Privacy Policy

Effective Date: January 2026

RallyRally ("we", "us", or "our") operates the RallyRally mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App.

By using RallyRally, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

When you create an account and use RallyRally, you may provide:

Account Information: Email address, first name, last name, date of birth
Profile Information: Profile photo, bio/description, tennis ratings (WTN, UTR, ITF, S-Grade, ATP/WTA rankings)
Location: City/region you select during signup (used to find nearby players). We do not use GPS or track your location in real-time.
Affiliations: University and tennis club memberships (optional)
Preferences: Court colour preferences, display settings
Video Content: Tennis videos you upload to your profile
Communications: Messages you send to other users, feedback you provide to us
Payment Information: If you subscribe to RallyRally Premium, we collect your subscription status, purchase history, and the email address associated with your payment. We do not collect or store your credit card number, bank account details, or other payment method information directly - this is handled securely by our payment processors (see Section 3.2).
Parental Consent Information (Teen Accounts): If you are aged 13-17, we collect your parent or guardian's email address, their consent status, and their selected permission preferences for your account. If you are a parent or guardian providing consent, we collect your email address and your permission selections.

1.2 What We Don't Collect

We do not collect:

GPS or real-time location data
Background location tracking
Contacts or address book

1.3 Information Generated Through Use

As you use the App, we collect:

Matching Activity: Your swipes (accept/decline), matches made, bookings created
Match Results: Game scores, ratings you give and receive (skill, sportsmanship, punctuality)
Content Interactions: Videos you view, like, save, or comment on
App Usage: Features used, session information

1.4 Anonymised Analytics

We collect anonymised, aggregated data to improve our service:

Age bracket (e.g., 13-17, 18-24, 25-34) - not your exact age
Days since signup
General usage patterns
Platform (iOS/Android)

This data is anonymised using one-way hashing and cannot be linked back to you personally. This anonymised data is retained even after account deletion to help us improve the App.

2. How We Use Your Information

We use your information to:

Provide the Service: Create your account, display your profile, match you with other players, facilitate bookings and communication
Find Nearby Players: Use your selected location to show you players in your area
Improve the App: Analyse usage patterns (anonymised) to enhance features
Communicate: Send service-related emails (verification, password reset, booking confirmations), push notifications (if enabled)
Safety and Moderation: Investigate reports, enforce our Terms of Service, prevent abuse
Process Payments: Manage your RallyRally Premium subscription, verify your subscription status, send payment receipts, and provide access to premium features

3. How We Share Your Information

3.1 With Other Users

Your profile information (name, photo, videos, location, ratings, bio) is visible to other RallyRally users. You can control some visibility settings within the App.

For users aged 13-17, profile visibility is subject to the permissions granted by their parent or guardian. Parents may choose to display their own email address as the contact on their child's player card.

3.2 Service Providers

We use trusted third-party services to operate RallyRally:

Provider	Purpose	Data Shared
Firebase (Google)	Authentication, push notifications	Email, password (encrypted), device tokens
Cloudflare	Database, video storage, API hosting	All app data (stored securely)
Google Places	Location search during signup	Location queries
Resend	Email delivery	Email address, email content
AWS Lambda (Amazon)	Video processing	Uploaded videos (for transcoding)
RevenueCat	Subscription management	User identifier, subscription status, purchase history
Stripe	Payment processing (web)	Email, payment method details (handled by Stripe, not stored by us)
Apple App Store	In-app purchases (iOS)	Apple account info, purchase receipts (handled by Apple)
Google Play	In-app purchases (Android)	Google account info, purchase receipts (handled by Google)

These providers process data on our behalf under strict contractual obligations.

3.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not serve advertisements.

3.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights, safety, or property of RallyRally, our users, or the public.

4. Data Storage and Security

Your data is stored on servers operated by Cloudflare, with infrastructure primarily located in regions that provide adequate data protection. We implement appropriate technical and organisational measures to protect your data, including:

Encryption in transit (HTTPS/TLS)
Secure authentication via Firebase
Access controls and monitoring

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention and Deletion

5.1 While Your Account is Active

We retain your data for as long as your account remains active and as needed to provide the service.

5.2 Account Deletion

You can delete your account at any time through the App settings. When you delete your account:

Your profile, videos, messages, matches, bookings, and all personal data are permanently deleted immediately
Your videos are removed from our storage servers
Your email becomes available for a new account
Only anonymised, aggregated analytics data is retained (this cannot identify you)

For teen accounts (users aged 13-17), either the account holder or their parent/guardian may request account deletion. Parental consent records are deleted along with the account.

5.3 Payment Records

Transaction records related to RallyRally Premium subscriptions may be retained for longer periods as required for:

Tax and accounting compliance
Legal obligations
Dispute resolution and fraud prevention

These records are retained in accordance with applicable laws (typically 7 years for financial records). Payment method details remain with our payment processors (Stripe, Apple, Google) subject to their respective privacy policies.

6. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update inaccurate information (you can do this directly in the App)
Deletion: Delete your account and personal data
Portability: Request your data in a portable format
Objection: Object to certain processing of your data
Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at [email protected].

