Privacy Policy

Last updated: March 16, 2026

1. Data Controller

Racquet Science ("we", "us", "our") is the data controller for the personal data processed through the Racquet Science platform ("the Service"). For questions about data processing, contact us via our contact page.

2. What Data We Collect

Account data

When you register, we collect your name, email address, and password (stored as a cryptographic hash). If you enable two-factor authentication, we store encrypted TOTP secrets and backup codes.

Service data

As you use the Service, you may enter data about players (name, email, phone, preferences), rackets, stringing jobs, business information, and billing details. This data is stored to provide the Service's functionality.

Payment data

Subscription payments are processed by Stripe. We do not store credit card numbers. Stripe may collect and process payment information in accordance with its own privacy policy.

Technical data

We collect standard server logs including IP addresses, browser type, and request timestamps to maintain and secure the Service.

3. How We Use Your Data

We process your personal data to:

  • Provide and maintain the Service
  • Authenticate your identity and secure your account
  • Process subscription payments
  • Send transactional emails (verification, password reset, player notifications, business invites)
  • Respond to support requests

We do not sell your data to third parties. We do not use your data for advertising or profiling purposes.

4. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contract performance: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Service security, fraud prevention, and improvement
  • Consent: Where specifically required, such as accepting these terms
  • Legal obligation: Where required by applicable law

5. Data Sharing

We share data only with:

  • Stripe — for payment processing
  • Email service provider — for sending transactional emails (SMTP relay)
  • Hosting provider (Render) — our infrastructure provider that stores and serves the application

Within the Service, business owners and team members may see player data, job records, and other information that was entered in the context of their business.

6. Data Retention

Your data is retained as long as your account is active. When you delete your account:

  • Personal information is anonymized (name, email, phone, billing details)
  • Authentication credentials are revoked and wiped
  • Stringing job records may be retained in anonymized form for business record-keeping
  • Player data linked to your account is anonymized

An administrator may perform a hard delete that permanently removes all data associated with an account.

7. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us via our contact page or delete your account directly from the profile settings.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Hashed passwords (never stored in plain text)
  • Session-based authentication with secure cookies
  • Rate limiting on authentication endpoints
  • Two-factor authentication support
  • Role-based access control

9. International Data Transfers

The Service is hosted on infrastructure located in the European Union (Frankfurt, Germany). Data may be transferred to third-party processors outside the EU only where appropriate safeguards are in place (e.g., Standard Contractual Clauses).

10. Cookies

The Service uses only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Service.

13. Contact

For privacy-related inquiries, visit our contact page.