Privacy Policy

Last updated: 23 April 2026

This Privacy Policy explains what data the Badmatch mobile app ("the app") collects, how that data is used, who it is shared with, and your rights in relation to it. Badmatch is an Android app that helps badminton clubs organise players and generate balanced matches.

The app is distributed through the Google Play Store and uses Google Firebase as its backend. If you have any questions about this policy, please email badmatch@googlegroups.com.

1. What data we collect

1.1 Account data

When you create an account we collect your email address, a display name you choose, and a unique user identifier assigned by Firebase Authentication. If you sign in with Google we also receive your Google account's basic profile information (email, display name, profile picture URL). You may optionally upload an avatar image, which is stored in Firebase Storage. We also store your preferred app language and theme.

1.2 Club and roster data

When you create or join a club, we store:

• club settings such as name, court count, grade ranges, session duration, and timezone
• the roster of players the club admin creates, including names, grade, gender, and — where recorded by an admin — date of birth
• the history of games and sessions played at the club, including dates, player assignments, scores, and outcomes

Club data is visible to members of the same club. Players who claim their roster entry via an invite code link it to their user account; a claimed player's data appears on that player's personal dashboard across any clubs they participate in.

1.3 Session and attendance data

When a club schedules sessions, we store session details (title, date, time, venue name, court count, maximum and minimum players), RSVPs, check-in timestamps, and attendance outcomes. Per-player attendance statistics (attended, excused, no-show counts) are derived and stored on the player record. Admins may enter a venue address and an optional external court-booking URL.

1.4 Communication data

If in-app chat or direct messages are enabled for your club, we store message content and timestamps to deliver and persist each conversation. Activity feed events — such as achievements, session results, and roster changes — are stored so the feed renders correctly for other members.

1.5 Notifications

To deliver push notifications, we store your device's Firebase Cloud Messaging (FCM) token. This token is specific to your device and is rotated periodically by Google. We do not use it for tracking across apps, devices, or advertising networks.

1.6 Guardian relationships

A user account may be linked as the guardian of one or more minor players in a club. In that case we store the link between the guardian's user account and the minor player's roster entry. The minor does not sign in themselves — only the guardian does. Minor players' data (name, grade, and any recorded date of birth) is entered and managed by a club admin and the linked guardian.

1.7 Club documents

A club admin may upload documents (such as venue booking confirmations, code-of-conduct files, or meeting notes) to the club. Uploaded documents are stored in Firebase Storage and are visible to members of that club.

1.8 Crash and error reports

To keep the app stable we use Firebase Crashlytics to collect technical diagnostic information when the app crashes or encounters an error. This includes device model, operating system version, app version, locale, stack traces, anonymised breadcrumbs describing what was happening in the app immediately before the event, and your Firebase user identifier so we can identify repeated crashes for a single user.

We do not send the content of your data (player names, messages, or game results) to Crashlytics. Crash reports are retained by Firebase Crashlytics for 90 days.

1.9 Purchase data

If you make a donation via Google Play Billing, or in future pay for a premium feature, we receive a purchase confirmation from Google (order ID, product ID, success or failure status). We do not receive or store your payment card or billing address; that information is handled entirely by Google. We store a flag on your user profile indicating that you have donated, used to offer discounted rates on future premium features.

1.10 What we do NOT collect

Badmatch does not collect:

• continuous or background location
• contacts, photos, camera feed, or microphone input
• advertising identifiers
• behavioural analytics for tracking, profiling, or retargeting

We do not integrate with any advertising networks and we do not use your data to train machine-learning models.

2. How we use your data

We use the data described above to:

• provide matchmaking, scheduling, and club management features
• synchronise your club's data across devices in real time
• deliver session reminders and other notifications you opt in to
• diagnose and fix crashes and bugs
• verify donations and grant access to donor-only benefits

We do not sell or rent your data. We do not use your data for advertising.

3. Third-party services

Badmatch relies on the following third-party services. Each service has its own privacy policy:

• Google Firebase — Authentication, Firestore, Storage, Cloud Messaging, Crashlytics, Remote Config, Cloud Functions, and Hosting (firebase.google.com/support/privacy)
• Google Sign-In (policies.google.com/privacy)
• Google Play Services and Google Play Billing (policies.google.com/privacy)

Your data is stored in Google Cloud data centers.

4. Who we share data with

Your data is visible to:

• other members of clubs you belong to — restricted to the specific club's roster, sessions, and activity
• the admin(s) of clubs you belong to, who manage rosters, sessions, and settings
• guardians linked to an account that represents a minor

We do not share your personal data with third parties outside of the operational services listed above. We only disclose data if required by law, legal process, or to protect the rights or safety of our users.

5. Data retention

• Account data is retained while your account is active. You can delete your account at any time (see Section 6).
• Club and game data belongs to the club that created it and is retained as long as the club exists. When a player leaves a club their roster entry is archived and can be restored if they return; historical game records for matches they played remain in the club's history.
• Crash reports are retained by Firebase Crashlytics for 90 days.
• Payment records for donations and purchases are retained as required by financial record-keeping laws.

6. Your rights

Depending on where you live — for example, if you are in the EU, UK, or California — you have various rights over your personal data. Regardless of jurisdiction, Badmatch supports the following:

• Access — you can view your profile and all club data you are part of, at any time, inside the app.
• Correction — you can edit your display name, avatar, notification preferences, and app preferences inside the app.
• Deletion — you can delete your account from the app's settings. Deletion removes your Firebase Authentication credential, scrubs personally identifying information from your user profile, and unlinks your account from any player roster entries. Historical game records that a club has about matches you played remain in that club's history, as the club owns its game records.
• Data export — you can download a JSON copy of your own user profile, your claimed player entries, and your aggregated statistics, from the delete-account screen.
• Deletion request via the web — if you cannot access the app, email badmatch@googlegroups.com from the address associated with your account, or visit https://badmatch.app/delete-data.

You can exercise any of these rights by emailing us at the address above. We will respond within 30 days.

7. Children's privacy

Badmatch accounts are intended for adult users. The app is not directed at, or marketed to, children under 13.

Some clubs manage minor players through an adult guardian's account. In those cases the minor does not sign in themselves; only their guardian does. The minor's data — name, grade, any recorded date of birth, and attendance records — is entered and managed by a club admin and the linked guardian. We do not knowingly collect personally identifying information directly from children.

If you believe we have collected information from a child under 13 without verified parental consent, please email badmatch@googlegroups.com and we will delete the information promptly.

8. Security

Data in transit is encrypted via TLS. Data at rest in Google Firebase is encrypted by Google. Access to Firestore data is controlled via security rules that restrict reads and writes to authorised members of each club.

No system is perfectly secure. If we become aware of a data breach that affects your account, we will notify you via email and, where required by law, notify the appropriate regulators.

9. International users

Badmatch is available worldwide. Your data is stored and processed on Google Cloud infrastructure, which may mean data is transferred to and processed in countries other than the one you live in. By using the app you consent to this transfer.

10. Changes to this policy

We may update this Privacy Policy from time to time, for example when the app adds new features. The "Last updated" date at the top of this page indicates when the policy was most recently revised. If we make material changes, we will notify users via an in-app message or email.

11. Contact

If you have any questions about this policy or about how your data is handled, please email us at:

badmatch@googlegroups.com