Back to home

Privacy Policy

Last updated: 2 June 2026

Jump to section

1. About this policy

Sunrise Tennis PTY LTD (ACN 696 546 531, ABN 38 696 546 531) — trading as Sunrise Tennis ("we", "us", "our") — operates a tennis coaching business based at Somerton Park Tennis Club, Adelaide, South Australia. This policy explains how we collect, use, store and disclose your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Because we collect health information (such as injuries, medical conditions and physical limitations) to keep players safe during coaching sessions, we are covered by the Privacy Act regardless of our annual turnover.

2. Information we collect

Personal information

  • Names and contact details (phone, email, address) of parents/guardians
  • Player names, dates of birth and gender
  • Account login credentials (email and password, managed by Supabase Auth)

Sensitive information (health data)

  • Medical notes — allergies, injuries, conditions relevant to physical activity
  • Physical limitations or considerations for coaching

We only collect health information that you voluntarily provide for the purpose of player safety during coaching sessions. We will ask for your explicit consent before collecting this information.

Payment information

Payments are processed by Stripe using client-side tokenisation. Your card details are sent directly to Stripe and never touch our servers. We only store transaction references, amounts and payment status.

Coaching and program data

  • Lesson notes, attendance records and coaching progress
  • Program enrolments and booking history
  • Team membership and availability responses

Website analytics & enquiry source

We use Plausible Analytics — a privacy-first, cookieless service that counts page visits without setting cookies, without tracking you across other websites, and without collecting information that personally identifies you. No consent banner is required because it collects no personal information.

When you book a free trial we also record which channel brought you to us (for example a social link or a referral) and, if you choose to share it, your free-text answer to "how did you hear about us". We use this only to understand which of our efforts are working — not to build a profile of you.

3. How we use your information

  • Coaching delivery — managing lessons, tracking progress, planning sessions
  • Player safety — medical notes ensure coaches are aware of relevant conditions
  • Billing and payments — invoicing, payment tracking, balance management
  • Communication — session notifications, booking confirmations, team messages
  • Program management — enrolments, attendance, scheduling

We do not use your information for marketing to third parties, sell your data, or share it with anyone outside the coaching operation.

4. Who can access your information

  • Administrators — can access all data for business management
  • Coaches — can access player profiles and medical notes for players in their sessions
  • Parents/guardians — can view and edit only their own family's information

Access is enforced at the database level using row-level security policies. No user can access another family's data through the application.

5. How we store and protect your information

  • All data is transmitted over HTTPS (encrypted in transit)
  • Medical and physical notes are encrypted at rest using AES-256 encryption
  • Access controls are enforced at the database level (row-level security)
  • All changes to sensitive records are logged in an audit trail retained for 7 years
  • Authentication uses secure, httpOnly session cookies with regular token refresh

Data location

Our database is hosted by Supabase in their Northeast Asia (Tokyo, Japan) data centre. Supabase is a trusted infrastructure provider with SOC 2 Type II certification. Under APP 8, we disclose that your personal information is stored on servers located in Japan. We have taken reasonable steps to ensure Supabase's data handling practices are consistent with the Australian Privacy Principles.

6. Children's data

Most of our players are children and young people. All data relating to minors is collected with the knowledge and consent of their parent or guardian, who manages the account on their behalf. Parents can view, edit, or request deletion of their children's data at any time through their portal or by contacting us directly.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information — you can view your data in the parent portal at any time (APP 12)
  • Correct your personal information — you can update your details through the portal or by contacting us (APP 13)
  • Request deletion — contact us to request removal of your data, subject to any legal retention requirements
  • Complain — if you believe we have breached the APPs, contact us first. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

8. Data retention

  • Active client records are kept while your family is enrolled
  • Inactive records are archived (not deleted) and retained for a reasonable period in case you return
  • Audit logs are retained for 7 years for compliance purposes
  • You may request deletion of your data at any time by contacting us

9. Third-party services

ServicePurposeData shared
SupabaseDatabase and authenticationAll application data (encrypted at rest)
StripePayment processingPayment tokens and transaction data only
VercelApplication hostingNo persistent data storage
UpstashRate limiting (abuse protection)IP addresses and request counts, short retention
PlausiblePrivacy-first website analytics (cookieless)Aggregate visit counts only — no cookies, no personal information
Google (Gemini)Sports voucher OCR (on upload)Uploaded voucher image only, not retained by Google
Google (Speech-to-Text)Voice search transcription (admin use — see section 10)Microphone audio while an admin holds to speak; transcript used to fill a search box, not stored

We do not share your personal information with any other third parties.

10. Voice features (admin use)

Our administrators may use an optional voice tool to search records and (in a later release) capture session notes and actions by speaking instead of typing. This is an administrator convenience — parents and players do not use it.

  • How it works — when an administrator holds the microphone button, their device's speech service transcribes what they say into text. On Android devices this is Google's cloud Speech-to-Text service; on desktop Chrome it may be processed on the device.
  • Overseas processing (APP 8) — Google's speech service may process the audio on servers located outside Australia, including the United States. We disclose this so you can make an informed choice.
  • What is captured — only the audio spoken while the button is held. The resulting text is used to fill a search box or, in a later release, to draft a note that an administrator reviews before saving. We do not retain the raw audio.
  • Opting out — if you would prefer that administrators not use voice tools in connection with your family's records, let us know (see section 12) and we will use ordinary typed entry instead.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the application. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact us

If you have questions about this privacy policy or wish to make a complaint, contact:

Maxim Paskalutsa (Director, Head Coach)
Sunrise Tennis PTY LTD
Somerton Park Tennis Club
40 Wilton Ave, Somerton Park SA 5044
Phone: 0431 368 752
Email: info@sunrisetennis.com.au

Back to top