Hitting PartnerHitting Partner

Hitting Partner — Privacy Policy

Last updated: 5 June 2026 Effective date: 5 June 2026

This Privacy Policy explains how Veda Digital Solutions Pty Ltd (ACN 690 553 621), an Australian proprietary limited company that operates the Hitting Partner service (together with its mobile and web products, "Hitting Partner", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our mobile application, our website at letsrallyapp.net, and any related services we provide (together, the "Service"). Veda Digital Solutions Pty Ltd is the data controller for the purposes of GDPR, UK GDPR, and equivalent legislation.

By using the Service, you agree to the practices described here and in our Terms of Service. If you do not agree, please do not use the Service.

We aim to keep this policy in plain English. If anything is unclear, email us at privacy@letsrallyapp.net and we'll explain.

1. Who this applies to

This policy applies to everyone who uses the Service, including players, coaches, and visitors to our website. The Service is for adults aged 18 and over — we do not knowingly collect information from anyone under 18 and we will delete any account we discover belongs to a minor.

If you live in the European Economic Area, the United Kingdom, or California, additional rights apply to you — see Section 9.

2. What we collect

We collect only what we need to run the Service.

a) Information you give us

  • Account details: your name, email address, phone number (optional), date of birth (to confirm 18+), and a profile photo if you upload one.
  • Player profile: your home court / suburb, preferred sport(s), playing level, UTR / DUPR (if you enter them), availability, intent (e.g. "casual hit"), distance unit preference, currency preference, and the free-text "about you" / "style" fields.
  • Coach profile (if you list as a coach): the same player fields plus your certifications, specialties, hourly rate, currency, bio, years of experience, and clinic listings.
  • Content you post: open games, clinics, community questions and answers, reviews, ratings, and messages.
  • Post-event play feedback: after a private "Plan a Hit" session ends, we ask both players to rate how the session went. Your individual rating of another player is never shown to them. We aggregate ratings across many sessions to compute a player's reliability (e.g. "shows up", "matched skill level") — this aggregated score is what shows on profiles, not the source ratings.
  • Reports & feedback: if you report another user or send us feedback, we keep the report and any context you provide.

b) Information we collect automatically

  • Location — if you grant location permission, we use your device's current location to show you nearby players, games, and coaches, and to centre the map on you. You can revoke location access at any time in your phone's settings; the Service will then fall back to your saved home base. We also store a precise geographic coordinate for your home base (latitude/longitude resolved from the address you enter), which is used only for proximity matching and "nearby game" push notifications — other users see only the suburb-level area, never your exact coordinates.
  • Device & technical data — device type, operating system version, app version, language, timezone, and an anonymous device push-notification token (so we can send reminders and updates).
  • Usage data — which screens you visit, which features you use, and basic interaction events. This is aggregated and is used to improve the Service and diagnose issues. We do not currently use third-party analytics SDKs that track you across other apps.
  • Cookies & similar technologies — on our website only, we use minimal cookies to keep you signed in and remember basic preferences. We do not use third-party advertising cookies.

c) Information from third parties

If you sign in with Google or Apple, we receive your name, email address, and an identifier from those services. We do not receive your password or any other information from them. Apple Sign In gives you the option to hide your email; if you choose that, we receive a private relay address instead.

We do not buy lists of people or scrape information from other services.

3. Why we use your information

We use your information for the following purposes:

PurposeWhat this looks like
To create and operate your accountSign-in, profile, settings
To match you with relevant players, games, and coachesSmart sort, map pins, level-based filtering
To enable messaging between usersShowing the chat thread, delivering messages
To send transactional emails and push notificationsBooking confirmations, clinic reminders, cancellations
To process subscriptionsThrough Apple and Google's in-app purchase systems (we don't see your card)
To keep the Service safeReviewing reports, blocking abusers, fraud prevention
To improve the ServiceDiagnosing bugs, understanding which features matter
To meet legal obligationsResponding to lawful requests, tax records, audit

We do not sell your personal information to advertisers or data brokers, full stop.

We do not show third-party ads in the Service.

The legal bases we rely on (where required, e.g. under GDPR / UK GDPR) are: (a) performance of a contract — to deliver the Service you signed up for; (b) legitimate interests — to keep the Service safe and improve it; (c) consent — for optional features like location and push notifications; and (d) legal obligation — where the law requires us to keep or share certain data.

4. What other users can see

Some information is visible to other users by design — that is the whole point of a partner-finding app.

Always visible to other users:

  • Your name (or display name), profile photo, sport(s), playing level, and UTR/DUPR if you've entered them.
  • Your home court suburb (not a precise address).
  • Your availability, intent, style, and "about you" text.
  • Open games and clinics you post.
  • Community posts you make.
  • Reviews you leave on coaches.

Visible only when you choose to interact:

  • Your chat messages — visible only to the person you're chatting with and to Hitting Partner for safety-review purposes.
  • Whether you've RSVPd to a clinic — visible to the hosting coach.
  • Whether you've joined an open game — visible to other joiners and to the host.

Never visible to other users:

  • Your email, phone number, or full date of birth.
  • Your live device location or your precise home address.
  • Your subscription status.

