Privacy Policy
Last updated : April 15, 2026
1. Data Controller
The data controller for personal data collected via Padel Snipe is Hadriel Dié, sole trader (Entrepreneur individuel, France), SIREN 103 532 644, registered office at 59 rue de la République, 33130 Bègles, France — publisher of the Padel Snipe service.
Contact: contact@padelsnipe.com
2. Data Collected
Padel Snipe collects only the data strictly necessary for the service to function:
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication, booking notifications |
| Password | Authentication (hashed via Supabase Auth, never stored in plain text) |
| Playtomic credentials | Authentication on third-party platform for automatic booking — encrypted with AES-256-GCM |
| Slot preferences | Automatic booking configuration (days, times, clubs) |
| Booking history | Dashboard display, personal statistics |
| Billing data | Subscription management — processed by Stripe (we do not store card data) |
| Telegram chat ID (optional) | Sending booking notifications via Telegram |
3. Legal Basis for Processing
Processing relies on the following GDPR legal bases (art. 6):
- Consent (art. 6.1.a): collected at sign-up for account creation and notification delivery;
- Performance of contract (art. 6.1.b): processing credentials and preferences to perform requested bookings;
- Legitimate interest (art. 6.1.f): service security, fraud prevention, technical logs;
- Legal obligation (art. 6.1.c): retention of billing data (10 years).
4. Credential Security
Third-party platform login credentials (Playtomic email + password) are encrypted using AES-256-GCM before any database storage. The encryption key is stored separately in secure server environment variables. No person, including the Padel Snipe team, can read these credentials in plain text.
5. Data Retention
| Data | Retention |
|---|---|
| Account and profile data | For the lifetime of the account. Deleted 30 days after account deletion. |
| Encrypted Playtomic credentials | Deleted immediately upon disconnecting the third-party platform or account deletion. |
| Booking history | 3 years from booking date (anonymizable for statistics). |
| Billing data | 10 years (legal accounting obligation). |
| Technical logs (IP, requests) | 12 months (security, incident investigation). |
6. Sub-processors and Hosting
Padel Snipe does not sell or rent your data. It is shared only with the following sub-processors, bound by GDPR-compliant Data Processing Agreements (DPAs):
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | AWS eu-west (Ireland) + Singapore (replicas) |
| Stripe | Payment, subscription management | USA / EU |
| Resend | Transactional email delivery | USA |
| Telegram | Notifications delivery (opt-in) | Global cloud |
| Upstash | Job queue (Redis) | eu-west-1 (Ireland) |
| Vercel | Application hosting (Next.js) | USA (HQ) — EU edge (Paris, Frankfurt) |
7. Transfers Outside the European Union
Some sub-processors (Stripe, Resend, Vercel) are established in the United States or operate infrastructure outside the EU. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) and, where available, by the sub-processor's adherence to the EU-US Data Privacy Framework. No data is transferred to a country without appropriate safeguards under GDPR.
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access: obtain a copy of your data;
- Right of rectification: correct inaccurate data;
- Right to erasure: delete your account and all your data;
- Right to portability: receive your data in a structured format;
- Right to object: object to certain processing;
- Right to restriction: restrict processing in certain cases.
To exercise these rights, contact contact@padelsnipe.com. We respond within 30 days. You may also lodge a complaint with your national data protection authority.
9. California Residents (CCPA / CPRA)
If you reside in California, the California Consumer Privacy Act grants you specific rights in addition to those under GDPR:
- Right to know: know the categories of data collected, their purpose, and the categories of third parties with whom they are shared;
- Right to delete: request deletion of your personal data;
- Right to non-discrimination: the service will not be degraded or denied for exercising your rights.
Padel Snipe does not sell or share your personal data with third parties for commercial purposes, within the meaning of the CCPA. To exercise CCPA rights, contact contact@padelsnipe.com.
10. Cookies
Padel Snipe uses only cookies essential for service operation. No advertising cookies, no third-party trackers.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-*-auth-token | User session (Supabase Auth) | 1 year (renewed) |
| NEXT_LOCALE | Language preference (fr / en) | 1 year |
| cookie_consent | Stores cookie consent preference | 1 year |
11. Changes
Padel Snipe may update this policy at any time. The date of last update is shown at the top of this page. Substantive changes will be notified by email or on next login.