6.1 Parents and Guardians

If your child (aged 13-17) has a RallyRally account, you have the right to:

Review the personal information we hold about your child
Modify or revoke the permissions you have granted at any time via your management link
Request deletion of your child's account and all associated data
Withdraw your consent entirely, which will restrict your child's access to the App

To exercise these rights, use the management link provided in your consent email, or contact us at [email protected].

7. International Data Transfers

RallyRally is operated from New Zealand. If you are accessing the App from outside New Zealand, your data may be transferred to and processed in New Zealand and other countries where our service providers operate. By using the App, you consent to this transfer.

We ensure appropriate safeguards are in place for international transfers, including using service providers that comply with applicable data protection frameworks.

8. Children and Teen Accounts

8.1 Age Requirements

RallyRally is available to users aged 13 years and older. Users aged 13-17 ("Teen Users") require verified parental or guardian consent before they can access the App's features. We do not knowingly collect personal information from anyone under 13. If we learn that we have collected data from someone under 13, we will delete it promptly.

8.2 Parental Consent Process

When a user under 18 creates an account, they must provide a parent or guardian's email address. We then contact the parent or guardian to request consent. Until consent is granted, the teen user's access to the App is restricted.

The parent or guardian can:

Approve access with granular permission controls (see Section 8.3)
Deny access, which prevents the teen from using the App
Modify permissions at any time via a secure management link
Revoke consent entirely at any time

Consent links are secured with unique tokens and expire after 7 days. If expired, the teen user may re-submit a consent request.

8.3 Granular Permissions

Parents and guardians can control the following permissions for their child's account:

Content browsing - Whether the teen can view tennis videos and posts
Content uploading - Whether the teen can post their own tennis videos
Profile sharing - Whether the parent's email is displayed as a contact on the teen's player card
Content linking - Whether the teen's content uploads are linked on their player card
Viewing players - Whether the teen can browse other players in the Find section
Matching - Whether the teen can swipe and match with other players
Independent booking - Whether the teen can book sessions independently, or whether a parent must arrange bookings on their behalf (supervised mode)

These permissions can be updated at any time through the parent management portal.

8.4 Data We Collect from Teen Users

We collect the same categories of information from teen users as described in Section 1, with the following additions:

Parent or guardian's email address
Parental consent status and permission selections
Whether the account is in supervised mode

We apply data minimisation principles to teen accounts and do not use teen users' data for any purpose beyond providing and safeguarding the service.

8.5 Teen Data Protections

For teen users, we implement additional safeguards:

App features are restricted based on parental permissions
Parents can monitor and modify access at any time
Account deletion can be initiated by either the teen or their parent/guardian
We do not serve advertising or use teen data for marketing purposes
We send consent-related email notifications to the parent when their child's consent status changes

9. Regional Privacy Rights

9.1 European Economic Area (GDPR)

If you are in the EEA, our legal bases for processing are:

Contract: Processing necessary to provide the service you signed up for
Legitimate Interests: Improving our service, preventing abuse
Consent: Where you have given specific consent (e.g., marketing emails)
Legal Obligation: Where required by law

You have additional rights under GDPR including lodging a complaint with your local supervisory authority.

9.2 California (CCPA/CPRA)

If you are a California resident:

We do not sell your personal information
We do not share your personal information for cross-context behavioural advertising
You have the right to know what data we collect and request deletion
You will not be discriminated against for exercising your rights

9.3 New Zealand (Privacy Act 2020)

We comply with the New Zealand Privacy Act 2020. You have the right to access your personal information and request corrections. If you believe we have breached your privacy, you may complain to the Office of the Privacy Commissioner.

9.4 United States (COPPA)

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. For users aged 13-17, we obtain verifiable parental consent before collecting and processing personal data. Parents may review, modify, or delete their child's information at any time by using their management link or contacting us at [email protected].

9.5 United Kingdom (Age Appropriate Design Code)

For users under 18 in the United Kingdom, we implement measures consistent with the UK Age Appropriate Design Code (Children's Code), including providing age-appropriate default settings, minimising data collection, and restricting features based on parental permissions.

10. Cookies and Tracking

The RallyRally mobile app does not use cookies. We use local device storage to keep you logged in and cache data for performance. This data remains on your device and is cleared when you log out.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the App. The "Effective Date" at the top indicates when the policy was last updated.

Continued use of RallyRally after changes constitutes acceptance of the updated policy.

12. Waitlist

If you join our waitlist before the App launches:

12.1 What we collect

Your email address and location (city and country).

12.2 Why we collect it

To let you know when RallyRally launches in your city, and to send occasional updates before then.

12.3 Who sees it

Just us. We use Resend to send emails, which means your email address passes through their system. We don't share your information with anyone else.

12.4 How long we keep it

Until you unsubscribe, or until we launch and you create an account (at which point the full app privacy policy above applies).

12.5 How to opt out

Email [email protected] and we'll remove you.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: [email protected]

Jurisdiction: New Zealand