You can edit or remove most of this information at any time in your profile.

5. Who we share information with

We share information only with:

  • Other users, as described in Section 4.
  • Service providers that help us run the Service, under contracts that require them to protect your data and use it only for the purpose we hire them for. Current providers include:
    • Supabase (database, authentication, file storage) — hosted on AWS, primary region in the United States.
    • Expo Push Notifications (operated by Expo / EAS) — to dispatch push notifications via Apple's APNS and Google's FCM. Expo handles only the routing; the actual delivery is by Apple or Google to your device.
    • Resend — to send transactional emails (sign-in codes, account notices).
    • Expo / EAS — to build, sign, and ship the mobile app.
    • Google Cloud Platform — to power Google Sign-In and Google Places autocomplete (when you type an address).
  • Apple and Google, for processing subscription payments. They have their own privacy policies governing your payment data.
  • Legal and safety recipients — law enforcement, regulators, or courts when we have a good-faith belief that the law requires disclosure or where it is necessary to protect users from imminent harm.
  • A future owner if Hitting Partner is ever acquired or merged. We will tell you before your data moves to a different controller and you'll be able to delete your account first.

We do not share your data with advertisers, data brokers, or analytics companies who build user profiles for ad targeting.

6. Where your data lives

Your data is stored on servers operated by Supabase (hosted on AWS) primarily in the United States. By using the Service you understand that your information may be transferred and processed outside your home country, including in jurisdictions whose data-protection laws may be different from yours. Where the law requires it (for example, transfers out of the EEA / UK), we rely on standard contractual clauses or equivalent safeguards.

7. How long we keep your data

We keep your information for as long as you have an account, plus a short period after closure for legitimate reasons such as fraud prevention, dispute resolution, and tax records. Specifically:

  • Account profile & content: until you close your account; then deleted or anonymised within 30 days.
  • Chat messages: kept while you have an account so you can refer back; deleted within 30 days of account closure.
  • Reports of abuse & safety records: kept for up to 2 years even after closure, so we can identify repeat bad actors.
  • Backups: rolling 30-day backups that get overwritten — your data will fall out of backups within that period.
  • Payment/subscription records: kept for as long as required by tax law (typically 7 years in Australia).

You can request earlier deletion at any time (Section 9).

8. How we protect your data

We use industry-standard security measures including encryption in transit (HTTPS / TLS), encryption at rest for sensitive fields, role-based access control inside our team, and row-level security on the database so users can only access their own data. We never store payment card details ourselves.

No system is perfectly secure. If a data breach affects you, we will tell you and the relevant authorities as required by law (in Australia, within the timelines set by the Notifiable Data Breaches scheme).

9. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access — get a copy of the personal information we hold about you.
  • Correct — fix anything that's inaccurate or out of date.
  • Delete — close your account and have your personal information deleted (subject to the retention exceptions in Section 7).
  • Object / restrict — ask us to stop processing your data for certain purposes.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — for any processing you previously consented to (e.g. push notifications, location), without affecting the lawfulness of past processing.
  • Complain — to your local data-protection authority. In Australia that is the Office of the Australian Information Commissioner (oaic.gov.au). In the UK it is the Information Commissioner's Office (ico.org.uk). In the EU, your local supervisory authority.

To exercise any of these rights, email privacy@letsrallyapp.net from the address linked to your account. We will respond within 30 days. We may need to verify your identity before completing certain requests.

Californian residents (CCPA / CPRA) — you have rights to know, delete, correct, opt out of "sale" or "sharing" of personal information, and limit use of sensitive personal information. We do not "sell" or "share" personal information as those terms are defined under California law.

10. Children

The Service is not directed to anyone under 18 and we do not knowingly collect personal information from them. If you believe we may have collected information from a child, please contact us at privacy@letsrallyapp.net and we will delete it.

11. Third-party links

The Service may contain links to other websites (for example, a coach's external profile or a court's booking page). We are not responsible for the privacy practices of those sites — please read their own privacy policies before sharing information with them.

12. Beta and Early Access

Until we announce public launch, Hitting Partner is in closed beta / Early Access. During this period:

  • The Service is provided for testing and feedback. Data you generate during the beta (profile, posts, ratings, messages) may be deleted or reset as we iterate, with reasonable notice where practical.
  • We may collect additional diagnostic information (crash reports, performance metrics) to debug pre-release issues. This is not used for any purpose other than improving the Service.
  • Once we move out of beta, this section no longer applies and your data is retained per Section 7.

We will tell you in advance — via the app, email, or both — before any planned data reset, and we will preserve account credentials so you can sign back in.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will tell you — for example, by an in-app banner, an email, or both — at least 14 days before the changes take effect. The most current version is always available at https://letsrallyapp.net/privacy.

14. Contact

For privacy questions, requests, or complaints, contact:

Veda Digital Solutions Pty Ltd Privacy team — operating "Hitting Partner" Email: privacy@letsrallyapp.net Web: https://letsrallyapp.net/privacy

This document is plain-English and intentionally short. It is not legal advice. Before relying on it for a public launch, have a qualified privacy lawyer in your jurisdiction review it — particularly the sections on international transfers, EU/UK rights, and California-specific obligations.