Privacy Policy

This policy explains what Reffy does with your information. Reffy is a phone-first app for running casual play sessions of 2-team activities. It is written in plain English so you can understand it without a lawyer — though it is not legal advice.

1. At a glance

• Reffy is local-first. By default, everything stays on your device and Reffy sends nothing to us. You can run sessions, track scores, and keep an ELO leaderboard fully offline with no account.
• Signing in is optional and opt-in. A passwordless email account unlocks cloud backup, real-time cross-device sync, a public or private profile, discovery and search, a social graph (follow / friends), and clubs (shared rosters).
• Public profile fields are world-readable. If you set your profile to public, your @handle, display name, avatar, and aggregated rating and stats can be seen and searched by anyone and appear in follower / following lists. You can switch back to private at any time.
• No tracking, no ads. Reffy contains no advertising identifiers, no analytics or telemetry SDKs, and no ad networks.

2. Two ways to use Reffy

Which parts of this policy apply to you depends on whether you are signed in.

• Signed out (local-only). The default. Reffy stores everything on your device and transmits no app data to us or to any provider. The sections about local data (section 3), your choices (section 11), children’s privacy (section 12), security of on-device data (section 13), and the website (section 14) apply to you. The cloud sections (4–10) do not, because you have not turned on any cloud feature.
• Signed in (cloud features on). You have created an account and turned on one or more optional cloud features. The cloud sections (4–10) also apply to you, alongside the providers, region, retention, and deletion details below. Your local data stays authoritative even when you are signed in.

3. What we collect when you are signed out

Nothing is transmitted to us. Used without an account, Reffy keeps all of the following on your device only, inside its sandboxed storage:

• Player names you enter manually.
• Session settings (activity name, courts, players-per-side, scoring preset).
• Round and game results, including the scores you record.
• ELO ratings derived from those results, and win/loss counts.
• Player group presets and unsaved score drafts.
• Avatars you set for players (a color, an emoji, or a photo you choose).
• A light/dark theme preference and similar local app settings.

Nothing in this list leaves your device while you are signed out. We do not collect your email, name, phone number, location, contacts, advertising identifier, or any hardware identifier. If you use iCloud or device backups, Apple may include Reffy’s local data in those backups according to your own device settings — that is between you and Apple, not us.

4. What we collect when you are signed in

If you choose to sign in, Reffy collects only what each feature needs. Below, each item is listed with why we collect it.

• Your email address — to sign you in with a one-time 6-digit code or magic link (Supabase Auth), and to identify your account. There is no password.
• A random per-install device identifier — generated on your device to label which device a backup or sync change came from, so your data merges correctly across devices. It is not an advertising identifier and is not linked to any hardware or advertising ID.
• Your profile — your @handle, display name, and an optional avatar (a color, an emoji, or a photo you pick from your camera or photo library). Used to identify you to yourself and, if your profile is public, to others.
• Your backed-up and synced gameplay data — the players, sessions, rounds, games and scores, ELO ratings, and player groups you choose to back up. Used to restore your data on a new device and to keep your devices in sync.
• Your social graph — who you follow (one-way) and your friends (mutual request and accept). Used to provide the follow and friends features.
• Club data — if you create or join a club, the shared roster and related session data for that club. Used so co-hosts of the club can share that data.
• A push notification token — if you are signed in and allow notifications, a device push token is registered when you open Reffy (and when you join a live game room), so a room host can notify you of your court assignment for each round. It is stored under your account and sent to our push provider (Expo) to deliver the message. It is not an advertising identifier, and it is used only for these round notifications.

You can use Reffy fully without ever creating an account, and you can sign out at any time.

5. Public profiles, discovery & social

Your profile is private by default until you choose to make it public.

• When your profile is public, your @handle, display name, avatar, and aggregated stats — including your casual rating, your ranked rating (world ladder), and your per-game rating history — become world-readable. They can appear in discovery and @handle search, on the world ranked ladder, and in other people’s follower and following lists.
• When your profile is private, you are not discoverable and do not appear in search, on the public ladder, or in public lists, and your ranked rating and rating history are not world-readable. Any avatar photo you set is only uploaded to public storage while your profile is public — switching to private removes it from public storage. You can switch between public and private at any time in the app’s settings.
• Discovery never auto-attaches gameplay data. Finding or following someone does not pull their match history into your account, and finding you does not pull yours into theirs. The only way a device-local (“ghost”) player’s history is linked to an account is by that person explicitly claiming it with their consent.

6. Clubs & shared rosters

A club is a shared roster that co-hosts maintain together. If you create or join a club, the club’s roster and the sessions recorded under it are shared with that club’s co-hosts so everyone can run and score games against the same player list. Club data is visible to co-hosts of that club; it is not made world-readable by being in a club.

