Privacy Policy

1. Who we are

DinkBrain is a product of Hunter Thomas LLC, an Oregon limited liability company (“Hunter Thomas LLC,” “DinkBrain,” “we,” “us,” or “our”). DinkBrain is a software platform used by pickleball facility operators to analyze their CourtReserve booking data and organize on-court sessions. This Privacy Policy describes how we handle personal information in connection with our website at dinkbrain.com and the DinkBrain application (collectively, the “Service”).

DinkBrain operates two distinct relationships with the data on our platform:

• Controller relationship for the facility’s account holders (operators, managers, organizers, and other users we authenticate directly). We decide how and why their account data is processed.
• Processor relationship for the underlying facility data — player names, reservation history, contact information, ratings, and similar records that the operator imports from CourtReserve or otherwise provides. The operator is the controller of that data; DinkBrain processes it on their behalf according to our Terms of Service.

2. What data we collect

2.1 Account information

When you register an account, we collect your name, email address, password credentials (managed by our authentication provider), facility name, role (owner, operator, organizer), and any profile details you choose to add. Authentication is handled by Clerk; some account metadata is therefore stored with Clerk under their own data protection terms.

2.2 Facility data

When a facility connects DinkBrain to CourtReserve (or uploads exported data manually), we ingest:

• Reservation and booking history (court, time, organizer, attendees, fees)
• Member and player records (name, email, phone, membership tier, rating, join date, notes)
• Event and program metadata (round robins, leagues, lessons, clinics)
• Facility configuration (court count, hours, pricing, instructor roster)
• Operator edits applied within DinkBrain to any of the above

The operator decides what gets imported. DinkBrain does not request more than what the operator’s CourtReserve account already exposes to its administrators.

2.3 Payment information

Subscription payments are processed by Stripe. We do not store full card numbers or bank account details on DinkBrain systems. Stripe sends us a customer identifier, the last four digits of the card, the card brand, the country, and the billing outcome (succeeded, failed, refunded). Stripe’s own privacy practices apply to the underlying card data.

2.4 Usage and device data

We log basic technical information needed to operate the Service:

• IP address, user-agent, and timestamps for requests against our API
• Pages viewed, features used, and errors encountered while you are signed in
• Diagnostic exception traces captured by our error tracking provider (Sentry)

Anonymous visitors to the marketing pages may have minimal request logs recorded by our hosting provider for security and abuse prevention.

2.5 Support communications

If you email us, file a feedback ticket from within the product, or otherwise contact us, we keep that correspondence so we can respond and improve the Service.

3. How we use your data

We use the data we collect to:

• Provide, operate, and improve the Service
• Compute the analytics, projections, and recommendations the Service surfaces
• Authenticate users and prevent unauthorized access to facility accounts
• Process subscription payments and send invoices and receipts
• Diagnose bugs, monitor uptime, and respond to security incidents
• Respond to support requests and operator feedback tickets
• Send service-related messages (e.g., billing notices, maintenance announcements, breach notifications where required by law)
• Comply with legal obligations and enforce our Terms of Service

We do not sell personal data, share it with advertising networks, or use facility or player data to train machine-learning models for other customers. Where we use third-party AI services to power features inside the Service, those services operate under data-processing agreements that prohibit training on customer data.

4. Legal basis for processing

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with a similar framework, our legal bases for processing personal data are:

• Contract. We process account, billing, and facility data to perform the contract between us and the facility (the Terms of Service).
• Legitimate interests. We process limited usage and security data to run the Service reliably, prevent fraud, and improve features. We weigh these interests against your rights.
• Consent. Where required, we ask for consent — for example, for optional marketing communications. You can withdraw consent at any time.
• Legal obligation. We may process data to comply with tax, accounting, and other obligations.

5. Who we share data with

We share data with a small set of vetted service providers that help us operate the Service. Each is bound by contractual confidentiality and data-protection obligations.

We may also share data:

• With the operator’s facility administrators. Account activity, player records, and analytics inside a facility account are visible to that facility’s authorized users.
• For legal reasons. When required by law, court order, or government request, or to protect the rights, property, or safety of DinkBrain, our users, or others.
• In a corporate transaction. If DinkBrain is acquired or merged, user data may transfer to the successor entity, subject to the protections of this Policy.

