FinalPoint

Privacy Policy

Last updated: May 28, 2026

This policy explains what personal information FinalPoint (“we”, “us”) collects when you use the service, how we use it, who we share it with, and what rights you have over it. FinalPoint is operated by AJ Oluwasina (United Kingdom). If you have any questions, email us at info@thefinalpoint.app.

1. Information we collect

We collect the following categories of information:

  • Account information: email address, password (stored as a hash, never in plain text), first and last name, username, and date of birth. Date of birth is used solely to confirm you meet the minimum age requirement.
  • Profile content: the profile picture you choose (preset illustration or photo you upload) and any display preferences.
  • Match and group data: groups you create or join, sessions you attend, players you add, matches you record (including matches recorded against another player without a shared group), match scores, and derived EVO ratings.
  • Activity and gameplay data: achievements you unlock, notifications we generate for you and your read / unread state for them.
  • Bug reports: when you use the “Report a bug” link we prefill an email with the page URL, your viewport size, user-agent string, and a timestamp to help us diagnose the issue. You can edit or remove any of that before sending.
  • Technical information: session cookies needed to keep you signed in, IP address, user agent, and diagnostic logs collected when the app encounters an error.
  • Apple Health data: on iPhone, and only if you grant permission, recent racket-sport workouts (type, time, and duration) plus the heart rate and active calories recorded during them. See section 3 for full detail.

2. How we use information

  • To create your account and keep you signed in.
  • To provide the service: store your matches, compute EVO ratings, show leaderboards and achievements, and share activity with the groups and players you interact with.
  • To protect the service from abuse, fraud, and outages.
  • To contact you about the service (for example, password resets or material changes to this policy).
  • To fix bugs and improve the product.

We do not sell your personal information. We do not use it for advertising.

Under the UK GDPR we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) to create your account, deliver the core features of the Service, and keep your session active.
  • Legitimate interests (Art. 6(1)(f)) to protect the Service from abuse and fraud, to diagnose and fix errors, and to maintain the integrity of our ranking system.
  • Legal obligation (Art. 6(1)(c)) where we are required to retain or disclose information to comply with applicable law.
  • Consent (Art. 6(1)(a)) where you choose to submit optional information (for example, a profile picture).

3. Apple Health (HealthKit)

If you use FinalPoint on iPhone and grant permission, we read a limited set of workout data from Apple Health to power the optional “log your workout as a match” feature:

  • Recent racket-sport workouts (tennis, badminton, table tennis, pickleball) — their type, start and end time, and duration.
  • The average and maximum heart rate recorded during a workout.
  • The active energy (calories) burned during a workout.

We use this data only to detect a recent workout and offer to log it as a match, and to store the heart rate, calories, and duration alongside the match you create so you can see your effort over time. We do not write any data back to Apple Health.

Apple Health data is read only with your explicit permission, which you grant through the standard iOS Health prompt and can withdraw at any time in the iOS Settings or Health app. The heart rate and calorie figures stored with a match are visible only to you — not to your opponents or other group members. We never use Apple Health data for advertising or marketing, never sell it, and never share it with third parties for those purposes; it is processed solely to provide the feature described above and stored in our Supabase database. This use complies with Apple’s HealthKit terms.

4. Who we share information with

We share information with a small number of service providers who process it on our behalf:

  • Supabase (database, authentication, file storage).
  • Vercel (application hosting and delivery).
  • Cloudflare (DNS and edge proxy in front of our hosting; handles connection metadata such as IP address and request headers).
  • Sentry (error monitoring, receives diagnostic logs when the app crashes).

We share information with other players in the context of play: the other members of any group you join see your display name, username, profile picture, and match results for that group; if you record a match against another FinalPoint user without a shared group (a “Quick Match”), that match and your public profile fields are visible to them. Beyond that we only disclose information when required by law or to protect the rights, property, or safety of our users.

5. Data retention

We keep account and match data for as long as your account is active. You can delete your account yourself at any time from Settings → Settings & notifications → Delete my account, or by emailing us. Deletion is immediate and permanent: your profile, sign-in credentials, push subscriptions, in-app inbox, RSVPs, group memberships, blocks, and reports are removed. If you sign up again with the same email later, you get a brand new account — none of the old data is brought back. Matches you played in are preserved for the other players’ records, but where your name used to appear opponents will see “Unknown player.” Anonymous account-deletion feedback you provide is kept for product research and is not linked to you. Error logs in Sentry are retained for up to 90 days.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your account and the data associated with it.
  • Export a copy of your data in a portable format.
  • Object to or restrict certain kinds of processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email info@thefinalpoint.app. We’ll respond within 30 days.

7. Children

FinalPoint is not intended for children under 13. We do not knowingly collect information from anyone under 13. If you believe a child has given us personal information, contact us and we will delete it.

8. Security

We protect data in transit with HTTPS, at rest with encryption provided by our hosting and database providers, and through row-level access controls so users can only read rows they have permission to see. No system is perfectly secure; we work in good faith to minimise risk.

9. International transfers

Our service providers may process data outside your country of residence, including in the United States and the European Union. Where required, we rely on standard contractual clauses or other lawful transfer mechanisms.

10. Cookies and local storage

We use a small number of cookies that are strictly necessary to sign you in and keep your session active. We do not use advertising or tracking cookies.

The app also stores a few small values in your browser’s local and session storage to remember preferences between visits. These never leave your device and contain no personal information:

  • Whether you’ve dismissed the “Add to home screen” prompt.
  • Which version of the in-app changelog you’ve already seen.
  • A flag marking that the loading-screen tip of the day has already been shown once in the current tab.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we’ll update the date at the top and, where appropriate, notify you by email or through the app.

12. Contact

Questions, concerns, or requests about this policy can be sent to info@thefinalpoint.app.