🏀

Privacy Policy

Effective May 21, 2026

The short version CourtRun is a basketball check-in app. When you sign up and use the app, your email, username, location pin when you check in at a court, and any court photo you submit are uploaded to our servers (Supabase) and made visible to other signed-in users. We don't sell your data, we don't share it with third parties, and you can permanently delete your account from inside the app at any time.

1. Who runs CourtRun

CourtRun is an independent iOS app run by a single developer. Questions about anything in this policy go to [email protected].

2. What data we collect — and what we upload to our servers

The table below is exhaustive. If something isn't listed here, we don't collect it.

Data	When collected	Uploaded to server?	Visible to other users?
Email address	When you sign up	Yes — Supabase Auth	No
Username	When you sign up	Yes — `profiles` table	Yes — shown next to your check-ins and court submissions
Password	When you sign up or reset	Yes — stored as a salted hash by Supabase Auth. We never see the plaintext.	No
Court check-ins (which court, when)	Every time you tap "Check in"	Yes — `check_ins` table	Yes — every signed-in user sees who's checked in at every court, in real time. Expires after 3 hours.
Court submission (name, town, address, GPS coordinates, hoop count, photo)	Only when you submit a new court	Yes — `court_submissions` table + `court-photos` storage	Only after admin approval. Submitter username is shown. Until approved, only you and the admin can see it.
Location	Only while the app is open and only to center the map on you / pick a spot when submitting a court	No — used locally on your device only. We do not store or transmit your GPS coordinates unless you explicitly submit a new court at a specific location.	No
Camera and photo library	Only when you take or pick a photo for a court submission	Only the specific photo you chose, only after you tap Submit	Yes — once admin approves the court

What we do not collect

Ad identifiers (IDFA)
Analytics or crash-reporting data
Contacts, calendar, microphone, or health data
Continuous background location
Any payment information

3. How we use your data

Email + password — to authenticate you when you sign in.
Username — to label your check-ins, friend requests, team memberships, and court submissions to other users.
Check-ins — to power the live map. Every signed-in user can see which players are at which court right now.
Court submissions + photos — to show the court on the map for all users after an admin approves it.
Email (transactional) — to send you the welcome email after signup and password-reset links if you request one. Emails come from [email protected] via Resend.

4. Where the data lives

All data described above is stored on Supabase (PostgreSQL + Storage), a managed backend provider with infrastructure in the United States. Transactional emails are sent through Resend. We don't use any other third-party processors.

The connection between your phone and our servers is encrypted (HTTPS / TLS). Passwords are hashed by Supabase before they're written to disk.

5. Who we share data with

No one. We do not sell your data. We do not share it with advertisers, data brokers, or analytics vendors. The only third parties that touch your data are the infrastructure providers we use to run the service (Supabase for storage, Resend for email, Cloudflare for the website).

Other CourtRun users can see your username, your active check-ins, and any courts you've submitted that have been approved. That's the entire social surface of the app.

6. Your choices

Don't share what you don't want shared. Don't check in at a court if you don't want other users to see you're there.
Edit your profile. Your username can be changed in the profile drawer.
Delete your account. In the app, open the profile drawer (top-right) → "Delete account." This permanently removes your auth record, profile, every check-in you've made, and any pending court submissions. Approved courts you submitted stay on the public map, but your submitter handle is anonymized to "deleted_user." The action is immediate and irreversible.
Stop the app from accessing the camera or location in iOS Settings → CourtRun.

7. Children

CourtRun is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email [email protected] and we'll delete the account.

8. Data retention

Account data (email, username, password hash) — kept while your account exists; deleted when you delete your account.
Check-ins — automatically expire after 3 hours.
Court submissions — pending and rejected submissions are deleted when you delete your account. Approved courts stay on the public map but lose your name on them.
Server logs — Supabase keeps standard request logs for a short period for security/diagnostic purposes; these are not used for tracking.

9. Changes to this policy

If we change anything material we'll update the "Effective" date at the top of this page. Big changes (adding new third parties, collecting new data) will also be announced in-app before they take effect.

10. Contact

Privacy questions, deletion requests, or anything else: [email protected].