Privacy Policy

This Privacy Policy ("Policy") describes how CourtUp.ca ("CourtUp.ca", "we", "us", or "our") collects, uses, discloses, and safeguards personal information in connection with the CourtUp.ca platform, including its website, mobile-optimized interface, and all related services (collectively, the "Platform").

This Policy applies to all users of the Platform, including individual members ("Users"), organization owners ("Owners"), organization managers ("Managers"), and platform administrators ("Admins").

CourtUp.ca complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and, where applicable, provincial privacy legislation including the Personal Information Protection Act (PIPA) in British Columbia and Alberta, and Loi 25 in Québec.

By using the Platform, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Platform. This Policy is incorporated by reference into our Terms of Service.

The following capitalized terms have the meanings set out below throughout this Policy:

3.1 Account Registration

When you create an account on the Platform, we collect the following information:

• Full name — used to identify you to organization administrators and on event attendee lists.
• Email address — used for account verification, sign-in, password reset, and platform notifications.
• Username (nickname) — an optional public handle displayed within your organizations and on event pages.
• Password (hashed) — your password is stored only as a one-way cryptographic hash (bcrypt). We cannot read or recover your plain-text password.
• Email verification status — whether your email address has been confirmed.

3.2 Optional Profile Information

After creating an account you may optionally complete your user profile. Optional fields include:

• Avatar / profile photo — a publicly visible image you upload.
• Biography — a short personal description.
• Sports ratings — your DUPR (Dynamic Universal Pickleball Rating) and GPN (Global Pickleball Network) rating numbers, if you choose to provide them.
• Gender — used optionally for registration export reports generated by organization managers.
• DUPR ID — an optional external identifier for cross-referencing sports rating platforms.

None of the above optional fields are required to use the Platform.

3.3 Organization & Membership Data

When you join an organization or are approved as a member, we record:

• Your membership status and role within the organization (User, Member, Manager, Owner).
• Your Membership Balance — an in-platform credit balance managed by the organization. This is a platform-internal accounting record, not a payment instrument.
• The date you joined and whether your membership is approved or pending.

3.4 Event Registration Data

When you register for an event, we record:

• Which events you have registered for and your registration status (REGISTERED, WAITLIST, or CANCELLED).
• The date and time of your registration.
• Any event fee charged to or refunded to your Membership Balance.

3.5 Transaction Records

We maintain a log of all Membership Balance transactions (DEPOSIT, CHARGE, REFUND, ADJUSTMENT) so that you and organization administrators can review financial activity within the Platform. These records do not include any external bank account numbers, credit card numbers, or other external payment instrument data.

3.6 OAuth Sign-in Data

If you choose to sign in using a third-party OAuth provider (such as Google, Facebook, or WeChat), we receive from that provider only the information needed to create or link your Platform account, typically your name and email address. We do not receive your password or payment information from these providers. Your use of third-party sign-in services is also subject to those providers' own privacy policies.

3.7 Technical & Log Data

Like most web services, our servers automatically record standard technical information when you use the Platform, including your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is used for security monitoring, debugging, and aggregate analytics. We do not use it to build individual marketing profiles.

CourtUp.ca is a community sports coordination platform. We have deliberately designed the Platform to avoid collecting information that is not necessary for its operation. The following categories of information are never collected, stored, or processed by CourtUp.ca:

We use the information we collect for the following purposes only:

5.1 Operating the Platform

• Creating and maintaining your account and profile.
• Authenticating your identity when you sign in.
• Processing and managing event registrations, waitlists, and cancellations.
• Tracking Membership Balance transactions within the Platform.
• Displaying your name, nickname, and sports ratings on event attendee lists visible to other members of shared organizations.

5.2 Communications

• Sending you transactional emails such as account verification, password reset links, and event registration confirmations.
• Notifying you of changes to events you have registered for (e.g., cancellation or time changes communicated by the organization).
• Notifying you if you have been promoted from a waitlist to a registered status.
• Sending platform and policy update notices where required by law.

We do not send unsolicited marketing emails. You will only receive email communications that are directly related to your use of the Platform.

5.3 Security & Abuse Prevention

• Detecting and preventing fraudulent account activity, unauthorized access, and abuse of the Platform.
• Enforcing rate limits on sign-in attempts to protect accounts from brute-force attacks.
• Investigating reports of conduct that violates our Terms of Service.

5.4 Platform Improvement

• Aggregated, anonymized analytics to understand how the Platform is used and to improve its features and performance.
• Debugging and resolving technical errors.

6.1 We Do Not Sell Personal Information

CourtUp.ca does not sell, rent, trade, or otherwise transfer your personal information to any third party for commercial purposes, now or in the future.

6.2 Sharing with Other Users

Within the Platform, certain information is visible to other users in specific contexts:

• Your name, nickname, and sports ratings (DUPR, GPN) may be visible to other members of organizations you belong to and on event attendee lists.
• Your registration status (REGISTERED or WAITLIST) for an event is visible to other approved members of the same organization who view that event.
• Your email address is visible only to organization Owners and Managers within organizations you have joined, for the purpose of member management.

