BokkerBack to login

Privacy Policy

Last updated: April 7, 2026

Bokker ("we", "us", or "our") operates the Bokker platform (the "Service"), a sports court booking and tournament management application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, phone number, password, and account type (player or court owner).
  • Profile information: Profile picture, banner image, and bio.
  • Court information (court owners): Court name, address, city, GPS coordinates, operating hours, contact details, photos, amenities, and social media links.
  • Booking information: Booking dates, times, chosen courts, payment method, and booking notes.
  • Financial information: Wallet balance, transaction history, invoice details, and payment proof uploads. We do not currently store credit or debit card numbers. If we introduce online payment processing in the future, card information will be handled by a certified third-party payment gateway — we will update this policy accordingly before collecting any such data.
  • Team & tournament data: Team names, rosters, match results, scores, ratings, and tournament participation records.
  • Reviews: Written reviews and numeric ratings for courts.
  • Communications: When you contact us for support or report issues.

1.2 Information Collected Automatically

  • Device information: Browser user agent string when subscribing to push notifications.
  • Usage data: Booking history, platform interaction patterns, and feature usage (derived from your activity).

1.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email address, and Google account ID.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process bookings and manage court reservations
  • Manage your wallet balance, process payments, and handle refunds
  • Facilitate tournament organization, team management, and leaderboards
  • Send transactional communications (booking confirmations, cancellation notices, OTP codes, password reset emails)
  • Send push notifications you have opted into
  • Generate invoices and billing reports for court owners
  • Calculate and display platform analytics and statistics
  • Maintain competitive ratings and leaderboard rankings
  • Enable social features (friend connections, team invitations)
  • Detect and prevent fraud, abuse, and no-show behavior
  • Improve and develop the Service

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With other users:Your public profile (name, profile picture, bio) is visible to your friends ("Bokkas") on the platform. Court owners can see your name and booking details for bookings at their courts. Tournament participants can see team rosters and match results.
  • Service providers: We use third-party services to operate the platform:
    • Resend (email delivery for OTPs and notifications)
    • Supabase (image and file storage)
    • Google (authentication via OAuth)
  • Legal requirements: We may disclose your information if required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Booking and transaction records are retained for accounting and legal compliance purposes. When you delete your account, your personal information is anonymized, but booking and financial records may be retained in anonymized form.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Password hashing using bcrypt
  • OTP codes hashed with SHA-256 and expire after 10 minutes
  • HTTP-only secure cookies for authentication tokens
  • Rate limiting on sensitive endpoints (login, signup, OTP)
  • Account lockout after repeated failed login attempts
  • Push notification encryption keys stored securely

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure.

6. Your Rights

Under applicable data protection laws, including the Sri Lanka Personal Data Protection Act (PDPA), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal data via your account settings.
  • Deletion: Request deletion of your account and personal data through your account settings.
  • Objection: Object to certain processing of your data.
  • Portability: Request your data in a structured, commonly used format.

To exercise these rights, use the account settings in the app or contact us at the email address below.

7. Push Notifications

You may opt into browser push notifications. You can disable these at any time through your browser settings. We store your notification subscription endpoint and encryption keys to deliver notifications.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

Email: support@bokker.com