted).

What we do with it

• Run your bookings, payments, and family management.
• Safety: medical-condition notes you provide are visible to academy administrators, who brief coaches as needed. Coaches see roster-level details only (name and skill level), not medical notes, addresses, or dates of birth.
• Improve the service: aggregate, non-identifying analytics.
• Comply with Australian tax and accounting law (we keep invoice records for 7 years).

Who we share it with

• Stripe — payment processing (PCI-DSS certified).
• Supabase — database hosting (data resides in the AWS Sydney region).
• Vercel — web hosting and CDN.

We do not sell or rent your data. We share with law enforcement only when legally required.

Your rights

You can, at any time:

• Access and download your data from Profile → Your data → Download my data.
• Correct your details from Profile → Account.
• Delete your account from Profile → Your data → Delete my account. We anonymise your name, email, phone, DOB, address, and medical notes; payment and booking records are kept for tax compliance.
• Lodge a complaint with the Office of the Australian Information Commissioner.

Cookies

We use a single session cookie (Supabase Auth) so you stay signed in across page loads. No third-party tracking cookies.

Retention

• Audit log: 12 months, then pruned automatically.
• Bookings + payments: 7 years (Australian tax law).
• After account deletion: anonymised PII immediately; referential records as above.

Children

Parents (or guardians) create child accounts under their family. Children don't have their own login. We don't knowingly collect data from a child directly. If you believe we have, contact us and we will remove it.

Changes

We will notify users by email at the address on file before any material change to this policy.