Privacy Policy

Last updated: 25 May 2026 · Effective: 25 May 2026

DinkPass ("we", "us", "our") provides a pickleball court booking platform via the DinkPass mobile app and the admin.dinkpass.app web dashboard (together, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.

Contents

What we collect
How we use it
Who we share it with
How long we keep it
Your rights
Children
Security
Changes to this policy
Contact

1 · What we collect

Information you give us

Account: email address (required for sign-in); display name, phone number, and avatar image (optional).
Skill level (DUPR): optional self-reported rating.
Booking details: the court, time, club, and price of each booking you make.
Event signups: the events you register for and your signup time.
Guest contacts (admins only): when a club admin records a walk-in booking, they enter the player's name and phone. That player does not need to have a DinkPass account.

Information we collect automatically

Approximate location: only when you grant the "While in use" permission, and only to show clubs near you. We do not store your location server-side; it is sent with each query and discarded.
Device + diagnostic data: app version, OS version, and crash reports for stability. No advertising identifiers.
Cookies and session tokens: the admin web dashboard sets a session cookie issued by Supabase for authentication, and a dp_active_club cookie for multi-club admins. No third-party advertising cookies.

What we do NOT collect

No payment card details. Payments are settled off-platform — typically at the club desk or via bank transfer — and we never see card numbers.
No social-media tracking pixels.
No precise GPS coordinates stored at rest.
No biometric data.

2 · How we use it

We use the information above to:

Operate the Service — let you sign in, browse clubs, book courts, and register for events.
Send transactional emails — booking confirmations, payment receipts, magic-link sign-in.
Show club admins the bookings + events at their club, so they can run their business.
Diagnose crashes and improve reliability.

We do not use your information for advertising, profile-building, or sale to third parties.

We share personal information only with the service providers that operate parts of our infrastructure:

Supabase (database + auth) — hosts user accounts, bookings, and event signups. Regional storage in Singapore.
Cloudflare (hosting + CDN) — serves the admin web dashboard and marketing site.
Resend (transactional email) — delivers booking confirmations and sign-in links.
Apple / Google — distributing the mobile app via App Store and Google Play; standard platform telemetry applies.

Club admins of a club you book at can see your display name, email, and phone — this is required to honor the booking and reach you if there is a court issue. Other players cannot see your email or phone; only your display name appears in public event rosters.

We may disclose information if required by Vietnamese law, court order, or to protect our rights or safety.

4 · How long we keep it

Account data: as long as your account is active. Delete your account → we delete within 30 days.
Bookings + signups: retained for 3 years for clubs' accounting purposes, then deleted.
Diagnostic data: rolling 30 days.

5 · Your rights

Under Vietnamese personal data laws (and GDPR if you reside in the EEA), you have the right to:

Access the personal information we hold about you;
Correct any inaccurate information (you can edit most of it yourself in the Tài khoản tab);
Delete your account and all associated data;
Export your bookings and event signups in a portable format.

To exercise any of these rights, email [email protected]. We respond within 14 days.

6 · Children

DinkPass is not intended for use by anyone under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

7 · Security

All data is transmitted over TLS. Database access is gated by row-level security policies that restrict each user to their own data (players) or their own club's data (admins). Production secrets are stored in Cloudflare environment variables, never in source control.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of confirmation.

8 · Changes to this policy

We may update this policy as the Service evolves. When we make material changes, we will notify active users by email at least 14 days before the new policy takes effect. The current version always lives at dinkpass.app/privacy.html.

9 · Contact

Questions or requests about this policy: [email protected].

DinkPass · Da Nang, Vietnam · operated by the DinkPass team.