Sign up

Legal

Privacy Policy

Last updated: 11 May 2026

Plain-English summary

  • We collect what we need to run the platform — your account info, bookings, payments, location (when you tell us), and basic activity.
  • We never sell your personal information.
  • We share strictly what a club / coach needs to know to host you (your name, contact, booking). They sign a data-handling commitment.
  • You can see, correct, or delete your data anytime. Email privacy@badmintonvillage.co.nz or use the in-app controls.

1. Who we are

Badminton Village Limited (“we”) is the agency under the New Zealand Privacy Act 2020 in respect of personal information you provide via this platform. Our registered office is in Aotearoa New Zealand.

2. What we collect

The categories of personal information we collect:

  • Identity & contact — name, email, phone (if provided), profile photo, preferred locale.
  • Auth — hashed password (bcrypt), OAuth tokens (when you sign in with Google/Apple), session cookies.
  • Player profile — your skill grade (computed from matches), match history, ratings events, badges.
  • Booking & payment data — sessions you book, attendance, payment status, partial card details that Stripe shares back (last 4 digits, brand). Full card numbers are stored only by Stripe, never by us.
  • Location — coarse (region/city) when you let us access it, used to surface nearby clubs and sessions. We do not track you when the app/site is not open.
  • Communications — messages you send via the platform, support emails.
  • Device & usage — browser type, IP, pages viewed. We use this for security, fraud detection, and aggregated analytics.
  • Push subscriptions — if you enable notifications, we store the push endpoint and crypto keys needed to deliver them.

3. Why we collect it

  • Operate the platform (let you sign in, book, pay, play).
  • Process payments via Stripe — we share only the data needed.
  • Show you relevant clubs, coaches, sessions, and content.
  • Send transactional emails / push notifications (booking confirmed, membership expiring, etc.) and — only if you opt in — marketing messages.
  • Detect abuse, fraud, and bot traffic.
  • Calculate ratings, rankings, and badges.
  • Generate aggregate (de-identified) analytics to improve the platform.
  • Comply with NZ law (e.g. tax records of platform fees, AML/CFT checks if and when applicable).

4. Who we share it with

We share only what is necessary, and only with parties that are contractually bound to handle it consistently with this policy.

  • Clubs and coaches you book with — your name, contact email (if you allow it), profile photo, payment confirmation status. They use this to host you. They do not see your card details, password, or unrelated bookings.
  • Stripe — processes all payments and stores card data on their PCI-DSS Level 1 infrastructure. See Stripe's privacy policy.
  • Vercel — our hosting provider. Web traffic logs live with them for short periods.
  • Google AdSense — serves ads on some pages. AdSense may use cookies to personalise ads; you can opt out at Google Ads Settings.
  • Email/SMS providers (e.g. Resend, Twilio) — process delivery of transactional and marketing communications.
  • Law enforcement / courts — only when legally compelled by a NZ court order or comparable process.

We do not sell your personal information.

5. Featured-listing tracking

We track impressions and clicks on featured (paid) placements so we can show clubs and coaches the return on their spend. Aggregated counts are shared with the advertising party. We do not share row-level data identifying you personally without your consent.

6. Cookies and similar tech

See our Cookie Policy for the specific cookies we set and how to control them.

7. International transfers

Some of our service providers (Stripe, Vercel, Google) operate globally. When personal information is transferred outside New Zealand, we ensure it's protected to a standard equivalent to the NZ Privacy Act — either through contractual safeguards or because the destination country has comparable privacy law.

8. How long we keep your data

  • Account & profile — for as long as your account is active, plus 30 days after deletion (to recover accidental deletes).
  • Bookings & payments — 7 years (NZ tax record retention).
  • Match history & ratings — indefinitely (this is the value of being on the platform, and it's de-identified on account closure if you choose).
  • Server logs — 30 days, then aggregated.
  • Featured-placement events — 24 months, then aggregated.

9. Your rights

Under the NZ Privacy Act 2020 you can:

  • Access what we hold on you — request a copy via privacy@badmintonvillage.co.nz and we'll respond within 20 working days.
  • Correct inaccurate information — you can edit most fields yourself in your profile.
  • Delete your account (this triggers a 30-day grace period before permanent deletion).
  • Withdraw consent to marketing emails, push notifications, or location access at any time.
  • Complain to the Office of the Privacy Commissioner if you're not satisfied with our response — privacy.org.nz.

10. Security

We protect your data with industry-standard measures: TLS 1.3 for all traffic, bcrypt (cost 12) for password hashes, scoped database access, automated dependency vulnerability scanning, and least- privilege admin controls. If we ever experience a breach affecting your data, we'll notify you and the Privacy Commissioner per the Privacy Act's notification requirements.

11. Children

We don't knowingly collect data from children under 13. Players aged 13–17 may use the platform with a parent or guardian's agreement. If you believe a child under 13 has signed up, email privacy@badmintonvillage.co.nz and we'll delete the account.

12. Changes

We'll update this policy when our practices change. Material changes get a banner notice and email at least 14 days before they take effect.

Questions? Email legal@badmintonvillage.co.nz or use the contact form.