Back

Privacy Policy

Last updated: 19 March 2026

1. About this policy

Sunrise Tennis ("we", "us", "our") operates a tennis coaching business based at Somerton Park Tennis Club, Adelaide, South Australia. This policy explains how we collect, use, store and disclose your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Because we collect health information (such as injuries, medical conditions and physical limitations) to keep players safe during coaching sessions, we are covered by the Privacy Act regardless of our annual turnover.

2. Information we collect

Personal information

  • Names and contact details (phone, email, address) of parents/guardians
  • Player names, dates of birth and gender
  • Account login credentials (email and password, managed by Supabase Auth)

Sensitive information (health data)

  • Medical notes — allergies, injuries, conditions relevant to physical activity
  • Physical limitations or considerations for coaching

We only collect health information that you voluntarily provide for the purpose of player safety during coaching sessions. We will ask for your explicit consent before collecting this information.

Payment information

Payments are processed by Square using client-side tokenisation. Your card details are sent directly to Square and never touch our servers. We only store transaction references, amounts and payment status.

Coaching and program data

  • Lesson notes, attendance records and coaching progress
  • Program enrolments and booking history
  • Team membership and availability responses

3. How we use your information

  • Coaching delivery — managing lessons, tracking progress, planning sessions
  • Player safety — medical notes ensure coaches are aware of relevant conditions
  • Billing and payments — invoicing, payment tracking, balance management
  • Communication — session notifications, booking confirmations, team messages
  • Program management — enrolments, attendance, scheduling

We do not use your information for marketing to third parties, sell your data, or share it with anyone outside the coaching operation.

4. Who can access your information

  • Administrators — can access all data for business management
  • Coaches — can access player profiles and medical notes for players in their sessions
  • Parents/guardians — can view and edit only their own family's information

Access is enforced at the database level using row-level security policies. No user can access another family's data through the application.

5. How we store and protect your information

  • All data is transmitted over HTTPS (encrypted in transit)
  • Medical and physical notes are encrypted at rest using AES-256 encryption
  • Access controls are enforced at the database level (row-level security)
  • All changes to sensitive records are logged in an audit trail retained for 7 years
  • Authentication uses secure, httpOnly session cookies with regular token refresh

Data location

Our database is hosted by Supabase in their Northeast Asia (Tokyo, Japan) data centre. Supabase is a trusted infrastructure provider with SOC 2 Type II certification. Under APP 8, we disclose that your personal information is stored on servers located in Japan. We have taken reasonable steps to ensure Supabase's data handling practices are consistent with the Australian Privacy Principles.

6. Children's data

Most of our players are children and young people. All data relating to minors is collected with the knowledge and consent of their parent or guardian, who manages the account on their behalf. Parents can view, edit, or request deletion of their children's data at any time through their portal or by contacting us directly.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information — you can view your data in the parent portal at any time (APP 12)
  • Correct your personal information — you can update your details through the portal or by contacting us (APP 13)
  • Request deletion — contact us to request removal of your data, subject to any legal retention requirements
  • Complain — if you believe we have breached the APPs, contact us first. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

8. Data retention

  • Active client records are kept while your family is enrolled
  • Inactive records are archived (not deleted) and retained for a reasonable period in case you return
  • Audit logs are retained for 7 years for compliance purposes
  • You may request deletion of your data at any time by contacting us

9. Third-party services

ServicePurposeData shared
SupabaseDatabase and authenticationAll application data (encrypted at rest)
SquarePayment processingPayment tokens and transaction data only
VercelApplication hostingNo persistent data storage

We do not share your personal information with any other third parties.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the application. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact us

If you have questions about this privacy policy or wish to make a complaint, contact:

Maxim Sirota
Sunrise Tennis
Somerton Park Tennis Club
40 Wilton Ave, Somerton Park SA 5044
Phone: 0431 368 752