6.3 Sharing with Organization Owners & Managers

By joining an organization, you consent to that organization's Owners and Managers accessing the following information about your membership, for the sole purpose of managing the organization:

• Your full name, username, and email address.
• Your membership role and approval status.
• Your Membership Balance and transaction history within that organization.
• Your event registration history within that organization.
• Your optional profile information (avatar, bio, sports ratings) if provided.

Organization Owners and Managers are subject to the same Terms of Service and Privacy Policy as all Users. They may not use your information for purposes outside the management of their organization on the Platform.

6.4 Service Providers

We engage a small number of trusted service providers who assist in operating the Platform, including cloud hosting, email delivery, and analytics. These providers access your information only to perform services on our behalf and are contractually required to protect it. They may not use your information for their own purposes.

6.5 Legal Obligations

We may disclose your information if required to do so by law or in response to a valid court order, subpoena, or other lawful request from a public authority. Where legally permissible, we will notify you before making such a disclosure.

7.1 Data Access by Role

The Platform implements a role-based access model. The level of member data accessible to organization personnel is determined by their role:

7.2 Organization Responsibilities

Organization Owners and Managers who access member personal information through the Platform act as independent data controllers for their own administrative activities. They are individually responsible for:

• Using member information only for legitimate organization management purposes;
• Complying with applicable Canadian privacy legislation (PIPEDA, PIPA, Loi 25) in respect of any personal information they access;
• Not sharing, exporting, or retaining member data beyond what is necessary for managing the organization; and
• Responding to member requests for access or correction of their information within their organization.

7.3 Export of Registration Data

Owners and Managers may export event registration lists (in CSV or TXT format) for operational purposes such as attendance tracking. These exports may include member names, nicknames, sports ratings, gender (if provided), and registration status. Exported data must be handled in accordance with this Policy and applicable law.

8.1 Session Cookies

CourtUp.ca uses a signed, encrypted JSON Web Token (JWT) stored in an HTTP-only cookie to maintain your authenticated session. This cookie is necessary for the Platform to function and does not contain sensitive personal information beyond your user identifier.

8.2 Analytics

We use Google Analytics to collect anonymized, aggregated information about how visitors use the Platform (page views, session duration, feature usage). Google Analytics may set cookies on your device. The data collected is used to improve the Platform and is subject to Google's Privacy Policy. We do not use Google Analytics to identify individual users or to build personal profiles.

8.3 reCAPTCHA

Certain forms on the Platform (such as sign-in and sign-up) are protected by Google reCAPTCHA to prevent automated abuse. reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis. Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.

8.4 No Third-Party Advertising Cookies

CourtUp.ca does not use advertising networks or tracking pixels for retargeting or behavioural advertising purposes. We do not allow third-party advertising cookies on the Platform.

CourtUp.ca takes reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

10.1 Active Accounts

We retain your personal information for as long as your account remains active or as needed to provide you with the Platform's services.

10.2 Account Deletion

If you request deletion of your account, we will delete or anonymize your personal information within a reasonable period, subject to the following exceptions:

• Information required to be retained by applicable Canadian law (e.g., financial transaction records required under tax law).
• Information necessary to resolve outstanding disputes or enforce our Terms of Service.
• Aggregated or anonymized data that no longer identifies you.

10.3 Transaction Records

Membership Balance transaction records (DEPOSIT, CHARGE, REFUND, ADJUSTMENT) may be retained for up to seven (7) years in accordance with standard Canadian financial record-keeping practices and applicable tax regulations, even after account deactivation. These records are internal accounting entries and do not include external payment data.

Under PIPEDA and applicable provincial privacy legislation, you have the following rights with respect to your personal information held by CourtUp.ca:

How to Exercise Your Rights

To submit a privacy request, please contact our Privacy contact at pr****y@c******.ca or through the Contact Us page at courtup.ca/contact. Please include your name and the email address associated with your account. We will respond within thirty (30) days and will not charge a fee for reasonable access requests.

The Platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. Users between the ages of 13 and 18 may use the Platform only with the express consent of a parent or legal guardian.

If you are a parent or guardian and believe your child under 13 has provided personal information to CourtUp.ca without your consent, please contact us at pr****y@c******.ca. We will take prompt steps to delete such information from our records.

Parents and guardians who consent on behalf of a minor between 13 and 18 accept the same obligations and responsibilities as the minor User under our Terms of Service and this Policy.

The Platform may contain links to third-party websites or integrate third-party services (such as Google Maps for venue lookup, or OAuth providers for sign-in). These third parties have their own privacy policies, and CourtUp.ca is not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you interact with through the Platform. CourtUp.ca does not endorse or make any representations about third-party websites or services.

Third-party sign-in providers (Google, Facebook, WeChat) are governed by their respective privacy policies. When you sign in via OAuth, the information shared with CourtUp.ca is limited to what is described in Section 3.6.

CourtUp.ca reserves the right to update this Privacy Policy at any time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Post a prominent notice on the Platform.
• Where required by applicable Canadian law, notify you by email to the address associated with your account.

Your continued use of the Platform after the updated Policy has been posted constitutes your acceptance of the revised Policy. If you do not agree to the updated Policy, please stop using the Platform and request account deletion as described in Section 11.

The most current version of this Policy will always be available at courtup.ca/privacy-policy.

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us through any of the following channels: