Skip to content
← Back to dink.one

Privacy Policy

Last updated: March 23, 2026

dink.one ("we," "us," "our") is a pickleball platform that helps players track ratings, find courts, and connect with communities. We take your privacy seriously and comply with GDPR, CCPA, and applicable global privacy regulations.

What we collect

We collect only what we need to run the platform:

  • Account information — name, email address, phone number, profile photo
  • Game data — match scores, ratings, win/loss records, achievements
  • Location — only when you search for nearby courts or check in (never background tracking)
  • Device info — browser type and operating system for platform compatibility
  • Club membership — which clubs and groups you belong to, your role and tier
  • Communication preferences — your notification and messaging settings

How we use your data

  • Account management — sign in, display your profile, manage your settings
  • Rating calculation — compute your Cayman Rating from match results
  • Matchmaking — suggest opponents and partners based on skill level
  • Club management — member rosters, scheduling, communications for clubs you join
  • Court discovery — show nearby facilities based on your location
  • AI features — personalized coaching tips and scouting reports (only with your explicit consent)
  • Platform improvement — aggregated, anonymized usage patterns to improve the product

Third-party services

We use trusted third-party services to operate the platform:

  • Supabase (US-West-2) — database, authentication, and file storage
  • Vercel — web hosting and content delivery
  • Twilio — SMS one-time passwords for phone sign-in
  • Resend — transactional email delivery
  • Google, Apple, Facebook — OAuth sign-in (we receive only your name and email)
  • Stripe — payment processing (we never see or store full card numbers)
  • Open-Meteo — weather data for court playability (no personal data shared)
  • Anthropic (Claude) — AI features like scouting reports (only with your AI consent)

We do not sell your data to any third party. Ever.

Cookies and tracking

We use only essential cookies for authentication (Supabase session tokens). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Vercel Analytics collects anonymized Web Vitals performance data with no personal identifiers.

Data retention

  • Account data — retained while your account is active
  • Match history and ratings — retained while your account is active
  • Activity logs — 90 days, then automatically deleted
  • Health snapshots and slow query logs — 7 days
  • Deleted accounts — anonymized within 30 days of deletion request via our GDPR anonymise_player process (19 table categories scrubbed)

Your rights

You have full control over your data:

  • Access — view all your data in your profile settings
  • Export — download a complete copy of your data at any time
  • Correction — update your personal information in settings
  • Deletion — permanently delete your account and all associated data
  • Consent withdrawal — opt out of AI features, marketing, or location at any time
  • Portability — request your data in a machine-readable format

To exercise any of these rights, visit your profile settings or email privacy@dink.one.

Children's privacy

dink.one is not intended for children under 13 (US/COPPA minimum). In the European Union and United Kingdom, the minimum age is 16 unless a lower age is set by applicable local law (GDPR Article 8 permits EU member states to set the digital-consent age between 13 and 16). We do not knowingly collect data from anyone under the applicable minimum age. Users aged 13–17 (or under 16 in the EU/UK where permitted) may use the platform only with the verifiable consent of a parent or guardian. If you believe a child under the applicable minimum age has created an account, please contact us immediately at privacy@dink.one and we will delete it.

International data transfers

Our primary database is hosted by Supabase in the US-West-2 (Oregon) region. If you access dink.one from outside the United States, your data will be transferred to and processed in the US. We rely on Supabase's SOC 2 Type II compliance and encryption at rest and in transit to protect your data during transfer.

Data security

We protect your data with: row-level security on 100% of database tables, encrypted connections (TLS 1.3), hashed passwords, parameterized queries to prevent injection, rate limiting on all API endpoints, and regular security audits. No system is 100% secure, but we take every reasonable measure to protect your information.

Changes to this policy

We may update this policy from time to time. When we make significant changes, we will notify you via an in-app notification. The "last updated" date at the top of this page reflects the most recent revision.

Contact us

For privacy questions, data requests, or concerns:
Email: privacy@dink.one
You may also exercise your rights directly from your profile settings within the app.

Terms of Service

Privacy Policy | dink.one