Privacy Policy

1. About This Policy

Session for Tennis is a SaaS platform operated by JK.Creative LLC (“we”, “us”, “our”), a Washington State limited liability company. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. By using Session for Tennis at tennis.jkcreative.store, you agree to the practices described here.

2. Data We Collect

We collect the following categories of information:

• Account information — your name, email address, and password (stored as a hashed credential via Firebase Authentication).
• Profile information — business name, phone number, coaching certifications, and locale preference.
• Client data — names, contact details, UTR/NTRP ratings, lesson history, session notes, and stroke video recordings that you upload for your students.
• NFC check-in data — when a client checks in via NFC fob or QR code, we collect the fob UID, timestamp, coach ID, and client ID. This data is stored in Supabase under the tennis.check_ins table, retained for the life of the account, and used solely for session tracking and package decrement. It is not shared with third parties. A client may request deletion of their check-in records by asking their coach.
• Voice dictation transcripts — voice notes are transcribed in-browser via the Web Speech API. Audio is processed on-device (or by the browser’s built-in speech service, e.g., Chrome routes audio through Google’s speech service). We never receive or store audio recordings. Only the resulting text transcript is stored in Session for Tennis as part of the session record.
• Video uploads — coaches upload short client stroke videos (max 60 seconds, 720p, H.264) to Firebase Storage under the coach’s tenant. Coaches retain ownership of all uploaded content per the Terms of Service. Video is private to the uploading coach and any client the coach has invited to the Student PWA. Clients may request video deletion by contacting their coach; coaches can delete videos directly from the session record.
• Payment information — subscription billing and lesson package transactions are processed by Square. We store only a reference token and connection status; we do not store full card numbers or bank account details.
• Usage data — log data, browser type, IP address, device information, and feature interactions collected automatically to operate and improve the service.
• Error and diagnostic data — application errors, stack traces, and performance metrics collected via Sentry for debugging and reliability purposes.

3. How We Use Your Data

• Provide, operate, and maintain the Session for Tennis platform.
• Authenticate your account and protect against unauthorized access.
• Process subscription payments and lesson package purchases.
• Send transactional emails (booking confirmations, receipts, password resets) via Resend.
• Send service announcements and product updates (you may opt out at any time).
• Diagnose errors and improve platform reliability via Sentry error monitoring.
• Analyze usage patterns to fix bugs and improve features.
• Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Coach Responsibility for Client Data

As a coach, you act as the data controller for the personal information of your clients that you enter into Session for Tennis. JK Creative acts as a data processor, processing client data solely on your behalf to provide the service.

You are responsible for:

• Obtaining informed consent from each client before entering their data or uploading their video recordings.
• Informing your clients about how their data is stored and processed.
• Responding to your clients' data access, correction, and deletion requests.
• Complying with all applicable privacy laws regarding the data you collect from your clients.

5. Third-Party Services

Session for Tennis relies on the following sub-processors. Each operates under its own privacy policy.

6. Cookies

We use session cookies and local storage to maintain your login state and preferences. We do not use advertising cookies, cross-site tracking cookies, or third-party marketing cookies. No cookie consent banner is required because we use only strictly necessary cookies for platform operation.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Account and client data: removed from our systems within 30 days.
• Payment records: retained for up to 7 years as required by tax and financial compliance laws.
• Error logs (Sentry): automatically purged after 90 days.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (subject to legal retention requirements).
• Object to or restrict certain processing activities.
• Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at support@jkcreative.store. We will respond to verified requests within 30 days.

9. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to know: You may request the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale: We do not sell personal information. No opt-out is necessary.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email support@jkcreative.store. We will verify your identity before processing the request.

10. Washington State Residents

JK Creative complies with the Washington Privacy Act and Washington consumer protection laws. Washington residents have the right to access, correct, and delete their personal data, as well as the right to data portability.

In the event of a data breach involving your personal information, we will notify affected users without unreasonable delay as required by the Washington Data Breach Notification Law (RCW 19.255.010), and will also notify the Washington State Attorney General when required.

11. Children's Privacy (COPPA)

Session for Tennis is designed for use by adult coaches, not children. However, we recognize that coaches may work with minor students (under 13). JK Creative does not knowingly collect personal information directly from children under 13.

If you are a coach working with minors, you are solely responsible for obtaining verifiable parental consent before entering any minor's information into the platform, as required by the Children's Online Privacy Protection Act (COPPA). If we become aware that a child's information has been entered without parental consent, we will delete it promptly.

12. CAN-SPAM Compliance

Emails sent through Session for Tennis via our email provider (Resend) are transactional in nature — booking confirmations, receipts, password resets, and service notifications. These are not commercial marketing emails and are exempt from CAN-SPAM opt-out requirements. For optional product update emails, you may unsubscribe at any time using the link provided in each email.

13. Data Security

We use industry-standard measures to protect your data, including:

• HTTPS encryption for all data in transit.
• Firebase Security Rules to enforce access control at the database level.
• Hashed and salted credentials — we never store plaintext passwords.
• Role-based access controls within the application.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information and will notify you promptly in the event of a breach.

14. Do Not Track

Session for Tennis does not track users across third-party websites and does not respond to Do Not Track (DNT) browser signals because we do not engage in cross-site tracking. Our platform uses only first-party, strictly necessary cookies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy. The “Effective date” at the top of this page reflects the date of the most recent revision.

16. Contact

Questions or concerns about this Privacy Policy? Contact us at: