top of page

Didcot Karate School — Privacy Policy

Last updated: 11 August 2025
App name: Didcot Karate School (Android)
Developer: Didcot Karate School (“we”, “us”, “our”)
Contact: replace with your preferred email, e.g. info@didcotkarateschool.com
Website: https://www.didcotkarateschool.com/

1) What this policy covers

This policy explains what personal information our mobile app collects, how we use it, and the choices you have. It applies only to the Didcot Karate School app and related services used to run the app (authentication, database, email).

We do not sell your data. We do not show ads. We do not run third-party analytics.

2) What we collect

Account & access

  • Email address (required) – used to sign in via a one-time code sent by email.

  • Name (optional) – if you provide it during sign-up.

  • Profile status fields (server-side): role, approved/denied status, lock state and attempt counters used to protect accounts.

App content & usage

  • Events you see are general club events from our database; this is not personal data.

  • Training progress you tick off in the Training screen is stored only on your device (local storage). We do not upload this to our servers.

Device & diagnostics

  • Basic, non-identifying app logs (e.g., error messages) may be generated to help us troubleshoot problems. We do not collect precise location, contacts, camera, or microphone data.

3) How we use your data

  • Authentication: to send a one-time sign-in code and verify your email.

  • Membership approval: admins use your email (and optional name) to approve access before you can use the app.

  • Security: to protect accounts (e.g., lock after repeated failed attempts).

  • Service emails: sending sign-up confirmations or sign-in codes.

We do not use your data for advertising or profiling.

4) Legal bases (UK/EU GDPR)

  • Performance of a contract / legitimate interests: providing a secure sign-in and member-only access to the app.

  • Consent: when you request a sign-in code to your email.

5) Where your data is stored & processed

  • Supabase (managed PostgreSQL + Auth) hosts our account and event data. Data is encrypted in transit and at rest. Supabase may process data in the region selected for our project. Learn more: https://supabase.com/

  • Email delivery is provided by Supabase’s built-in email service or our chosen SMTP provider to send the one-time code and verification emails.

Your Training progress is saved locally on your device only.

6) Sharing your data

We share personal data only with service providers that help us run the app:

  • Supabase (authentication & database)

  • Email provider (sending verification/sign-in codes)

These providers act on our instructions. We do not sell or rent your data.

7) Data retention

  • Account data is kept while your account remains active or until you ask us to delete it.

  • Security logs / counters are kept only as needed to maintain account security.

  • Local training progress remains on your device until you clear app data, uninstall, or use the in-app reset.

8) Your rights

Depending on your location (e.g., UK/EU), you may have rights to:

  • access, correct, or delete your data;

  • object to or restrict processing;

  • data portability.

To exercise rights or request deletion, contact us at [your email]. We may need to verify your identity.

9) Children’s privacy

This app is intended for adult members and parents/guardians managing access. If a child uses the app, a parent/guardian should create and manage the account. If you believe we’ve collected a child’s data without consent, contact us and we’ll delete it.

10) Security

We use technical and organisational measures such as:

  • encrypted connections (HTTPS/TLS);

  • server-side row-level security and role-based access controls;

  • limited admin access.

No system can be 100% secure, but we work to protect your data.

11) International transfers

Our providers may process data in other countries. Where applicable, appropriate safeguards (e.g., standard contractual clauses) are used by our providers.

12) Changes to this policy

We may update this policy. We’ll post the latest version at the URL you provide to the Google Play store and update the “Last updated” date above.

13) Contact us

If you have questions or requests about this policy or your data, please contact:
Email: replace with your contact email
Website: https://www.didcotkarateschool.com/

Quick summary for Google Play Data Safety form

  • Collected: Email, optional name, account status fields.

  • Shared: With service providers (Supabase/Auth, email sender) solely to deliver the service.

  • Not collected: Location, contacts, photos, media, files, precise device IDs.

  • Security: Data encrypted in transit; access restricted; no ads/trackers.

  • Retention: Kept while account is active or until deletion is requested.

  • User deletion: Available on request via email to the developer.

bottom of page