Last updated: June 29, 2026
This Privacy Policy explains what information MatchMetric collects, how we use it, who we share it with, and the choices you have. It is part of, and should be read together with, our Terms of Service. MatchMetric is operated by Everythings Fein, LLC ("MatchMetric," "we," "us," or "our"), the operator of the website at https://www.matchmetric.app and the related features, tools, and content (together, the "Service"). You can reach us at any time at hello@matchmetric.app.
MatchMetric is an independent USTA NorCal tennis-analytics tool. We are not affiliated with, endorsed by, or operated by the USTA, USTA NorCal, TennisLink, or any tennis governing body, and our ratings are estimates — not official NTRP ratings (see Terms of Service Sections 5 and 6). This Policy supplements Section 13 of the Terms; if there is any conflict between this Policy and the Terms, the Terms control.
1.1 This Policy applies to personal information we handle when you visit https://www.matchmetric.app, browse public pages, sign in, claim a profile, join or run a team space, contact us, or make a purchase.
1.2 This Policy does not govern the practices of third parties we don't control — including USTA, USTA NorCal, TennisLink, and ClubSpark (the public sources our data is drawn from), or the service providers listed in Section 6, each of which has its own privacy policy.
1.3 Much of the Service can be used without an account. As described in our Terms of Service Section 3.1, public player and team pages, ratings, match history, and the public tournament calendar can be viewed without signing in.
2.1 Email is your identity. Sign-in is passwordless ("magic link"). We don't store passwords. The only piece of personal information we need to give you an account is an email address.
2.2 We collect very little. Beyond your email, we hold only what you choose to give us — an optional profile claim, an optional season goal, your email-digest setting (the nightly digest is on by default and you can turn it off any time — see Section 7), any suggestions you send, and the team content you create as a captain or member.
2.3 We don't sell your personal information, and we don't share it for cross-context behavioral advertising. There are no advertising or cross-site tracking cookies on the Service.
2.4 Public player pages show public USTA information. Names, teams, home city, results, and published levels come from public USTA NorCal league play (and a public, nationwide USTA tournament calendar) and may appear for players who never signed up. We are not the official custodian of that data, and you can ask us to hide or remove a public profile (Section 4 and Section 10).
2.5 Payments go through Stripe. We never receive or store your full card number.
2.6 Our analytics are privacy-light and optional. Where configured, we use product analytics (PostHog) and error monitoring (Sentry) designed to avoid collecting personal information by default; both are inert until we turn them on.
For convenience, Section 3.5 maps the categories below to the statutory categories of personal information used under California law.
3.1.1 Email address (for sign-in). To claim a profile, join a team space, or use captain or paid features, you sign in with a magic link. You give us an email address and we email you a single-use, time-limited link. Your email address is your identity on the Service. We store your email (lowercased and trimmed) and a timestamp of your last sign-in. We do not store passwords.
3.1.2 Profile claim (optional). You may "claim" a player profile. A claim is self-asserted and verified by email control only — it is not verified membership, it is non-exclusive (more than one person can claim the same player, and you can claim more than one player), and it does not transfer ownership of any underlying public record. The player names, teams, results, and levels shown in a profile come from public USTA sources, not from the claimant (see Terms of Service Section 8.5).
3.1.3 Season goal (optional). If you set a season goal for a player you've claimed (for example, a target level to reach or hold), we store that goal.
3.1.4 Email-digest setting. Your account carries a single setting that controls whether we send you the optional nightly digest. When you create an account or claim a profile, this setting is on by default, and you can turn it off at any time (see Section 7).
3.1.5 Suggestions and feedback. If you send us a suggestion through the Service, we store the text you submit, associated with your account so we can follow up.
3.1.6 Team and captain content. If you join or run a team space, we store the content you and your teammates create there, which may include: team-space membership and roles, match availability (in/maybe/out) and your singles/doubles preference, saved lineups, practice sessions (dates, courts, rounds, pairings, and games results), partner options, and invite-code and join-request records. Captains and members of a team space can see other members' names and availability within that space.
3.2.1 If you buy a Premium subscription or a team-space credit, payment is processed by Stripe through its hosted checkout. We never receive or store your full card number or other sensitive payment details (see Terms of Service Section 9.3).
3.2.2 What we do store, on your account, is limited billing metadata that Stripe returns to us: a Stripe customer ID, your subscription status (for example, active, trialing, past due, or canceled), the date your current paid period ends, and a count of any team-space credits you've purchased. We use this to know what you've paid for and what features to unlock. Your payment is also governed by Stripe's own terms and privacy policy.
3.3.1 Product analytics (PostHog) — privacy-light and optional. Where enabled, we use PostHog to understand how the Service is used (for example, which features people use) so we can improve it. This integration is environment-gated and inert until we configure it — when it isn't turned on, no analytics data is collected and no analytics network calls are made. When it is on, it is designed to be PII-light:
3.3.2 Error monitoring (Sentry) — optional. Where enabled, we use Sentry to capture technical errors (in the browser and on our servers) so we can fix bugs. This integration is also environment-gated and inert until configured. When it is on, it is set so that it does not attach personal information by default — it does not attach cookies, request headers, or your IP address to error reports — and magic-link tokens are scrubbed from URLs before they are sent.
