// LOST Club Box Leagues

Privacy Policy

Last updated: April 2026

Your Privacy Matters

LOST Club Box Leagues is a tennis league management app built for club members. We take your privacy seriously and have designed the app to collect only what is needed to run the league.

            The short version: We store your display name and match results on our server. Your personal details (real name, email, phone) are sent to the server over an encrypted connection and stored securely. Passwords are hashed and can never be seen by anyone, including administrators.
        

What We Collect

Data	Why	Storage
Email address	Account login & club communication	Hashed for login, stored for profile
Password	Account authentication	Bcrypt hashed — never stored as plain text
Display name	Identify you in league tables	Stored on server
Real name, phone	So other members can arrange matches	Stored on server, visible to admin only
Match results & scores	League standings and ladder points	Stored on server
Profile picture	Optional — personalise your profile	Stored on server if uploaded
IP address	Rate limiting to prevent abuse	Hashed — raw IP never stored

How We Protect Your Data

Passwords are hashed using bcrypt with a high cost factor. Even if our database were compromised, your password cannot be recovered from the hash. Not by us, not by anyone.

All communication between the app and our server is encrypted using HTTPS/TLS. Your data cannot be intercepted in transit.

Authentication tokens (used to keep you logged in) are generated with cryptographically secure random data, stored as hashes on the server, and automatically rotated for added security.

API requests are rate-limited to prevent brute-force attacks on accounts.

Database queries use parameterised prepared statements throughout, preventing SQL injection attacks.

Who Can See Your Data

Your display name, match results, and ladder position are visible to all club members — this is necessary for the league to function.

Your real name, email, and phone number are only visible to league administrators for the purpose of managing the club.

Your password is not visible to anyone, including administrators. It is stored only as an irreversible cryptographic hash.

Data Retention

Your account and match history are kept for as long as you are a member of the club. If your account is inactive for an extended period, it may be archived by an administrator. Archived accounts retain their match history (so other players' records remain accurate) but are removed from active leagues. You can reactivate your account simply by logging in again.

If you choose to delete your account, your profile data is permanently removed. Match records you participated in are retained to preserve the integrity of other players' statistics, but your personal details are deleted.

Your Rights

View your data — your profile and stats are always visible in the app.

Update your data — edit your profile, display name, and contact details at any time.

Delete your account — permanently remove your account from the Profile page in the app.

Change your password — update it any time from the Profile page.

Advertising & Sponsors

Any advertising visible within the app relates solely to the sponsor(s) of the LOST Club leagues. These are local partnerships to support the running of the club and its leagues.

Your personal data is never shared with sponsors, advertisers, or any third party. Sponsors have no access to your account information, contact details, or match data.

Third Parties

We do not sell, share, or provide your personal data to any third parties. The app does not contain third-party analytics or tracking. Your data stays within the LOST Club system.

Hosting

The app server and database are hosted on IONOS (1&1) infrastructure located in Europe, subject to EU data protection regulations.

Contact

If you have any questions about this privacy policy or your data, please speak to a LOST Club administrator or reach out via the club's usual communication channels.