6. CourtReserve integration

DinkBrain reads data from CourtReserve on the operator’s behalf, using credentials or API access the operator authorizes. We do not have a partnership with CourtReserve unless explicitly disclosed; we are a third-party application that interoperates with their platform.

When the operator pushes data back to CourtReserve from within DinkBrain (for example, writing a court block to mark an organized session), that data is governed by CourtReserve’s own terms and privacy policy once it leaves DinkBrain. The operator is responsible for ensuring their use of DinkBrain complies with their CourtReserve agreement.

7. Player and member data

A significant portion of the data inside DinkBrain is about players and members whose information was imported from CourtReserve by their facility. DinkBrain acts as a processor for that data on behalf of the facility.

If you are a player or member and you wish to access, correct, or delete data the facility holds about you in DinkBrain, please contact your facility directly. They are the controller of that data and have the tools to action your request. We will assist them on request.

Players who interact directly with DinkBrain — for example, by opening a personalized link or self-organizing through a kiosk — may have additional interaction data recorded (timestamps, selections made). That data is also held under the facility’s control.

8. Data retention

• Active accounts. We retain facility and account data for as long as the account is active.
• After cancellation. Unless you request earlier deletion, we retain facility data for up to 90 days after cancellation in case you choose to reactivate. After 90 days we delete or de-identify it.
• Billing records. Stripe and tax-related records may be retained for up to 7 years to meet financial and tax obligations.
• Backups. Data may persist in encrypted backups for a short period after deletion until those backups are overwritten on rotation.
• Logs. Application and security logs are kept for up to 30 days and then purged or aggregated.

9. Your rights and choices

Depending on where you live, you may have rights regarding your personal data, including the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your personal data (subject to limited legal exceptions)
• Restrict or object to certain processing
• Receive a portable copy of your data
• Withdraw consent for processing that relied on consent
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at privacy@dinkbrain.com. We will respond within the timeframes required by applicable law. If your request concerns data held inside a facility’s account, we may need to direct or coordinate with that facility.

California, Colorado, Virginia, Connecticut, Utah, and other US-state residents have specific rights under their state privacy laws (including the right to know what categories of personal information we have collected, the right to deletion, and the right not to be discriminated against for exercising these rights). We honor those rights for all DinkBrain users regardless of state of residence.

10. Security

We use industry-standard technical and organizational measures to protect personal data, including:

• Encryption in transit (HTTPS/TLS) for all client-server traffic
• Encryption at rest for primary databases and backups
• Row-level security policies that isolate each facility’s data
• Least-privilege access controls for DinkBrain staff and automated systems
• Hashed and salted credentials managed by our authentication provider
• Monitoring, alerting, and incident response procedures

No method of transmission or storage is perfectly secure. If we become aware of a security incident that affects your personal data, we will notify you and, where required, the relevant authorities, in accordance with applicable law.

11. Cookies and local storage

DinkBrain uses cookies, local storage, and IndexedDB to keep you signed in, store user preferences, and cache data for offline-capable parts of the Service. We also use a minimal set of first-party analytics to understand product usage.

We do not use third-party advertising cookies or trackers. Some sub-processors (e.g., Clerk for authentication) may set their own cookies necessary to operate their service.

You can control cookies through your browser settings, but disabling cookies may impair your ability to use the Service.

12. International data transfers

DinkBrain is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US and in other countries where our service providers operate. We use Standard Contractual Clauses or other appropriate safeguards where required by law to protect personal data transferred from the European Economic Area, the United Kingdom, or Switzerland.

13. Children’s privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Facilities may include junior members in their imported data; those records are managed by the facility and governed by parental consent collected at the facility level. If you believe a child under 13 has provided personal information directly to DinkBrain, please contact us so we can delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide notice through the Service or by email. Continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

15. Contact us

If you have questions about this Privacy Policy or how we handle your data:

• General contact: hello@dinkbrain.com
• Privacy requests: privacy@dinkbrain.com
• Security disclosures: security@dinkbrain.com

See also our Terms of Service.