Effective Date: February 24, 2026
OnDeck ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.
1. Information We Collect
Information You Provide
We collect information you provide directly to us:
- Account Information: Name, email address, phone number, and profile picture when you create an account
- Roster Information: Names and phone numbers of players you add to your groups
- Match Information: Dates, times, locations, and player counts for matches you create
- Communications: Messages you send through the Service or to our support team
- Payment Information: Billing details processed securely by our payment provider (Stripe)
Information Collected Automatically
When you use our Service, we automatically collect:
- Device Information: Device type, operating system, and unique device identifiers
- Usage Data: Features used, actions taken, and time spent in the app
- Push Notification Tokens: Identifiers for delivering push notifications to your device
- Log Data: IP address, browser type, and access times
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Send SMS invitations and push notifications for match coordination
- Process subscription payments
- Respond to your comments, questions, and support requests
- Send you technical notices, updates, and administrative messages
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent or unauthorized activity
3. Third-Party Services
We use trusted third-party services to operate our platform:
| Service |
Purpose |
Data Shared |
| Supabase |
Database and authentication |
Account data, roster data, match data |
| Twilio |
SMS messaging |
Phone numbers, message content |
| Firebase (FCM) |
Push notifications |
Device tokens, notification content |
| Stripe |
Payment processing |
Payment method, billing address |
| Google Calendar |
Calendar sync (optional) |
Match dates, times, locations |
Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies.
4. SMS Communications
When you add players to your roster and enable SMS invitations:
- We send SMS messages to those players on your behalf for match coordination
- Players can opt out of SMS messages at any time by replying STOP
- We comply with applicable telecommunications regulations including TCPA and carrier guidelines
- SMS is available for US and Canada phone numbers only
5. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Specifically:
- Account Data: Retained until you delete your account
- Match History: Retained for 2 years for statistics and record-keeping
- Invite Tokens: Expire after 72 hours and are then deleted
- Payment Records: Retained as required by financial regulations
You may request deletion of your account and associated data by contacting us at privacy@ondeck.app.
6. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data transmitted between your device and our servers is encrypted using TLS
- Sensitive data is encrypted at rest in our database
- Invite tokens are cryptographically generated (256-bit random) and hashed (SHA-256)
- Access to user data is restricted to authorized personnel only
- We conduct regular security reviews of our systems
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
All Users
- Access your personal information
- Correct inaccurate information
- Delete your account and associated data
- Opt out of SMS communications
- Opt out of push notifications through device settings
California Residents (CCPA)
- Right to know what personal information we collect
- Right to request deletion of your data
- Right to non-discrimination for exercising your rights
- We do not sell your personal information
European Users (GDPR)
- Right to access, rectify, or erase your data
- Right to restrict or object to processing
- Right to data portability
- Right to withdraw consent at any time
To exercise any of these rights, contact us at privacy@ondeck.app.
8. Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new Privacy Policy on this page
- Updating the "Effective Date" at the top
- Sending an email notification for material changes
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