3.3.3 Cookies and local storage. We use a small number of cookies and browser-storage values, and no advertising or cross-site tracking cookies. Only the sign-in session cookie is `httpOnly` (not readable by JavaScript); the functional preference cookies are ordinary, JavaScript-readable cookies.
Cookies:
Browser local storage:
We don't operate a third-party advertising network, a tracking-pixel network, or cross-site behavioral tracking on the Service.
We do not collect or store passwords, full payment-card numbers, precise geolocation, biometric data, or special-category/sensitive data (see Section 10.2). The Service's permissions policy disables camera, microphone, geolocation, and browsing-topics access.
For California-law transparency, the table below maps what we collect to the statutory categories under the CCPA/CPRA, with the source, purpose, and the categories of parties we disclose it to. We do not "sell" or "share" (for cross-context behavioral advertising) any of these categories. The exact statutory category labels are among the items we have flagged for legal review (Section 10.5).
| CCPA/CPRA category | What it is here | Source | Purpose | Disclosed to | | --- | --- | --- | --- | --- | | Identifiers | Email address; opaque internal app-user id | You (sign-in) | Authenticate you; operate the account | Service providers (hosting, database, email, analytics) | | Commercial information | Subscription/credit status and billing metadata | Stripe (when you pay) | Unlock and manage paid features | Service providers (payment processing, hosting, database) | | Internet/network activity | Product-analytics events and error reports, where enabled | Your use of the Service | Understand, debug, and improve the Service | Service providers (analytics, error monitoring) | | Inferences | Estimated performance ratings, bump outlooks, win-probability estimates | Computed from public USTA match data | Provide the Service's core features | Service providers (hosting, database) | | Public USTA-sourced data | Names, teams, home city, match results, published NTRP levels (see Section 4) | Public USTA / USTA NorCal / ClubSpark sources | Display public player and team pages; compute ratings | Service providers (hosting, database); publicly displayed |
4.1 This is the most important and least boilerplate part of how MatchMetric works, so we want to be plain about it.
4.2 Public player and team pages display names, teams, home city, match results, and published NTRP levels that USTA makes publicly searchable as part of running its leagues — including the public USTA NorCal year-end NTRP rating search and public league pages. We also surface a public, nationwide USTA tournament calendar drawn from public USTA/ClubSpark sources (event metadata, not NorCal-limited). This information may appear for players who have never signed up for or interacted with MatchMetric. We compute our own estimated performance ratings from those public match scores.
4.3 We are not the official custodian of this data. USTA and your league are the source of record. Our ratings are estimates, updated nightly on a best-effort basis — not official USTA NTRP ratings (see Terms of Service Sections 5 and 6). USTA is the only source of your official rating.
4.4 For a player who has not signed in or claimed a profile, the public information shown is the public USTA data described above; we don't hold an email address, account, or other personal information about them in the Service.
4.5 Removal path. If you'd like your public profile hidden or removed, or you have a question about your data, email us at hello@matchmetric.app and we'll take care of it, consistent with applicable law (see Section 10 and Terms of Service Section 13.3). Because a public profile may belong to someone who never created an account, we may ask for additional information to confirm a removal request relates to you (see Section 10.1).
5.1 We use the information described above to:
5.2 Legal bases (for users in the EEA/UK, to the extent the GDPR or UK GDPR applies to our processing). Where this framing applies to you, we rely on: performance of a contract (to provide the account, team spaces, and paid features you ask for); legitimate interests (to secure, debug, understand, and improve the Service, to display public league information, and to send the nightly digest you can turn off at any time — each balanced against your rights); consent (for any non-essential analytics that require it under local law); and legal obligation (to keep certain records and respond to lawful requests). This framing is provided for transparency and is one of the areas we flag for legal review (see Section 10.5).
5.3 We do not use your information to make decisions that produce legal or similarly significant effects through solely automated processing.
6.1 We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We don't run ads or ad-tracking networks on the Service.
6.2 Service providers (subprocessors). We share information with the vendors that run the Service for us, only as needed to provide it. Several are environment-gated and inert until we configure them — until then, they process no data:
Each provider has its own privacy policy. We may add or change providers; when we do, we'll update this list.
6.3 Legal and safety. We may disclose information if we believe in good faith that it's necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of MatchMetric, our users, or the public.
6.4 Business transfers. If MatchMetric is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We'll require the recipient to honor this Policy or give you notice and choices consistent with applicable law.
6.5 Aggregated or de-identified data. We may create and use aggregated or de-identified information (for example, overall accuracy or usage statistics) that does not identify you, consistent with the purposes described in Terms of Service Section 8.3 (operating, securing, improving, and providing the Service), and we may share such aggregated or de-identified statistics.
6.6 Public data display is not "sharing your personal information" in the ordinary sense — the public player pages described in Section 4 display information USTA already makes publicly searchable.
