COURTSY · LEGAL

Privacy Policy

EFFECTIVE7 May 2026
LAST UPDATED7 May 2026

This Privacy Policy describes how NIXE Labs(“NIXE Labs”, “we”, “us”, or “our”), a sole proprietorship operated by Harish Sivaram, collects, uses, and shares information when you use the Courtsymobile application (the “App”) and related backend services (together, the “Service”).

If you have any questions, contact us at nixe.cxt@gmail.com.

SECTION 01

Who we are (Data Controller)

For the purposes of the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and India’s Digital Personal Data Protection Act, 2023 (DPDP Act), NIXE Labs (sole proprietor: Harish Sivaram) is the data controller responsible for your personal data.

  • CONTACTnixe.cxt@gmail.com
  • BUNDLE IDnixelabs.Courtsy
SECTION 02

Information we collect

We collect only the information needed to operate Courtsy. We do not sell your personal data, and we do not use it for advertising.

2.1 Information you provide

CategoryExamplesSource
Account informationEmail address, password (stored as a hash by our auth provider — we never see it in plain text), display nameWhen you sign up
Profile informationDisplay name, avatar image (optional)Profile creation / edits
Group & social dataGroup names, group memberships, invite codes, friend relationships, friend requestsWhen you create or join groups, send/accept friend requests
Match recordsSport (badminton/tennis/squash), match type, venue, date, duration, scores, players involved, notes you writeWhen you log a match
Expense recordsExpense title, amount, currency, who paid, who owes, split type (equal/unequal/percentage/shares), participant approvals, optional notesWhen you log a shared expense
Settlement recordsPayer, payee, amount, currency, optional notes (records of who has paid back whom)When you mark a settlement
Game session dataGroup, location, date/time, expected number of players, response deadline, recurring schedule, your RSVP status (in/out/waitlist)When you create or respond to sessions
Courtsy does not process real-money payments. Expense and settlement amounts are records of money owed between you and your friends — Courtsy does not transfer funds, store card details, or facilitate payment processing.

2.2 Information collected automatically

CategoryExamplesPurpose
Authentication tokensJWT access tokens, refresh tokens (stored securely in the iOS Keychain on your device)Keeping you signed in
Push notification tokenApple Push Notification service (APNs) device tokenSending you notifications about invites, RSVPs, expenses, settlements
Activity statistics (derived)Total matches played, wins/losses, current and longest winning streaks, last match dateCalculated from your match history to display your stats page
Security audit logsSign-in events, sign-out events, password reset attempts, failure counts, timestampsDetecting suspicious activity and protecting your account
Technical metadataPlatform (iOS), app version, request timestampsService operation and troubleshooting

We do not collect: precise or coarse location, contacts, photos library, microphone audio, health data, calendar data, advertising identifiers (IDFA), or device fingerprints.

2.3 Information we do NOT collect

  • Real-money payment information (no Stripe, Apple Pay, or in-app purchases)
  • Third-party social-media profile data
  • Behavioral tracking data for advertising purposes
  • Cross-app or cross-website tracking
SECTION 03

How we use your information

We use your information for the following purposes (with the GDPR legal basis noted in brackets):

  1. To provide and operate the Service — running your account, syncing your data, calculating expense splits and statistics. [Performance of contract]
  2. To send notifications — match invitations, RSVP reminders, expense approvals, settlement notifications via APNs. [Performance of contract / your consent at the OS prompt]
  3. To enable group collaboration — Realtime updates so members of your group see new memberships, friendships, and game sessions immediately. [Performance of contract]
  4. To protect security — auditing sign-in events, rate-limiting failed login attempts, detecting abuse. [Legitimate interests / legal obligation]
  5. To respond to your requests — answering support emails, fulfilling deletion requests. [Legitimate interests / legal obligation]
  6. To comply with law — responding to lawful requests from authorities. [Legal obligation]

We will not use your data for automated decision-making that produces legal or similarly significant effects.

SECTION 04

Who can see your information (sharing within the App)

Courtsy is a closed-group, invitation-based app. Other people who use Courtsy may see your information as follows:

  • Anyone in a group with you can see: your display name, avatar, match history within that group, expenses you create or are a participant in, settlements involving you, and game sessions in that group.
  • Your friends can see: your display name, avatar, and that you are friends with them.
  • People you invite can see: your display name and the invite code you sent them.
  • Group owners can see and remove members of groups they own.

Information you put into a free-text field (such as expense notes, match notes, or session location) will be visible to everyone in the relevant group. Do not put sensitive personal information in these fields.

SECTION 05

Service providers and international transfers

We share data with the following third-party processors strictly to operate the Service:

ProviderPurposeData sharedWhere data is processed
Supabase Inc.Database, authentication, realtime, storage. All app data is stored and processed by Supabase.All categories listed in Section 2The Supabase region you have configured (please refer to our Supabase project for the specific region)
Apple Inc. — APNsDelivering push notifications to your devicePush token + notification payload (e.g., “Alex invited you to a match”)Apple infrastructure
Backend hosting providerRunning the Courtsy API server (e.g., Railway, Fly.io, or Render)API requests + responses in transitProvider's region

We do not use third-party analytics SDKs (no Google Analytics, Firebase Analytics, Mixpanel, Amplitude, Sentry, or similar) and we do not share data with advertising networks.

If you are located in the EU/UK, your data may be transferred to and processed in countries outside the European Economic Area (such as the United States). Where this happens, we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

SECTION 06

How long we keep your data (retention)

Type of dataRetention
Account profile, groups, friendshipsUntil you request deletion
Matches and expenses you deleteSoft-deleted with a timestamp; permanently purged on account deletion
Push notification tokensUntil you sign out, uninstall the app, or revoke notification permission
Security audit logsUp to 12 months, then deleted
BackupsRoutine database backups may retain data for up to 30 days after deletion before being overwritten
SECTION 07

Your rights

Depending on where you live, you have the following rights over your personal data:

7.1 Everyone

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Update inaccurate information (you can edit most of it yourself in the App).
  • Deletion — Request that we delete your account and personal data (see Section 8).
  • Withdraw consent — Where we rely on your consent (e.g., push notifications), you can withdraw it via iOS Settings.

7.2 EU/UK additional rights

  • Right to data portability (receive your data in a machine-readable format)
  • Right to restrict or object to certain processing
  • Right to lodge a complaint with your local supervisory authority (e.g., the UK ICO, the Irish DPC, or your national DPA)

7.3 California (CCPA/CPRA) additional rights

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to non-discrimination for exercising your rights
  • We do not “sell” or “share” personal information as those terms are defined under the CCPA

7.4 India (DPDP Act, 2023) additional rights

  • Right to access, correction, and erasure of your personal data
  • Right to grievance redressal — contact us at nixe.cxt@gmail.com
  • Right to nominate another individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email nixe.cxt@gmail.com. We will verify your identity (typically by confirming you control the email on the account) and respond within 30 days.

SECTION 08

Account deletion

We do not yet provide an in-app account deletion button. To delete your account and associated personal data:

  1. Email nixe.cxt@gmail.com from the email address registered to your Courtsy account.
  2. Include the subject line “Delete my Courtsy account”.
  3. We will verify your identity and delete your account within 30 days of your request.

When you delete your account:

  • Your profile, friendships, group memberships, push tokens, and security logs are permanently deleted.
  • Your matches, expenses, and settlements that involve other group members will be anonymisedrather than deleted, because deleting them would alter records (e.g., who-owes-whom) for other users who relied on them. Anonymised records will show “Deleted user” in place of your name.
  • Backups containing your data are overwritten on a rolling basis (within 30 days).

Apple App Store policy requires us to offer this deletion path; we honour it.

SECTION 09

Children's privacy

Courtsy is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact nixe.cxt@gmail.com and we will delete it.

If you are between 13 and 18 (or the age of majority where you live), please use Courtsy only with the involvement of a parent or guardian.

SECTION 10

Security

We protect your data using:

  • Encryption in transit — All connections to the App and backend use HTTPS/TLS. Connections that are not HTTPS are rejected by the App.
  • Encryption at rest — Data stored in Supabase is encrypted at rest.
  • Authentication — Industry-standard JWT tokens stored in the iOS Keychain.
  • Row-Level Security — Database-level access controls so users can only read/write their own data and data shared with their groups.
  • Rate limiting — Repeated failed login attempts trigger a temporary lockout.
  • Audit logs — Sign-in and security events are logged for monitoring.

No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.

SECTION 11

Push notifications

We send push notifications via APNs for events such as group invites, RSVP responses, expense approvals, and settlement updates. You can disable push notifications at any time via iOS Settings → Notifications → Courtsy. Doing so will not affect your ability to use the rest of the App.

SECTION 12

Cookies and tracking technologies

The Courtsy iOS app does not use cookies or web tracking technologies. We do not use the iOS Advertising Identifier (IDFA) and we have not implemented Apple’s App Tracking Transparency (ATT) prompt because we do not track you across other apps or websites.

SECTION 13

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top of this page.
  • For material changes (e.g., new categories of data collection, new third-party processors), notify you via the App or by email.

Continued use of Courtsy after the effective date of an updated policy constitutes your acceptance of the changes.

SECTION 14

Contact us

If you have questions, complaints, or requests relating to your privacy or this policy:

NIXE LABS

Email: nixe.cxt@gmail.com

Subject line for privacy requests: “Privacy request — Courtsy”

We aim to respond within 7 days for general queries and within 30 days for formal rights requests.

This policy is provided in good faith and is intended to comply with the GDPR, UK GDPR, CCPA/CPRA, and India’s DPDP Act, 2023. It is not legal advice. If you operate Courtsy under a registered legal entity in the future, update Sections 1 and 14 with the registered name and address.