Privacy Policy

Last updated: 2026-05-17 · Version 2026-05-17.

This document is provided as a baseline. Have a qualified attorney review before public launch, especially for jurisdictions covered by GDPR, CCPA, PIPEDA, or similar comprehensive privacy regimes.

1. Who We Are

Court Central (Pickleball, booked.) is operated by an independent operator. Questions about this policy or to exercise your rights: contact form . A current list of every third party that processes data on our behalf is published at /legal/subprocessors.

2. Data We Collect

Each section below lists what we collect, why, how long we keep it, and who it is shared with. The full subprocessor list is at /legal/subprocessors.

2.1 Email address

Why Magic-link sign-in, account identity, transactional notifications (booking confirmations, failures, billing receipts).

Retention For the lifetime of your account; wiped within 30 days of account deletion.

Shared with Our payment processor (when you start a paid subscription), our email-delivery provider (sending magic links and receipts), and our hosting provider (database storage). See /legal/subprocessors for the current list.

2.2 IP address & user-agent

Why Rate limiting, abuse detection, account-takeover monitoring, and IP-based geolocation lookups used to flag sign-ins from unfamiliar countries.

Retention Login-attempt rows are pruned after 30 days; long-lived session rows last as long as the session itself.

Shared with A geolocation service (for country-level lookups only — the IP is sent server-side, not from your browser), our hosting provider (logs), and our edge/DDoS provider where one is in use. See /legal/subprocessors for the current list.

2.3 Credentials for booking platforms you connect

Why So we can submit reservations to third-party booking providers on your behalf.

Retention Held while your account is active; immediately wiped on account deletion or when you remove a connection. Stored encrypted at rest with industry-standard authenticated encryption, using a key that is only available while you are actively signed in — operators cannot decrypt them while you are signed out.

Shared with Only the booking platform you authenticated against. Decryption happens in-memory at booking time; the encrypted data never leaves our database.

2.4 Booking history & cost records

Why Dashboard display, dispute resolution, audit trail of automation activity.

Retention Retained for 24 months after account deletion for dispute and chargeback purposes, then permanently deleted.

Shared with Our payment processor (line items attached to invoices, where applicable). Not shared with any third-party analytics provider.

2.5 Calendar provider OAuth tokens (optional)

Why One-way calendar sync — pushing confirmed bookings into a calendar service you connect. Used only when you explicitly opt in via the Connections wizard.

Retention While the integration is enabled. Revoked from our side and from the calendar provider when you disconnect or delete your account.

Shared with Only the calendar provider you connected (used to push events on your behalf). Tokens are never shared with any other third party and are stored encrypted alongside your booking-platform credentials.

2.6 Billing data (subscriptions)

Why Process subscription payments, issue receipts, manage refunds. Your card number itself never reaches our servers — our payment processor tokenises it in its own checkout flow on its own domain.

Retention Customer and subscription identifiers, plan tier, and event timestamps are retained for the lifetime of the account plus seven years for tax and accounting compliance. Card details are retained by the payment processor per its policy, never by us.

Shared with Our payment processor. See /legal/subprocessors for the current name and region.

2.7 Notification settings (push preferences)

Why Deliver booking-success and failure alerts via the push-notification service you opted into.

Retention While the integration is enabled; deleted on account deletion.

Shared with The push-notification service (notification payload + auto-generated topic ID). See /legal/subprocessors for the current name and region.

2.8 Device fingerprint & session metadata

Why Account-takeover detection and shared-device monitoring. The fingerprint is computed in your browser by an open-source first-party device-fingerprinting library that runs entirely in your browser; no third-party request is made.

Retention Attached to each session row; pruned with the session.

Shared with Nobody — purely internal security signal.

3. Data We Do Not Collect

We do not store passwords. Authentication is magic-link only.
We do not run third-party advertising trackers, marketing analytics, or behavioural profiling tools.
We do not sell or share personal data with marketers.

4. Authentication & Access Controls

Sign-in uses secure, time-limited magic-link tokens delivered to your email; we do not store passwords. Tokens are stored only as a one-way cryptographic hash and become unusable after a short expiry window. Your data is accessible only to you while you are signed in. Operator access to user data is restricted on a least-privilege basis, requires a documented business reason, and is logged to an internal audit trail.

5. Cookies & Sessions

We set a single first-party session cookie. It is marked to prevent JavaScript access and cross-site use, and is transmitted only over HTTPS in production. The cookie holds only your session ID; the key used to decrypt your data is only available while you are actively signed in and is wiped on logout.

6. Subprocessors

Every third party that processes data on our behalf is listed at /legal/subprocessors, including the categories of data they receive and the region in which the data is processed. We update that page when subprocessors change.

7. Your Rights

You may request:

An export of your data.
Deletion of your account and all associated data.
Correction of inaccurate data.
Restriction of, or objection to, processing where applicable.

Email contact form from your account address. Residents of the EU/UK (GDPR), Canada (PIPEDA), or California (CCPA/CPRA) have additional statutory rights — please mention the regime in your request and we will respond within the applicable statutory window.

8. Security

All traffic to the Service is encrypted in transit using TLS (HTTPS). Stored personal data — including credentials for any booking platforms you connect and OAuth tokens for any calendar service you connect — is encrypted at rest with industry-standard authenticated encryption, using a per-user key that is only available while you are actively signed in. Magic-link tokens are stored only as a one-way cryptographic hash. Cookies are transmitted only over HTTPS in production. No security control is perfect; please notify contact form of any vulnerability you find — see also our public SECURITY.md.

9. Breach Notification

If we become aware of a personal-data breach that affects your account, we will notify you by email without undue delay and in accordance with applicable law (including, where relevant, GDPR Article 34, PIPEDA's mandatory breach-reporting requirements, and state-level breach-notification statutes such as those in California). Notifications will describe, to the extent known, the nature of the breach, the categories of data involved, the steps we are taking to address it, and actions you can take to protect yourself. Where required by law we will also notify the relevant supervisory authority.

10. Children

The Service is not directed at children under 13 and we do not knowingly collect their data. Per our Terms of Service, you must be at least 18 years old to create an account.

11. Changes

Material changes will be announced by email and will bump the version string at the top of this page. The next time you take a privileged action (such as enabling automation) you will be re-prompted to acknowledge the new version.