Privacy Policy

1. Introduction

Welcome to NextSet ("NextSet," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (collectively, the "Services").

By using NextSet, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account (name, email address, phone number, password)
• Complete your profile (date of birth, gender, city, state, country)
• Set your tennis skill level (NTRP rating)
• Schedule lessons, clinics, or training sessions
• Communicate with coaches, club managers, or other players through in-app messaging
• Submit session notes, training goals, or match results
• Contact our support team

2.2 Automatically Collected Information

When you access our Services, we automatically collect certain information, including:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on pages
• Referring website addresses
• Session cookies used to maintain your login state

2.3 Mobile App — Push Notification Tokens

If you use the NextSet mobile application and grant permission for push notifications, we collect and store your device's Expo push notification token. This token is used solely to deliver in-app notifications (such as lesson reminders, messages, and task assignments). You may disable push notifications at any time through your device settings.

2.4 Google Calendar Integration

If you choose to connect your Google Calendar account, we collect and store OAuth access and refresh tokens to create and update calendar events on your behalf (lesson scheduling). We do not read, store, or share the contents of your Google Calendar. You may disconnect Google Calendar at any time from your account settings.

2.5 Payment Information

Payments are processed by Stripe, Inc. We do not store your full credit card number on our servers. We receive and store transaction metadata (subscription status, payment amounts, Stripe customer and subscription IDs) to manage your account. Court booking payments are routed directly to club Stripe Connect accounts.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Services
• Create and manage your account
• Process your bookings, clinic registrations, and subscription payments
• Connect you with coaches, clubs, and other players
• Facilitate matchmaking based on skill level, location, and availability
• Track your training progress, NTRP rating, and performance over time
• Send push notifications for lessons, messages, tasks, and platform activity
• Sync lesson events to your connected Google Calendar
• Send you important account updates and administrative messages
• Respond to your inquiries and provide customer support
• Improve our Services and develop new features
• Ensure security and prevent fraud
• Comply with legal obligations

4. How We Share Your Information

4.1 With Your Consent

We share your information when you give us explicit permission to do so.

4.2 With Coaches and Club Managers

When you join a coach or a club, relevant profile information (name, NTRP rating, contact details) is shared with your coach and club manager to facilitate your training and club membership.

4.3 With Other Players (Matchmaking)

When you participate in the matchmaking or partner-finding features, limited profile information (first name, last initial, NTRP rating, city, state) is visible to potential match candidates. Full contact details are only shared once a match is confirmed.

4.4 Public Coach Directory

Coaches who opt into the public directory make their name, city, state, bio, and profile photo visible to any visitor of the Find a Coach page, regardless of whether they have a NextSet account.

4.5 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Stripe — payment processing and subscription management
• Expo — mobile push notification delivery
• Google — Calendar integration (only when you connect your account)
• PHPMailer / SMTP providers — transactional email delivery

4.6 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

4.7 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Bcrypt hashing of all passwords
• HTTPS encryption for all data in transit
• CSRF protection on all web forms
• JWT authentication for mobile API requests
• Limited access to personal information by authorized personnel only

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your information in a structured, machine-readable format
• Objection: Object to the processing of your personal information
• Restriction: Request restriction of processing your personal information
• Withdraw Consent: Withdraw consent where we rely on consent to process your information

To exercise these rights, please contact us using the information provided at the end of this policy.

7. Cookies

We use session cookies to maintain your login state on the web platform. These cookies are essential for the Services to function and are deleted when you close your browser or log out. We do not use third-party advertising or tracking cookies.

You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in to the platform.

8. Children's Privacy

NextSet is designed for use by individuals who are at least 13 years of age. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with personal information without consent, please contact us and we will delete such information.

For users between 13 and 18 years of age, we require parental or guardian consent before creating an account.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. If you delete your account, we will securely delete or anonymize your personal data within a reasonable period, unless retention is required by law. Aggregated, anonymized data (such as platform usage statistics) may be retained indefinitely.

10. International Data Transfers

NextSet is operated from France and your data is processed on servers located in or accessible from the European Union and/or the United States. By using our Services, you consent to the transfer and processing of your information in these locations. We ensure that any such transfers comply with applicable data protection laws.

11. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

13. EU/EEA Data Protection (GDPR)

If you are located in the European Economic Area, our legal bases for processing your personal information include: performance of a contract (providing the Services), compliance with legal obligations, and your consent where required.

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.