Privacy Policy

Serve It Up ("we", "us", "our", or "Serve It Up") operates a sports matchmaking platform that connects tennis and pickleball players for automated weekly matches. We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

By using Serve It Up, you consent to the data practices described in this Privacy Policy. We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you register for an account, participate in activities on the Service, or otherwise contact us. The personal information we collect includes:

• Account Information: Full name, email address, phone number (for SMS authentication and notifications)
• Profile Information: Skill level (beginner, intermediate, advanced), preferred sport (tennis or pickleball), home court location and address
• Location Data: Geographic coordinates and region information based on your home court selection via Google Places API
• Match Preferences: Availability, preferred match times, skill tolerance preferences
• Match Results: Scores, wins, losses, ratings, and game history
• Payment Information: Payment method details processed securely through Stripe (we do not store full credit card numbers)
• Communications: Any messages, feedback, or support requests you send to us

1.2 Information Automatically Collected

When you access our Service, we automatically collect certain information about your device and usage patterns:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on pages, clicks, session duration
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. This includes authentication tokens (JWT) stored in HttpOnly cookies for security
• Log Data: Server logs that include IP address, access times, pages viewed, and actions taken

1.3 Information from Third-Party Sources

We may receive information about you from third-party services we integrate with:

• Google Maps/Places API: Location data, court addresses, and geographic information when you search for and select your home court
• Twilio: SMS delivery status, phone number validation, and message metadata
• Stripe: Payment confirmation, transaction status, and billing information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery and Operations

• Match Generation: Create automated weekly matches every Sunday at 10:00 AM ET using our proximity-based algorithm (Haversine distance calculation within 10-15km radius) and skill-level matching
• Account Management: Create and maintain your account, authenticate your identity via SMS OTP codes, manage your profile and preferences
• SMS Notifications: Send match assignments, reminders, score submission requests, and important account updates via Twilio
• Leaderboard Rankings: Calculate and display seasonal rankings based on total games played, wins, losses, and ratings
• Prize Distribution: Identify and contact seasonal prize winners ($500 for 1st place, $250 for 2nd place, $100 for 3rd place)
• Payment Processing: Process match fees and manage transactions securely through Stripe

2.2 Service Improvement and Analytics

• Analyze usage patterns to improve matching algorithms and user experience
• Monitor Service performance, troubleshoot technical issues, and prevent fraud
• Conduct research and development to enhance features and functionality
• Generate aggregated, anonymized statistics about platform usage and trends

2.3 Communication and Marketing

• Respond to your inquiries, comments, and support requests
• Send administrative information such as updates to our Terms of Service or Privacy Policy
• Notify you about new features, seasonal competitions, and platform updates (with your consent)
• Request feedback and reviews to improve our Service

2.4 Legal and Security

• Comply with legal obligations and respond to legal requests
• Enforce our Terms of Service and other policies
• Protect against fraudulent, unauthorized, or illegal activity
• Ensure the safety and security of our users and the Service

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

3.1 Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf:

• Twilio: SMS messaging service for authentication codes, match notifications, and platform updates. Twilio processes phone numbers and message content according to their privacy policy
• Stripe: Payment processing for match fees and prize distributions. Stripe handles payment information securely according to PCI-DSS standards
• Google Maps/Places API: Location services for court selection, address validation, and proximity calculations
• Hosting and Infrastructure Providers: Cloud hosting services for data storage and application delivery

These service providers have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes. They are bound by contractual obligations to keep personal information confidential and secure.

3.2 Other Players (Limited Information)

When you are matched with another player, we share limited information necessary for match coordination:

• Your first name and last initial
• Your skill level
• Match location and scheduled time
• Your match history statistics (wins, losses, rating) on public leaderboards

We do NOT share your phone number, email address, full home address, or other sensitive personal information with other players.

3.3 Legal Obligations and Safety

We may disclose your information if required to do so by law or if we believe such action is necessary to:

• Comply with legal obligations, court orders, subpoenas, or government requests
• Enforce our Terms of Service or other agreements
• Protect and defend our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent or investigate possible wrongdoing, fraud, or security issues

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

3.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you. This includes statistical data about platform usage, match trends, and regional participation rates.

4. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

4.1 Active Accounts

While your account is active, we retain all account information, match history, and profile data to provide ongoing Service.

4.2 Inactive and Deleted Accounts

• If you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal, tax, or accounting purposes
• Some information may be retained in backup systems for up to 90 days after deletion
• Aggregated, anonymized match data may be retained indefinitely for analytics and historical records
• Legal and transaction records may be retained for up to 7 years to comply with tax and financial regulations

4.3 SMS Message Data

SMS message metadata (delivery status, timestamps) is retained for up to 12 months. Message content is not permanently stored on our servers but may be retained by Twilio according to their retention policies.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

5.1 Technical Safeguards

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
• Authentication: SMS-based one-time password (OTP) authentication for secure, passwordless login
• Token Security: JWT authentication tokens stored in HttpOnly cookies to prevent XSS attacks
• Payment Security: PCI-DSS compliant payment processing through Stripe; we do not store full credit card numbers
• Database Security: Encrypted database storage with access controls and regular security audits

5.2 Organizational Safeguards

• Access to personal information is restricted to employees and contractors who need it to perform their job functions
• Regular security training for team members handling user data
• Incident response procedures for data breaches or security events
• Regular security assessments and vulnerability testing

5.3 Limitations

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

If you believe your account has been compromised, please contact us immediately at security@serveitup.io.

6. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

6.1 Access and Portability

• Right to Access: You can request a copy of the personal information we hold about you
• Right to Portability: You can request your data in a structured, machine-readable format

6.2 Correction and Update

• Right to Correction: You can update or correct inaccurate information through your account settings or by contacting us
• Profile information (skill level, home court, sport preference) can be updated at any time through the Settings page

6.3 Deletion

• Right to Deletion: You can request deletion of your account and personal information
• Some information may be retained as described in Section 4 (Data Retention) for legal or legitimate business purposes
• To delete your account, go to Settings > Account > Delete Account, or contact us at privacy@serveitup.io

6.4 Opt-Out and Communication Preferences

• SMS Opt-Out: Reply STOP to any SMS message to unsubscribe from all non-essential text messages. You will still receive critical account and match-related notifications unless you delete your account
• Email Opt-Out: Click "unsubscribe" in any marketing email or update your preferences in account settings
• Cookie Management: You can control cookies through your browser settings, though some features may not function properly if cookies are disabled

6.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

6.6 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectification, erasure, and restriction of processing
• Right to data portability and to object to processing
• Right to withdraw consent at any time (where processing is based on consent)
• Right to lodge a complaint with your local data protection authority

6.7 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@serveitup.io with the subject line "Privacy Rights Request." We will respond to your request within 30 days. We may require verification of your identity before processing your request.

7. Children's Privacy

Serve It Up is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. Our Terms of Service require all users to be at least 18 years old.

If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at privacy@serveitup.io.

8. International Data Transfers

Serve It Up is based in the United States. If you access our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. By using our Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy when transferred internationally, including using Standard Contractual Clauses where applicable.

9. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, and services that are not operated by us. This includes:

• Google Maps for court location selection
• Stripe for payment processing
• Links to court facilities or local tennis/pickleball organizations

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policies of every site you visit.

Key Third-Party Privacy Policies:

• Twilio: https://www.twilio.com/legal/privacy
• Stripe: https://stripe.com/privacy
• Google Maps/Places: https://policies.google.com/privacy

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files placed on your device that help us provide and improve our Service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted).

10.2 How We Use Cookies

• Authentication Cookies: HttpOnly cookies containing JWT tokens to keep you logged in securely
• Preference Cookies: Remember your sport preference (tennis or pickleball) and other settings
• Analytics Cookies: Understand how users interact with our Service to improve functionality
• Security Cookies: Detect fraudulent activity and protect user accounts

10.3 Managing Cookies

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Please note that disabling cookies may prevent you from accessing certain features of our Service, including account login.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this Privacy Policy.

Notification of Changes:

• Minor Changes: We will post the updated Privacy Policy on this page
• Material Changes: We will notify you via email or SMS, and/or post a prominent notice on our Service before the changes take effect
• We may also require you to re-consent to the updated Privacy Policy for certain significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to all requests, inquiries, or concerns within 30 days.