Skip to content
Back to dink.one

Privacy Policy

Last updated: April 29, 2026

dink.one ("we," "us," "our") is a pickleball platform that helps members track d1Rs, find courts, and connect with communities. We take your privacy seriously and comply with GDPR, CCPA, and applicable global privacy regulations.

What we collect

We collect only what we need to run the platform:

  • Account information - name, email address, phone number, profile photo
  • Activity data - matches, results, d1Rs, records, achievements
  • Location - only when you search for nearby courts or check in (never background tracking)
  • Device info - browser type and operating system for platform compatibility
  • Club membership - which clubs and groups you belong to, your role and tier
  • Communication preferences - your notification and messaging settings

How we use your data

  • Account management - sign in, display your profile, manage your settings
  • Rating calculation - compute your d1R from results
  • Matchmaking - suggest opponents and partners based on skill level
  • Club management - member rosters, scheduling, communications for clubs you join
  • Discovery - show nearby courts based on your location
  • AI features - personalized coaching tips and scouting reports (only with your explicit consent)
  • Platform improvement - aggregated, anonymized usage patterns to improve the product

Third-party services (sub-processors)

We use trusted third-party services to operate the platform. Each is bound by its own Data Processing Agreement and is GDPR Art. 28 compliant:

  • Supabase (US-West-2) - database, authentication, and file storage
  • Vercel - web hosting, content delivery, edge functions, and Speed Insights (anonymized Web Vitals)
  • Cloudflare R2 - encrypted off-site database backups
  • Doppler - secrets management
  • Twilio - SMS one-time passwords for phone sign-in
  • Google, Apple, Facebook - OAuth sign-in (we receive only your name and email)
  • Stripe - payment processing (we never see or store full card numbers)
  • Firebase Cloud Messaging (FCM) - push notification delivery
  • Open-Meteo - weather data for outdoor playability (no personal data shared)
  • Anthropic (Claude) - AI features like scouting reports (only with your AI consent)
  • Sentry - error monitoring and crash reporting (PII scrubbed before transmission)
  • PostHog - product analytics (anonymized events; we do not capture sensitive form fields)

We do not sell your data to any third party. Ever.

SMS / Text Messaging

When you provide your phone number to dink.one for account verification, you consent to receive a one-time SMS containing a verification code. We do not send recurring or marketing messages.

  • Message frequency - one message per verification request.
  • Cost - message and data rates may apply per your carrier plan.
  • Help - reply HELP to any verification SMS for support, or email support@dink.one.
  • Opt out - reply STOP to any verification SMS, or remove your phone number at any time via Settings -> Account.
  • No third-party sharing - we will never sell or share your phone number with third parties for marketing purposes. Twilio is our SMS sub-processor and is GDPR Art. 28 compliant (see Third-party services above).

Cookies and tracking

We use the following cookies and browser local storage:

  • Authentication session tokens (Supabase) - strictly necessary
  • Theme preference (light/dark/auto) - strictly necessary
  • Onboarding progress state - strictly necessary
  • Locale and unit preferences - strictly necessary
  • PostHog analytics identifier - for measuring product usage (non-essential; opt-out below)
  • Vercel Analytics + Speed Insights - anonymized Web Vitals performance data (no personal identifiers)

We do not use advertising cookies or third-party tracking pixels. To opt out of non-essential analytics, email privacy@dink.one.

Data retention

  • Account data - retained while your account is active
  • matches and d1Rs - retained while your account is active
  • Operational activity logs (per-member and per-event action history) - 90 days, then automatically deleted via the daily purge cron
  • Compliance audit logs (admin actions, operator/manager actions, rating-engine integrity record) - retained for 7 years where legally required (Stripe / financial regulations / SOC 2 audit trail); kept under access-controlled, append-only tables and not used for marketing or product personalization
  • Slow query logs - 7 days
  • Health snapshots (server-side database metrics; no user identifiers) - 30 days
  • Deleted accounts - anonymized within 30 days of deletion request via our GDPR anonymise_player process (19 table categories scrubbed)

Your rights

You have full control over your data:

  • Access - view all your data in your profile settings
  • Export - download a complete copy of your data at any time
  • Correction - update your personal information in settings
  • Deletion - permanently delete your account and all associated data
  • Consent withdrawal - opt out of AI features, marketing, or location at any time
  • Portability - request your data in a machine-readable format

To exercise any of these rights, visit your profile settings or email privacy@dink.one.

Children's privacy

dink.one is not intended for children under 13 (US/COPPA minimum). In the European Union and United Kingdom, the minimum age is 16 unless a lower age is set by applicable local law (GDPR Article 8 permits EU member states to set the digital-consent age between 13 and 16). We do not knowingly collect data from anyone under the applicable minimum age. Users aged 13-17 (or under 16 in the EU/UK where permitted) may use the platform only with the verifiable consent of a parent or guardian. If you believe a child under the applicable minimum age has created an account, please contact us immediately at privacy@dink.one and we will delete it.

International data transfers

Our primary database is hosted by Supabase in the US-West-2 (Oregon) region. If you access dink.one from outside the United States, your data will be transferred to and processed in the US. We rely on Supabase's SOC 2 Type II compliance and encryption at rest and in transit to protect your data during transfer.

Data security

We protect your data with: row-level security on 100% of database tables, encrypted connections (TLS 1.3), hashed passwords, parameterized queries to prevent injection, rate limiting on all API endpoints, and regular security audits. No system is 100% secure, but we take every reasonable measure to protect your information.

Changes to this policy

We may update this policy from time to time. When we make significant changes, we will notify you via an in-app notification. The "last updated" date at the top of this page reflects the most recent revision.

Contact us

For privacy questions, data requests, or concerns:
Email: privacy@dink.one
You may also exercise your rights directly from your profile settings within the app.

Terms of Service