Courtly LogoCourtlyБългарски

Privacy Policy and Data Protection

Last updated: November 20, 2025

1. Introduction

Welcome to Courtly! We, "Courtly" Ltd. (UIC: 208395220, address: Sofia 1303, "Hristo Botev" Blvd. 117), are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Courtly mobile application.

By using our application, you agree to the practices described in this policy. If you do not agree with this policy, please do not use our application.

2. Data Controller

The data controller is "Courtly" Ltd., a company registered in the Commercial Register with UIC: 208395220, with registered office and management address: Sofia 1303, "Hristo Botev" Blvd. 117.

For questions regarding the processing of your personal data, you can contact us at:

3. What Personal Data We Collect

When you use the Courtly application, we collect the following categories of personal data:

3.1. Profile Data

  • First and Last Name - for identification and personalization
  • Email Address (mandatory) - for registration, communication, and account recovery
  • Password - encrypted using standard security methods
  • Phone Number - for verification via OTP code and communication
  • Gender - for personalizing the experience
  • Date of Birth - for age verification (the application is intended for users 16+ years old)
  • Bio - optional information that the user chooses to share

3.2. Preference Data

  • Preferred Playing Hand - to improve matches with other players
  • Preferred Court Position - for personalizing the experience

3.3. Location Data

If you allow access to your location, we collect geolocation data to provide you with a better experience and filter clubs near you. You can disable location access at any time in your device settings, in which case the nearby clubs feature will not be available.

3.4. Payment Data

Payments are processed entirely by a third party - DSK Payment Provider. We do not store, process, or have access to your bank card data or other payment information. All payment transactions are conducted directly between you and DSK Payment Provider.

3.5. Usage Data

We store internal logs of actions you perform in the application to be able to provide support later if needed. This data includes information about reservations, interactions with other users, and general activity in the application.

3.6. Third-Party Data (SSO)

If you choose to register through Facebook, Apple, or Google, we receive basic information from your profile (name, email address) necessary to create your account in Courtly. We do not receive access to your password or other sensitive information from these platforms.

4. How We Use Your Personal Data

We use the collected personal data for the following purposes:

4.1. Account Creation and Management

  • Creating and maintaining your user account
  • Verifying phone number via OTP code to activate the reservation feature
  • Providing access to application features

4.2. Reservations and Booking

  • Processing and managing court reservations
  • Storing reservation history (for a period of 1 year)
  • Sending reservation notifications

4.3. Communication

  • Sending push notifications via OneSignal for important events and updates
  • Communication with users via Appwrite Realtime for in-app messages
  • Responding to support requests and technical assistance

4.4. Service Improvement

  • Analyzing application usage to improve functionality
  • Personalizing your experience based on your preferences
  • Filtering clubs near you (if you have allowed location access)

4.5. Legal Compliance

  • Compliance with applicable laws and regulations
  • Responding to legal requests from competent authorities
  • Protecting user rights and safety

5. Legal Basis for Processing

We process your personal data on the basis of:

  • Consent - when you register and use the application, you give consent for processing your data
  • Contract Performance - to provide the services you have requested (reservations, communication)
  • Legitimate Interest - to improve services, security, and prevent fraud
  • Legal Obligation - to comply with applicable laws and regulations

6. Sharing Data with Third Parties

We share your personal data only in the following cases:

6.1. Sports Clubs

Sports clubs can only see information about users who have played at least once at their location. All other users are locked and their data is not shared with clubs.

6.2. Service Providers

We work with the following service providers who process data on our behalf:

  • Digital Ocean - cloud storage and data hosting (EU)
  • DSK Payment Provider - payment processing (we do not store payment data)
  • OneSignal - sending push notifications
  • Appwrite Realtime - real-time communication between users
  • Facebook SDK - for login/registration functionality via Facebook
  • Apple Sign-In - for login/registration functionality via Apple
  • Google Sign-In - for login/registration functionality via Google
  • OTP Verification Service - for phone number verification

All these providers are required to protect your data and use it only for the purposes for which they are engaged.

6.3. Legal Requirements

We may disclose your personal data if necessary to comply with law, court order, or government request, or to protect the rights, property, or safety of Courtly, our users, or others.

7. Data Storage and Security

7.1. Data Location

All your personal data is stored in the European Union (EU) on Digital Ocean servers. We do not transfer data outside the EU.

7.2. Security Measures

We implement various technical and organizational measures to protect your personal data:

  • Password encryption using standard cryptographic methods
  • Secure connections (HTTPS) for data transmission
  • Regular security checks and updates
  • Limited access to personal data only for authorized personnel

7.3. Retention Periods

  • Active Accounts: Data is stored while your account is active
  • Reservation History: Stored for a period of 1 year
  • Deleted Accounts: Account is soft-deleted for a period of 6 months. If not reactivated during this period, data is permanently deleted

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

8.1. Right of Access

You have the right to receive information about what personal data we process about you and the purposes of processing.

8.2. Right to Data Download

You can request a copy of all your personal data that we store. To do this, please send an email to [email protected] with a request for data download.

8.3. Right to Rectification

You have the right to correct inaccurate or incomplete personal data in your profile at any time.

8.4. Right to Erasure

You have the right to request deletion of your personal data. To do this, please send an email to [email protected] with a request for account deletion. As mentioned above, the account is soft-deleted for 6 months, after which it is permanently deleted if not reactivated.

8.5. Right to Restriction of Processing

In certain circumstances, you have the right to request restriction of processing of your personal data.

8.6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transfer it to another controller.

8.7. Right to Object

You have the right to object to the processing of your personal data in certain circumstances.

8.8. Right to Withdraw Consent

If processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

8.9. Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority for data protection if you believe that the processing of your personal data violates GDPR. In Bulgaria, this is the Commission for Personal Data Protection (www.cpdp.bg).

9. Children's Privacy

The Courtly application is intended for users 16+ years old. We do not knowingly collect personal data from children under 16 years of age. If we discover that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete this information immediately.

If you are a parent or guardian and believe that your child has provided personal data to Courtly, please contact us at [email protected].

10. Location and Geolocation

If you allow access to your device's location, we use this data only to provide you with a better experience and filter clubs near you. You can control location access at any time through your device settings.

If you disable location access, the nearby clubs feature will not be available, but all other application features will continue to work normally.

We do not continuously track your location - data is used only when you use the nearby clubs search feature.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other reasons. We will notify you of any significant changes through a push notification in the application or via email.

We recommend that you review this policy periodically to stay informed about how we protect your data. The date of the last update is indicated at the beginning of this document.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

  • Email: [email protected]
  • Address: "Hristo Botev" Blvd. 117, Sofia 1303, Bulgaria
  • Company: "Courtly" Ltd., UIC: 208395220

We will strive to respond to all your requests within a reasonable time and in accordance with applicable data protection laws.