Privacy Policy
1. Data controller
YellowClub, S.L. (hereinafter, "YellowClub" or "the Platform") is the controller of the personal data collected when you use the Platform.
Contact email for data protection matters: legal@yellowclub.app
In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), we inform you about how we process your personal data.
2. Dual role: YellowClub and the clubs
The Platform connects players with independent sports clubs. This entails two distinct roles in the processing of your data:
- YellowClub is the controller for the data of your global account (profile, authentication, playing level, wallet, cross-club history).
- Each Club you belong to or book with is the controller for the data generated in its relationship with you (specific bookings at that Club, charges, operational communications, support). YellowClub acts as the data processor for that data on behalf of the Club.
3. Data we collect and purposes
| Data category | Purpose | Legal basis |
|---|---|---|
| Name, email, phone | Account management and service communications | Performance of contract (art. 6.1.b GDPR) |
| Booking and payment history | Service provision, billing and tax compliance | Performance of contract and legal obligation (art. 6.1.b and 6.1.c) |
| Playing level, padel statistics | Matchmaking in open matches, rankings | Consent and service performance (art. 6.1.a and 6.1.b) |
| Profile photo (optional) | Visual identification on the Platform | Consent (art. 6.1.a) |
| Browsing and device data | Security, usage analysis and service improvement | Legitimate interest (art. 6.1.f) |
| Push notification token | Sending notifications about bookings and matches | Consent (art. 6.1.a) |
4. Data retention
We keep your data for as long as you maintain an active account and, once cancelled, for the periods required by applicable law (up to 5 years for tax and accounting data, in accordance with the General Tax Law).
5. Recipients and data processors
We do not transfer your data to third parties except in the following cases:
- Clubs you belong to or book with: they receive the data strictly necessary to manage your booking, match or relationship with their Club.
- Stripe Payments Europe, Ltd. — card payment processing. Stripe's privacy policy at stripe.com/es/privacy.
- Supabase, Inc. — data storage on servers located in the EU.
- Resend, Inc. — transactional email delivery.
- Firebase (Google LLC) — push notifications via FCM.
- Vercel, Inc. — server hosting and infrastructure.
- Legal obligation — when required by a judicial or administrative authority.
All providers are subject to data processing agreements in accordance with the GDPR. Transfers outside the European Economic Area are carried out with adequate safeguards (standard contractual clauses of the European Commission).
6. Your rights
You may exercise the following rights at any time by writing to legal@yellowclub.app, stating your full name and attaching a copy of your ID card or equivalent document:
- Access: to know what data we hold about you.
- Rectification: to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): to request the deletion of your data.
- Restriction of processing: to request that we pause the use of your data.
- Portability: to receive your data in a structured, machine-readable format.
- Objection: to object to processing based on legitimate interest.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
If you believe your rights have not been properly addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
7. Security
We apply appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss or destruction. These include: encryption in transit (TLS), role-based access control, audit logs and periodic backups.
8. Cookie policy
What are cookies?
Cookies are small text files stored on your device when you visit our Platform. They allow us to remember your preferences and improve your experience.
Types of cookies we use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
sb-* (Supabase) | Technical / necessary | Keep the authenticated user session active | Session / 7 days |
last_admin_path | Technical / functional | Remember the last administration module visited | 7 days |
| Analytics cookies (future) | Analytics | Anonymous usage statistics to improve the service | Variable |
Technical/necessary cookies do not require your consent as they are essential for the Platform to function. Analytics or marketing cookies, when implemented, will only be activated with your explicit consent through the cookie panel.
How to manage cookies
You can configure your browser to reject or delete cookies. Please note that disabling technical cookies may prevent login and other essential features from working correctly.
9. Minors
Our services are intended for people over 16 years of age. If you are under that age, you need the consent of your parent or legal guardian to register.
10. Changes to this policy
We may update this policy periodically. We will notify you through the Platform or by email when the changes are significant. The "last updated" date at the top of the document will indicate when the most recent revision was made.