Privacy policy

Last updated: 2026-04-18

Tennis Mates (“we”, “us”, “our”) operates tennismates.com.au and the hosted platform under it. This policy explains what personal information we collect about you when you visit our marketing site, sign up as a club or league administrator, or interact with a club that runs its site on Tennis Mates; how we use that information; and the rights you have over it.

We handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Who we are

Tennis Mates is an Australian-operated SaaS product that hosts websites and communication tooling for tennis clubs and leagues. When a club signs up, we act as the operator of the platform. The club itself is generally the controller of the content it publishes and of its own subscribers’ data; we process that data on the club’s behalf.

2. Information we collect

We collect only information reasonably necessary to run the service:

Administrator accounts. Name, email address, hashed password (managed for us by Amazon Cognito), the club or league you represent, the region you operate in, and your role (owner, master admin, admin).
Billing details. Legal billing name, billing email, country, tax ID (where provided) and subscription state. Card numbers and bank details are captured directly by Stripe and are never sent to or stored on Tennis Mates servers; we hold only a Stripe customer identifier and subscription metadata.
Content you publish. Announcements, court outages, club descriptions, uploaded images, and similar content that you choose to post on your club’s Tennis Mates site.
Subscribers to your club. Email addresses, display names and notification preferences for people who subscribe to your club’s announcements or court-availability alerts. These are collected on your behalf and treated as the club’s data.
Technical logs. IP addresses, user-agent strings, request URLs and timestamps for the purposes of operating, securing and debugging the service. We do not use these logs for profiling or advertising.
Cookies. Session cookies set by Amazon Cognito to keep you signed in, and a small number of functional cookies for form state. The marketing site itself does not currently run any third-party analytics or advertising trackers.

3. How we use your information

We use personal information to:

Provide the platform you have signed up for (contract performance).
Authenticate administrators, enforce role-based permissions, and protect the service against abuse (legitimate interests).
Bill your subscription and send billing-related emails (contract performance and legal obligation).
Send transactional emails and, if you’ve subscribed, court availability / outage / announcement notifications on behalf of a club.
Respond to support requests you initiate.

We do not sell personal information, and we do not use subscriber email addresses for our own marketing.

4. Sub-processors

We rely on the following third parties to deliver the service. Each is bound by data-processing obligations appropriate to their role:

Amazon Web Services (AWS) — application hosting, data storage (DynamoDB, S3), authentication (Cognito) and email delivery. The primary hosting region is Sydney (ap-southeast-2) so application data stays in Australia; transactional emails and TLS certificates are handled in AWS global services that may transit through the United States.
Stripe Payments Australia Pty Ltd — billing, payment collection, invoicing and the self-service Billing Portal. Stripe processes card data under PCI-DSS and may transfer information to Stripe, Inc. in the United States.

If we add a new sub-processor that materially changes where your data is processed, we’ll update this list and notify administrators before the change takes effect.

5. International transfers

Most of your data stays in Australia. Where information is transferred overseas (for example, Stripe payment data to the United States, or AWS global services), we take reasonable steps to ensure the recipient handles it consistently with the APPs, including via the recipient’s own privacy commitments and contractual data-processing terms.

6. How long we keep your information

Active accounts. For as long as your subscription is active, plus a reasonable period afterwards to handle billing, disputes and backups.
Cancelled tenants. Tenant data (admin accounts, published content, subscribers) is retained for up to 90 days after cancellation so you can reactivate without losing data, and is then purged. Billing records are retained for 7 years to meet Australian record-keeping and tax requirements.
Technical logs. Typically 30–90 days depending on the log source.

7. Security

All traffic to Tennis Mates is served over HTTPS. Passwords are never stored in clear text. Data is encrypted in transit and, where AWS supports it, at rest. Access to production data is limited to the small number of staff who need it to operate the service, and all platform-staff actions are audit-logged.

No system is ever perfectly secure; if we become aware of a data breach that is likely to result in serious harm, we’ll notify affected administrators and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

8. Your rights

Under the Privacy Act you may:

Request access to the personal information we hold about you.
Ask us to correct information that is inaccurate, out of date or incomplete.
Ask us to delete your personal information, subject to any legal or legitimate reasons we may have to retain it (e.g. tax records).
Withdraw your consent to specific optional processing at any time.

To exercise any of these rights, email privacy@tennismates.com.au. We’ll acknowledge your request within 5 business days and aim to respond substantively within 30 days.

9. Children

Tennis Mates is intended for use by club administrators and their members, and is not directed at children under 13. If a club chooses to enrol junior members, the club is responsible for obtaining any parental or guardian consent required in its jurisdiction before providing those members’ details to us.

10. Changes to this policy

If we materially change how we collect or use personal information, we’ll update this page and, for logged-in administrators, show a notice in the admin portal the next time they sign in. Minor clarifications will just be reflected in the “Last updated” date above.

11. Contact us

Questions, complaints, or privacy requests: privacy@tennismates.com.au. If you’re not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner.