Legal

Privacy Policy

Last updated: 11 May 2026

In short: ClubLono collects only what is needed to run your club sessions. We do not sell your data, show you adverts, or share your information with anyone beyond the services that power the app.

Who we are
Data we collect
How we use your data
Third-party services
Data retention
Your rights
Cookies & storage
Children
Changes to this policy
Contact us

1. Who we are

ClubLono is a queue and session management service for sports clubs. When this policy refers to "we", "us" or "our", it means ClubLono. You can reach us at hello@clublono.com.

For the agreement between ClubLono and users of the service, see our Terms of Service.

2. Data we collect

Host accounts (email sign-up)

Email address — used for authentication and account recovery.
Display name / nickname — shown in the app header (optional).
Password — stored as a secure hash by Supabase. We never see it in plain text.

Anonymous hosts (native app, no account)

A randomly generated anonymous user ID — created by Supabase to link you to your club. Not tied to any personal information.

Club and session data

Club name, sport, and settings you configure.
Player names you add to your roster (first name or nickname — no requirement to use real names).
Queue order, court assignments, match history, and win/loss records.
Club join password (stored as a one-way hash, never readable).

Guest users (no account required)

The name you enter when joining a session — stored only in the club's queue data, which is controlled by the host.
No email address or account is created for guests.
Push notification token — if you grant notification permission, your device's Expo push token is stored against your name in the club's data so the app can notify you when it is your turn to play. You can revoke this at any time by disabling notifications in your device settings.

Payments (paid sessions only)

If you book a paid session, we record the booking, the amount, the currency, and a Stripe payment reference. Card numbers, CVC, and expiry are entered directly into Stripe and never reach ClubLono's servers.
Hosts who enable paid sessions connect their own Stripe account; payouts go to the host, not to ClubLono.

Premium subscriptions

Where you subscribe via Stripe Billing on the web, we retain the subscription status, renewal date and Stripe customer reference.
Where you subscribe via the App Store or Google Play, the platform handles billing and tells us only whether the subscription is active.

Usage data

We do not use analytics trackers, advertising SDKs, or behavioural profiling tools.
Standard web server logs (IP address, browser type, page requests) may be retained for up to 30 days by our infrastructure provider for security purposes.

3. How we use your data

We use your data solely to provide the ClubLono service:

Authenticating your account and restoring your session across devices.
Storing your club configuration so guests can join and the queue persists.
Sending push notifications to alert players when it is their turn to pick a court.
Sending password-reset and transactional emails (booking confirmations, receipts) when triggered by your actions.
Responding to support requests you send us directly.

We do not use your data for advertising, profiling, or marketing without your explicit consent.

4. Third-party services

Supabase

All app data (user accounts, clubs, queues) is stored on Supabase, a cloud database and authentication platform. Supabase processes data on servers in the EU. Their privacy policy: supabase.com/privacy.

Stripe (paid sessions & Premium billing)

If you pay for a session or a Premium subscription, we use Stripe to process the payment. Card details are entered directly into Stripe and are never seen or stored by ClubLono — we only retain the payment status, the amount, and a Stripe reference ID so we can reconcile reservations and issue refunds. Stripe's privacy policy: stripe.com/privacy.

Expo push notifications

Push notification delivery is handled by Expo. Your device's push token is shared with Expo solely to deliver "your turn", booking and chat alerts. See expo.dev/privacy.

Resend (transactional email)

Booking confirmations, receipts and refund notifications are sent via Resend. We share your email address and the email content only. Their policy: resend.com/legal/privacy-policy.

Apple App Store / Google Play (Premium subscriptions only)

If you take out a Premium subscription through the iOS or Android app, billing is handled by Apple or Google under their own terms and privacy policies. We receive only the entitlement status, not your card details.

RevenueCat (Premium entitlement management)

Mobile Premium subscriptions are reconciled with the App Store / Google Play via RevenueCat. RevenueCat receives a pseudonymous app user identifier and the platform receipt; we use this only to determine whether your Premium subscription is active. Their privacy policy: revenuecat.com/privacy.

Sign in with Google / Sign in with Apple

If you choose to sign in with Google or Apple, your provider shares your basic profile information (name and email, or Apple's private-relay email if you select that option) with ClubLono so we can create or restore your account. We do not receive your Google or Apple password. Apple's policy: apple.com/legal/privacy/…/sign-in-with-apple. Google's policy: policies.google.com/privacy.

Vercel / hosting providers

The app and website are hosted on cloud infrastructure (Vercel, GitHub). Standard server access logs may be retained by these providers per their own policies.

Google Fonts

Our marketing website loads fonts from Google Fonts. This causes your browser to make a request to Google's servers. Google's privacy policy applies: policies.google.com/privacy.

We do not share your data with any other third parties.

5. Data retention

Account data: Retained for as long as your account is active. You can request deletion at any time — see our account deletion page.
Club / session data: Stored indefinitely until the host deletes it via the app's "Full Wipe" feature, or requests deletion.
Guest names in queues: Removed from the queue when the session ends or the host clears the queue. They may persist in match-history records controlled by the host.
Financial records: Booking, amount, currency and Stripe reference are retained as required by applicable tax and accounting law (typically up to 6 years in the UK).
Server logs: Deleted after 30 days.

6. Your rights

Under UK GDPR and EU GDPR, you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated data — see our account deletion page for in-app and email paths.
Object to certain types of processing.
Portability — receive a copy of your data in a machine-readable format.
Complain to a supervisory authority. In the UK that is the Information Commissioner's Office: ico.org.uk.

To exercise any of these rights, email hello@clublono.com with the subject "Data Request". We will respond within 30 days.

7. Cookies & storage

The ClubLono web app (app.heylono.com) uses browser local storage and session storage to keep you logged in and remember your preferences. These are essential for the app to function.

The marketing website (clublono.com) stores only your theme preference (light or dark) in local storage. We set no advertising, analytics, or tracking cookies. Google Fonts may set functional cookies when loading webfonts.

8. Children

ClubLono is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact us

For any privacy-related questions or requests: hello@clublono.com

Or visit our Contact page.