Home Privacy Policy Terms of Service Support

Privacy Policy

How TennisCY collects, uses, and protects your information.

Last updated: May 2026

Short version: We collect only what we need to operate the app. We do not sell your data. You have full rights over your data under GDPR and can request deletion at any time. This policy complies with EU Regulation 2016/679 (GDPR) as applied in the Republic of Cyprus.

1. Data Controller

The data controller responsible for your personal data is TennisCY, operated as an independent mobile application service based in Cyprus. For all data-related enquiries, contact us at: [email protected].

2. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • The TennisCY iOS mobile application.
  • The TennisCY website at tenniscy.app.
  • Any email correspondence with us.

This policy does not apply to third-party websites or services linked from our platform. We encourage you to review the privacy policies of any third-party services you access.

3. Information We Collect

We collect the following categories of personal data:

  • Account and profile data — your display name, email address, skill level, preferred playing times, and general location (city or region within Cyprus).
  • Authentication data — a securely hashed password if you register by email, or OAuth tokens if you sign in via Apple or Google. We never store your plaintext password.
  • Match and activity data — self-reported match scores and results that you choose to log in the app.
  • Profile image — a photograph you voluntarily upload to your profile. This is entirely optional.
  • Device and technical data — device type and operating system version, used solely for debugging and compatibility purposes.
  • Communications data — the content of any emails or support requests you send to us.

We do not collect sensitive personal data (as defined under GDPR Article 9), such as health data, biometric data, racial or ethnic origin, or financial data. We do not collect your precise GPS location.

4. Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so under GDPR Article 6. The applicable legal bases are:

  • Performance of a contract (Article 6(1)(b)) — processing your account data, profile, match history, and credentials is necessary to provide the Service you have registered for.
  • Legitimate interests (Article 6(1)(f)) — processing device data and usage information to maintain, secure, and improve the Service, where such interests are not overridden by your rights and interests.
  • Consent (Article 6(1)(a)) — where you have given explicit consent, such as enabling push notifications or accepting analytics cookies on this website. You may withdraw consent at any time by adjusting your device settings (notifications), or by clearing your browser cookies and declining when the consent banner reappears (analytics).
  • Legal obligation (Article 6(1)(c)) — where we are required to process or disclose data to comply with applicable law.

5. How We Use Your Information

Your personal data is used exclusively to:

  • Create, maintain, and manage your player account and profile.
  • Enable other registered users to find and contact you for matches.
  • Display court information and player listings on the in-app map.
  • Calculate and display your community ranking on the leaderboard.
  • Send push notifications about match requests, where you have enabled them.
  • Diagnose technical issues and improve the performance and stability of the Service.
  • Respond to your support requests and correspondence.
  • Comply with legal obligations or enforce our Terms of Service.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

6. Cookies and Local Storage

The TennisCY website uses cookies in one category only. We do not use advertising, social media tracking, or third-party profiling cookies of any kind.

Analytics cookies (consent-based) — We use Google Analytics 4, which sets cookies to help us understand in aggregate how visitors use this website — for example, which pages are visited most and how long visitors stay. This processing is based on your freely given consent (GDPR Article 6(1)(a)). You are presented with a consent banner on your first visit. You may accept or decline at any time without effect on your use of the site. To withdraw consent, clear your browser cookies and decline when the banner reappears.

Google Analytics data is processed by Google LLC under the EU–US Data Privacy Framework (DPF), which provides an adequate level of protection for international data transfers as required under GDPR Article 46. See Google's Privacy Policy for full details of how Google handles this data.

Technical local storage — The website stores your cookie consent choice ("accepted" or "declined") in your browser's localStorage. This contains no personal data.

The Google Fonts service used for typography may log your IP address in accordance with Google's Privacy Policy. We have no control over or access to such data.

7. Push Notifications

If you grant permission for push notifications, your device token will be shared with Apple Inc. solely for the purpose of delivering notifications to your device. You can withdraw this permission at any time in your device Settings. Withdrawal does not affect the lawfulness of prior processing.

8. Data Storage, Security, and Hosting

User data is stored using a managed cloud database service with servers located within the European Union. Your data does not leave the European Economic Area (EEA).

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encrypted data transmission (TLS), hashed password storage, and access controls limiting who can access production data.

This website is hosted via GitHub Pages, which may log standard server access information (IP address, browser type) as described in GitHub's Privacy Statement. We have no access to or control over these logs.

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data.

9. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise transfer your personal data to third parties for commercial or marketing purposes.

We may share your data only in the following limited circumstances:

  • Other registered users — your public profile (display name, skill level, general location, match preferences) is visible to other registered TennisCY users. Your email address is never shown publicly.
  • Data processors — infrastructure and service providers who process data on our behalf under contractual data processing agreements, strictly to provide the Service (including our database provider and Apple for push notification delivery).
  • Legal compliance — where required by applicable law, court order, or lawful request by a competent public authority, or where necessary to establish, exercise, or defend legal claims.
  • Protection of rights — where necessary to protect the safety, rights, or property of TennisCY, our users, or the public.

10. Profile Images

Profile photos you upload are stored securely and displayed to other registered users within the app. You can remove or update your photo at any time from your profile settings. Upon deletion, the image will be removed from storage within 30 days.

11. Data Retention

We retain your personal data for as long as your account is active. If you request deletion of your account, we will delete your personal data from our active systems within 30 days of your request. Backups may retain data for up to a further 30 days before being overwritten.

We may retain anonymised or aggregated data (such as total match counts by region, with no identifying information) indefinitely for statistical and product development purposes.

Where we are required to retain data to comply with a legal obligation (such as financial record-keeping), we will retain it for the minimum period required by that obligation.

12. Your Rights Under GDPR

Under EU Regulation 2016/679 (GDPR) as applied in Cyprus, you have the following rights regarding your personal data:

  • Right of access (Article 15) — to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17) — to request deletion of your personal data, subject to applicable legal obligations.
  • Right to restriction of processing (Article 18) — to request that we limit how we use your data in certain circumstances.
  • Right to data portability (Article 20) — to request your data in a structured, machine-readable format.
  • Right to object (Article 21) — to object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before processing your request.

13. Account and Data Deletion

You can delete your account directly from within the App at any time. You may also submit a deletion request by emailing [email protected] with the subject line "Account Deletion Request". We will process your request and confirm deletion within 14 days.

14. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority. In Cyprus, the supervisory authority is:

Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
Tel: +357 22 818 456
Website: www.dataprotection.gov.cy

You may also contact the supervisory authority in your country of residence or place of work if different from Cyprus.

15. Children's Privacy

TennisCY is not directed at or intended for use by persons under the age of 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a person under 16 has provided us with personal data, please contact us immediately at [email protected] and we will delete that data promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. Where changes are material, we will take reasonable steps to notify you. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

17. Contact

For any privacy-related questions, requests, or concerns, please contact us at: [email protected]