Legal
Privacy Policy
Last updated: May 2026
1. Introduction
PadelDesk ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use our platform. If you have any questions, contact us at sales@padeldesk.ie.
2. Data We Collect
We may collect the following information: • Name and contact details (email address, phone number) • Club or organisation name • Payment information (processed securely via our payment provider — we do not store card details) • Usage data and technical information (browser type, IP address, pages visited) • Communications you send us
3. How We Use Your Data
We use your data to: • Provide and operate the PadelDesk platform • Process bookings and payments • Send service-related communications and updates • Respond to your enquiries and support requests • Improve our product and user experience • Comply with legal obligations
4. Legal Basis for Processing
We process your data on the following legal bases: • Contract performance — to deliver the services you signed up for • Legitimate interests — to improve our services and communicate with you • Legal compliance — where required by applicable law • Consent — where you have explicitly opted in
5. Data Sharing
We do not sell your personal data. We may share it with: • Trusted third-party service providers acting as our processors (see the Subprocessors section below) under written data processing agreements • Regulatory or law enforcement authorities where legally required
6. Subprocessors
PadelDesk relies on a small set of carefully chosen processors to deliver the platform. Each one is bound by a data processing agreement and is listed below for transparency, as required by GDPR Articles 13(1)(e) and 28. • Supabase (Supabase Inc.) — primary database and authentication backend. Stores club, booking, member, and waitlist data. Hosting region: EU (eu-west-1). • Clerk (Clerk Inc.) — authentication, session management, and login email delivery for club owner accounts. Region: United States, under EU Standard Contractual Clauses. • Stripe (Stripe Payments Europe Ltd.) — payment processing for platform subscriptions and Stripe Connect club payouts. Region: Ireland (EU) and United States, under EU Standard Contractual Clauses. • Resend (Resend Inc.) — transactional email delivery (booking confirmations, member notifications, contact form). Region: United States, under EU Standard Contractual Clauses. • Vercel (Vercel Inc.) — application hosting, edge network, and request logging. Regions: EU and United States, under EU Standard Contractual Clauses. We will update this list before introducing any new subprocessor. If you would like a copy of our Data Processing Agreement, email sales@padeldesk.ie.
7. Data Storage Region
Customer data (clubs, bookings, members, waitlist requests) is stored in the European Union (eu-west-1, Dublin, Ireland) on Supabase infrastructure. Some processors listed above operate in the United States and process data under Standard Contractual Clauses approved by the European Commission to provide an adequate level of protection.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. When data is no longer needed, it is securely deleted or anonymised.
9. Your Rights
Under GDPR (and UK GDPR for users in the United Kingdom), you have the right to: • Access the personal data we hold about you • Correct inaccurate or incomplete data • Request deletion of your data ("right to be forgotten") • Restrict or object to processing • Data portability • Lodge a complaint with your supervisory authority — the Irish Data Protection Commission (dataprotection.ie) for EU users, or the UK Information Commissioner's Office (ico.org.uk) for UK users To exercise any of these rights, email us at sales@padeldesk.ie. We respond within 30 days as required by law.
10. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging on sensitive operations, signed and verified webhooks, and idempotent payment processing. No system is entirely risk-free.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our platform. Continued use of PadelDesk after changes constitutes acceptance.
12. Contact
For any privacy-related queries, contact us at: sales@padeldesk.ie PadelDesk, Dublin, Ireland