7. Cloud backup & sync

Cloud backup and real-time sync are optional features that you turn on.

• Local data stays authoritative. Your on-device database is the source of truth. A failed, offline, or skipped backup never blocks or corrupts your local play.
• Encrypted in transit. Data moves between your device and our providers over an encrypted (HTTPS / TLS) connection.
• Account-scoped. Your backups and synced rows are stored privately under your account and are readable only by your signed-in account (and, for club data, that club’s co-hosts).

8. Service providers

We use the following providers only when you use the optional cloud or contact features. If you never sign in, none of them receives your app data.

• Supabase — hosts authentication, the Postgres database, object storage for backup blobs and avatar photos, and real-time sync. It also hosts public profile, social, and club data. Supabase stores this on our behalf. supabase.com/privacy
• Resend — delivers the transactional one-time sign-in code email (sender noreply@playreffy.com). Resend processes your email address to deliver that message. resend.com/legal/privacy-policy
• Expo (Expo Application Services) — delivers push notifications for live game rooms through Expo’s push service (exp.host). To send a round notification, Expo receives the recipient’s device push token and the notification content — which includes the round number, the court, and the names of that player’s teammates and opponents for the round. Expo also underpins app builds and updates. expo.dev/privacy
• GitHub Pages — static hosting for the playreffy.com website. When you visit the site, the host may log standard web-request information (such as IP address, browser, and timestamp). GitHub Privacy Statement
• Cloudflare — DNS for the playreffy.com domain and Email Routing for inbound contact mail sent to hello@playreffy.com. cloudflare.com/privacypolicy

9. Where your data is stored

Our Supabase projects are hosted in Oceania (Sydney), region ap-southeast-2. If you use Reffy from outside that region, the cloud data you choose to back up or sync will be transferred to and stored on servers in Australia. By turning on cloud features, you understand that this international transfer takes place so we can provide them.

10. How long we keep it

We keep your account and profile while your account exists. Cloud backups are kept as a rolling set of recent snapshots — we retain the most recent ones and prune older ones automatically. Synced gameplay data is kept as long as it exists on your devices and your account. When you delete your account (section 11), the associated cloud data is removed.

Players and sessions you delete in the app go to a “Recently Deleted” area for 30 days so you can restore them. This recovery copy is stored only on the device where you deleted them — it is not synced to the cloud or to your other devices. Account deletion (section 11) is immediate and permanent; there is no recovery period for a deleted account.

11. Your access, export, and deletion choices

• Export your data. Reffy can export your data from inside the app as CSV or as a full JSON backup file, controlled by you through your device’s share sheet.
• Make your profile private. Switch your profile to private at any time to remove it from discovery, search, and public lists.
• Sign out. Signing out stops cloud backup and sync and returns Reffy to local-only operation. Your on-device data is unaffected.
• Delete your account. Go to Settings → Account → Delete account (a 2-step confirmation). This immediately and permanently removes your auth user, your cloud backups, your uploaded avatar photo, and the cascaded cloud rows (your synced gameplay data, profile, social graph, and owned-club data). It is cloud-only: it does not erase the local database on your device — to remove that, delete the app.
• Delete the app. Deleting Reffy removes its local database from your device.
• Contact us. If you cannot complete any of the above in the app, email hello@playreffy.com and we will help.

12. Children’s privacy

Reffy is intended for people aged 13 and over. In some regions — including parts of the European Economic Area — a higher minimum age of 16 applies (GDPR Article 8). Reffy is not directed at children under these ages, and we do not knowingly collect personal information from them. If we learn that we have collected personal information from someone under the applicable age, we will delete it.

13. Security

We take reasonable measures to protect your information:

• Cloud data moves over encrypted (HTTPS / TLS) connections.
• Cloud storage uses row-level security so that your data is scoped to your account (and, for club data, the relevant club’s co-hosts).
• Local data lives inside Reffy’s sandboxed on-device storage.

No method of transmission or storage is perfectly secure, but we work to keep your information protected.

14. The website

The playreffy.com website is static and privacy-light.

• It is hosted on GitHub Pages, which may log standard web-request information (section 8).
• It stores only a light/dark theme preference in your browser’s localStorage.
• It contains no analytics, no advertising, and no third-party tracking.
• Fonts are self-hosted and bundled with the site, so no third-party font service is used.

15. Changes to this policy

If Reffy’s data practices change, we will update this policy before the change takes effect and revise the “Last updated” date shown at the top of this page.

16. Contact

For any questions about this policy, email hello@playreffy.com — it is a working inbox that receives your mail. See also support and the terms of use.