Racket Tag
Sign In

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy explains how Racket Tag ("the Service"), a personal hobby project, collects, uses, and shares information when you use the Service. By using Racket Tag, you agree to the collection and use of information as described in this policy and in our Terms and Conditions.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address for authentication purposes. We use a passwordless magic-link sign-in system provided by a third-party authentication service.

1.2 Profile Information

You may provide a nickname that is displayed on your profile and associated with your racket cards.

1.3 Racket Card Data

When you create a racket card, you may provide the following information:

  • Racket name, brand, and model
  • String brand and type
  • String tension (in lbs and/or kg)
  • Date the racket was strung
  • Free-text notes
  • Owner nickname

1.4 Automatically Collected Information

The Service and its third-party hosting providers may automatically collect limited technical information, including:

  • IP address
  • Browser type and version
  • Pages visited and timestamps
  • Referring URL

This data is collected by the infrastructure providers and is not actively processed or analyzed by the operator.

1.5 Cookies

The Service uses essential cookies required for authentication and session management. These cookies are set by the third-party authentication provider and are necessary for the Service to function. The Service does not use advertising or tracking cookies.

1.6 Analytics

The Service uses Vercel Web Analytics and Vercel Speed Insights to understand how the Service is used and to monitor performance. These tools collect anonymized, aggregated data such as page views and Core Web Vitals. They do not use cookies, do not track individual users across sites, and do not collect personally identifiable information. Analytics data is only collected after you accept the cookie consent banner. You can learn more about Vercel's privacy practices in their Analytics Privacy Policy.

2. How We Use Your Information

Your information is used solely to:

  • Authenticate you and manage your session;
  • Display your racket card details to you and (via QR codes) to anyone who scans them;
  • Generate QR codes that link to your publicly shared racket card data;
  • Understand how the Service is used and improve performance through privacy-friendly analytics;
  • Operate and maintain the Service.
  • Send you service-related communications such as account, order, and racket card notifications via email.

Your information is not used for marketing, advertising, profiling, automated decision-making, or any commercial purpose. Transactional emails (see Section 4) are sent only when necessary to operate the Service or respond to actions you take, such as placing an order or creating a racket card.

3. Public Information

When you create a racket card and generate a QR code, the associated card data (racket details, string details, owner nickname, and notes) becomes publicly accessible to anyone who scans the QR code or visits the public link. Your email address is never shared publicly.

You are solely responsible for the information you make publicly available through the Service.

4. Data Sharing and Third-Party Services

The Service relies on the following third-party services to operate:

  • Supabase — authentication, database hosting, and data storage
  • Vercel (or similar hosting provider) — web application hosting, analytics, and performance monitoring
  • Resend — transactional email delivery for account, order, and racket card notifications

These providers may process your data in accordance with their own privacy policies. The operator is based in **Switzerland** and acts as the data controller for the purposes of the Swiss Federal Act on Data Protection (FADP / revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR). The operator does not sell, trade, or rent your personal information to any third party. Data may be shared only if required by law.

5. Data Retention

Your data is retained for as long as your account exists or as long as the Service is operational. The operator makes no guarantee regarding data retention, backup, or recovery. The Service may be discontinued at any time, and data may be permanently deleted without notice.

6. Data Security

The operator takes reasonable measures to protect your data by leveraging the security features of the third-party infrastructure providers. However, no method of transmission over the internet or electronic storage is 100% secure. The operator cannot guarantee the absolute security of your data and shall not be held liable for any unauthorized access, data breaches, or data loss.

7. Your Rights

Under the Swiss Federal Act on Data Protection (FADP / revDSG) and — where applicable — the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Access — the right to request a copy of the data we hold about you, including information about its origin, processing purposes and recipients;
  • Correction / Rectification — the right to update or correct inaccurate data;
  • Deletion / Erasure — the right to request deletion of your account and associated data;
  • Portability — the right to receive the personal data you have provided in a commonly used, machine-readable format;
  • Objection / Restriction — the right to object to, or request the restriction of, certain processing activities;
  • Complaint — the right to lodge a complaint with a competent supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB / PFPDT), [edoeb.admin.ch](https://www.edoeb.admin.ch). In the EU/EEA, you may contact the supervisory authority of your country of residence.

To exercise any of these rights, contact the operator through the channels listed in Section 12. The operator will make reasonable efforts to respond to valid requests without undue delay, but as a non-commercial hobby project, response times are not guaranteed.

8. Children's Privacy

The Service is not directed to children under the age of 16. The operator does not knowingly collect personal information from children under 16. If you believe a child has provided personal information through the Service, please contact the operator so the information can be removed.

9. International Data Transfers

The operator is based in **Switzerland**. Your data is processed through third-party infrastructure providers whose servers are typically located in **Switzerland, the European Economic Area (EEA), and the United States**. Transfers outside Switzerland and the EEA rely on the following safeguards: (a) transfers to countries recognised as providing adequate protection by the Swiss FDPIC and the European Commission; (b) for transfers to the United States, reliance on the **Swiss–US Data Privacy Framework** (recognised as adequate by the FDPIC since 15 September 2024) and the **EU–US Data Privacy Framework** where the recipient is self-certified; and (c) the **Standard Contractual Clauses** (SCCs) adopted by the European Commission and recognised by the FDPIC, together with any additional technical and organisational measures required. By using the Service, you acknowledge these transfers.

10. Changes to This Policy

The operator may update this Privacy Policy at any time. Changes take effect immediately upon posting the updated policy on this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. It is your responsibility to review this policy periodically.

11. Legal Basis for Processing (Swiss FADP & GDPR)

Processing of your personal data is carried out on the following legal bases under the Swiss Federal Act on Data Protection (FADP / revDSG) and, where you are located in the European Economic Area (EEA), the EU General Data Protection Regulation (GDPR):

  • Consent — given by creating an account, using the Service, and (for analytics) accepting the cookie banner (FADP Art. 6 para. 6; GDPR Art. 6(1)(a));
  • Legitimate interest / overriding interest — to operate, secure and maintain the Service (FADP Art. 31 para. 1 / 2; GDPR Art. 6(1)(f));
  • Contractual necessity — to provide the Service as described in the Terms and Conditions (GDPR Art. 6(1)(b); corresponding justification under the FADP).
  • Legal obligation — where processing is required to comply with applicable Swiss or EU law (GDPR Art. 6(1)(c); FADP Art. 31 para. 1).

12. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, you can reach the operator through the in-app contact form (available from your dashboard once you are signed in) or by opening an issue on the project's public repository. The operator acts as the data controller and is based in Switzerland.