Privacy Policy

This Privacy Policy explains how Scorepion collects, uses, discloses, stores, and protects personal information when you use the App. By using the App, you consent to the practices described in this policy. If you do not agree, please do not use the App.

Scorepion is operated by Boon Han Yeo ABN: 90 816 553 130 as a sole trader, providing watch-first live scoring for racket sports including Padel, Tennis, Pickleball, Squash, Table Tennis, and Badminton. We are an APP entity under the Privacy Act. All privacy enquiries should be directed to privacy@scorepion.co.

We collect: account information (display name, email address, mobile phone number, password hash, date of account creation, Terms acceptance record, and profile preferences); match and scoring data (match records, player names, point-by-point scoring events, match statistics, and game configuration); device and technical data (device type, OS, app version, IP address, session logs, crash reports); watch data (scoring events from the Apple Watch companion app — we do not access HealthKit data); payment data via RevenueCat (subscription status and purchase history — we never store payment card numbers); and the content of any communications you send us.

We collect personal information directly from you when you register, verify your email or mobile, use scoring features, or contact us; automatically through the App's operation (session logs, error reports, scoring events); and from third-party services including RevenueCat (purchase status), Apple and Google (device identifiers, purchase confirmation), and Twilio Inc (USA) (OTP delivery confirmation).

We use personal information to: provide, operate, and improve the App; create and manage your account; verify your email and mobile number; process subscriptions and purchases; store and sync match history and statistics; send service communications (account confirmations, billing notices, security alerts, Terms updates); detect and prevent fraud and security incidents; respond to support requests; comply with legal obligations; and — with your explicit consent — send product updates or marketing communications.

We share personal information with: Supabase Inc (USA) for database and authentication; Vercel Inc (USA) for hosting; RevenueCat Inc (USA) for in-app purchase management; Twilio Inc (USA) for SMS OTP delivery; and analytics and crash reporting providers (such as PostHog and Sentry). We may also disclose where required by law, to protect our rights or users' safety, in connection with a business sale on reasonable notice, or with your consent. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Our service providers — Supabase, Vercel, RevenueCat, and Twilio Inc (USA) — are based in the United States. By using the App, your personal information will be transferred to and processed in the US. We have reviewed each provider's privacy documentation and are satisfied they operate to a standard substantially similar to the APPs. You may request further information about overseas disclosures by contacting privacy@scorepion.co.

Your mobile phone number is used solely to: verify your identity at account creation via SMS OTP; send security alerts where we detect suspicious activity; and assist with account recovery. We will not use your mobile number for marketing without your explicit consent, and will not share it with any party other than Twilio Inc (USA) for the sole purpose of OTP delivery.

Account data is retained while your account is active and deleted or de-identified within 30 days of closure, unless retention is required by law. Match records are retained for the lifetime of your account; you may delete individual records at any time — deletion is permanent. Terms acceptance records are retained for a minimum of 7 years for compliance. To request deletion, contact privacy@scorepion.co or close your account within the App; requests are processed within 30 days.

We protect personal information using: TLS encryption in transit; encryption at rest in our Supabase database; row-level security (RLS) ensuring users can only access their own data; industry-standard password hashing; SMS OTP verification; and access controls limiting staff access on a need-to-know basis. In the event of a data breach likely to result in serious harm, we will comply with notifiable breach obligations under the Privacy Act, including notifying affected individuals and the OAIC as required.

The App may use third-party analytics and crash reporting tools (such as PostHog, Firebase, and Google Analytics) to understand how the App is used, identify errors, and improve performance. These tools collect anonymous or pseudonymous data including feature usage patterns, device type, crash reports, and session duration. We do not use these tools for cross-app advertising tracking and configure them to minimise data collection where possible.

Under APPs 12 and 13, you may request access to or correction of personal information we hold about you by contacting privacy@scorepion.co; we will respond within 30 days. If you have consented to marketing communications, you may opt out at any time. If you believe we have handled your personal information in breach of the Privacy Act, contact us first at privacy@scorepion.co; if unresolved, you may lodge a complaint with the OAIC at oaic.gov.au or by calling 1300 363 992.

If you are in the EEA or UK, we process your personal data on the basis of contract (account management and service delivery), legitimate interests (fraud detection, security, product improvement), and consent (marketing). You have GDPR rights to access, rectify, erase, restrict, port your data, object to processing, and lodge a complaint with your local data protection authority. International transfers rely on Standard Contractual Clauses. Contact privacy@scorepion.co to exercise any of these rights.

The App is not directed at children under 13 (or under 16 where GDPR applies). We do not knowingly collect personal information from under-13s. If we become aware that a child under 13 has created an account, we will promptly delete the account and associated data. Users aged 13–17 should use the App with parental knowledge and consent.

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Registered users will be notified of material changes via in-app notification and email where possible. Continued use after the effective date constitutes acceptance. Previous versions are archived on request — contact privacy@scorepion.co.

Privacy Officer, Boon Han Yeo (trading as Scorepion) ABN: 90 816 553 130. Email: privacy@scorepion.co. Website: scorepion.co. Address: 5 Keith St, Dulwich Hill, NSW 2203, Australia.