Privacy policy

Henselite Connect operates from the Western Cape, Republic of South Africa.

For privacy questions or to exercise any of the rights below, contact support@henseliteconnect.co.za.

To run the service, we collect and store:

• Profile information — name, BSA number, gender, date of birth, dominant hand, contact details (email, phone), club grading, and the email-opt-in preference you set during sign-up.
• Club memberships — which clubs you belong to and in what role (player, club admin).
• Tournament and match data — entries you submit, team rosters, match scores, end-by-end records, win/loss outcomes.
• Bookings — rink reservations you make through the app (date, time, rink, party size, purpose).
• Twenty 20 assessments — delivery-by-delivery shot outcomes, grade results, optional coach notes recorded by your club admin.
• Messages and notifications — content you send to other club members through the in-app messaging surface, plus notification reads/dismissals.
• Account security data — authentication tokens and session metadata, managed for us by our authentication provider (see Section 5).
• Audit log — system-recorded events for actions your club admin or our staff take that affect your account (cancellations, role changes, account deletions). Used for compliance and dispute resolution.

• Performance of contract — most data is collected to operate your account and the service you signed up for.
• Consent — Twenty 20 assessment participation, email opt-in, and any future marketing communications. You can withdraw consent at any time.
• Legitimate interest — tournament administration, anti-fraud, and protecting the integrity of competitive results.

• To run your account, club memberships, and tournament entries.
• To record and display match scores and Twenty 20 results.
• To deliver invitations, notifications, and admin messages.
• To improve the service through aggregated, anonymised usage patterns (no individual profiling).

We do not sell your personal data. We do not use it for advertising targeting. We do not share it with third parties for their own marketing.

We use a small number of vetted service providers to operate the platform. Each is contracted to process data only on our instructions:

• Supabase— database, authentication, and storage. Hosted in the operator's chosen Supabase region.
• Vercel— application hosting and content delivery, globally distributed via Vercel's edge network.
• Resend— transactional email delivery (invitations, notifications). Hosted by Resend's infrastructure.
• Sentry — error monitoring and crash reporting. Hosted in the European Union (Frankfurt, Germany). Personally identifying request data is stripped before reaching Sentry; only an opaque user identifier is attached so we can correlate errors for triage.

• Active accounts — for as long as your account is active.
• Account deletion— when you delete your account, we apply a 30-day grace period during which you can sign in and cancel the deletion. After the grace window, your personal identifying information (name, contact details, BSA number, date of birth) is anonymised. Tournament and match records that reference your participation are retained with your name replaced by “Deleted player” — this preserves the integrity of historical competitive results for other players.
• Audit log — operational entries (logins, cancellations, similar) are retained 30 days. Compliance and financial entries (account deletions, admin overrides, role changes) are retained 7 years.

You have the right to:

• Access — request a copy of the personal information we hold about you. Available immediately at /me/settings/data-and-privacy (sign in required).
• Correct — update inaccurate information directly via your profile.
• Delete — request deletion of your account. Available at the same settings surface as Access.
• Object — object to specific processing (e.g. withdraw email consent) via your profile preferences or by contacting us.
• Lodge a complaint — with the Information Regulator of South Africa if you believe your rights have been infringed. Contact details: inforegulator.org.za.

For any of the above, contact support@henseliteconnect.co.za.

Henselite Connect uses first-party cookies only:

• Authentication session cookie — strictly necessary to keep you signed in. Set and managed by our authentication provider (Supabase). Cleared when you sign out or when the session expires.
• Theme preference — your selected club theme. Optional; can be cleared from your browser at any time.

We do not set third-party cookies, advertising cookies, or analytics tracking cookies. Because all cookies we use are strictly necessary for service operation or are explicit user preferences, no separate consent banner is shown.

We protect your data through:

• HTTPS/TLS encryption for all data in transit.
• Encryption at rest, managed by our database and storage provider.
• Row-level security in the database — each query is scoped to what the signed-in user is allowed to see.
• Audit logging of administrative actions for accountability.
• Error monitoring with PII scrubbing — no email addresses, IP addresses, or request bodies are sent to our error-tracking provider.

Some of our service providers store or process data outside South Africa (notably the European Union for Sentry; the operator's configured region for Supabase, Vercel, and Resend). POPIA permits this where the recipient jurisdiction provides comparable protection or the provider is bound by a data processing agreement enforcing equivalent safeguards. All four providers are contracted on those terms.

Henselite Connect is intended for bowls players, which in practice means users aged roughly 16 and above. We do not knowingly collect data from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, contact support@henseliteconnect.co.za and we will delete the relevant records.

We may update this policy as the service evolves or as legal requirements change. Material changes will be communicated via email and an in-app notification before they take effect. The version number and last-updated date at the top of this page show the current revision.

For privacy questions, data subject requests, or any concerns about how your information is handled, contact:

Henselite Connect
Western Cape, Republic of South Africa
support@henseliteconnect.co.za