7.1 Essential emails (no opt-out). Magic-link sign-in emails, billing and receipt emails, and service or legal notices are part of using the Service. By using the Service you consent to receive these electronically (see Terms of Service Section 3.6).
7.2 The nightly digest (on by default / easy to turn off). When you create an account or claim a profile, you are enrolled in the optional nightly digest by default. You can turn it off at any time from the account settings in the Service, and every digest email includes a one-click unsubscribe link. We don't send marketing or promotional email beyond this digest and the essential emails above.
7.3 All email comes from hello@matchmetric.app or a related MatchMetric sending address.
8.1 We keep your account data (email, claims, preferences, season goals, suggestions, and team-space content) for as long as your account is active and as needed to provide the Service. The criteria we use to set retention periods are: how long your account stays active and uses the relevant feature; how long we need the data to operate, secure, and improve the Service; and any period we are required to keep records for billing/tax, security, abuse prevention, or legal compliance.
8.2 Some items are short-lived by design: magic-link tokens are single-use and expire after 15 minutes (and are stored only as a one-way hash, never in raw form); sign-in session cookies expire after 30 days.
8.3 When you ask us to delete your account or hide/remove a public profile, we delete or de-identify the relevant data, subject to information we are required or reasonably need to keep — for example, records needed for billing/tax, security, abuse prevention, or legal compliance, and copies that persist in routine backups for a limited time before being overwritten. Aggregated or de-identified data may be retained indefinitely.
8.4 Public USTA league information (Section 4) is refreshed on a best-effort basis, typically nightly, and reflects what is publicly available from USTA sources; removal of a public profile from MatchMetric does not change USTA's own records, which we don't control.
8.5 Information held by our service providers (Section 6) is also subject to their retention practices.
9.1 We take reasonable measures to protect the information we hold. These include: passwordless authentication (we store no passwords); storing magic-link and invite tokens only as SHA-256 hashes, never in raw form; signed, `httpOnly` session cookies that are `secure` in production; HTTPS enforced in production; and baseline security headers — including `X-Frame-Options: DENY` and a Content-Security-Policy that block our pages from being framed or embedded, `X-Content-Type-Options: nosniff`, and a strict referrer policy. Our analytics and error-monitoring integrations are configured to avoid collecting personal information by default (Section 3.3).
9.2 No method of transmission or storage is 100% secure. While we work to protect your information, we can't guarantee absolute security. You are responsible for keeping your email account secure, because anyone with access to your inbox can use a magic link to access your MatchMetric account (see Terms of Service Section 3.3).
10.1 Everyone. Whatever your location, you can:
How we verify requests. For requests tied to an account, we verify by confirming your control of the account email (typically the email you contact us from or a confirmation link). For removal of a public profile where there is no account, we may ask for additional information to confirm the request relates to you, because public profiles can belong to people who never signed up. You may use an authorized agent where the law allows; we may still ask to confirm the agent's authority and your identity. We will only act on a verified request, to protect against impersonation. (Note that deleting your account does not by itself cancel a Stripe subscription — cancel that separately as described in Terms of Service Section 9.5.)
10.2 California residents (CCPA / CPRA). If you're a California resident, you have the right to know/access, delete, and correct the personal information we hold about you, and to be free from discrimination for exercising these rights.
10.3 EEA / UK. To the extent the GDPR or UK GDPR applies to our processing, and if you're in the European Economic Area or the United Kingdom, you may have rights to access, correct, delete, restrict, or object to our processing of your personal information, to data portability, and to withdraw consent where processing relies on consent. The legal bases we rely on are summarized in Section 5.2. To exercise a right, email hello@matchmetric.app; we aim to respond within 30 days. You also have the right to lodge a complaint with your local data-protection authority.
10.4 Verification, generally. For every request above, we will only act once we have verified it as described in Section 10.1. This protects you and others from unauthorized access, deletion, or disclosure.
10.5 Honest note / pending legal review. MatchMetric is an independent project, and parts of this Policy — including the California rights language and "do not sell/share" categories in Sections 3.5 and 10.2, the EEA/UK applicability, lawful bases, and rights in Sections 5.2 and 10.3, the international-transfer safeguards in Section 12, the per-category retention windows in Sections 8.1 and 8.5, the public-player-data lawful-basis and removal posture in Section 4, the children's-data specifics in Section 11, and the data-processing agreements with our providers — are being finalized with legal counsel. We will honor verifiable requests we receive at hello@matchmetric.app consistent with applicable law.
11.1 The Service is intended for adults. You must be at least 18 (or the age of majority where you live, if higher) to create an account, claim a profile, join a team space, or make a purchase (see Terms of Service Section 2.1). Public, read-only pages may be viewed without an account.
11.2 The Service is not directed to children, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us personal information, contact us at hello@matchmetric.app and we'll take appropriate steps to remove it.
11.3 Public USTA data and minors. The public USTA league and tournament information we display (Section 4) may include people who are minors — for example, juniors or 13–17-year-olds who play in USTA league or tournament events that USTA makes publicly searchable. We do not knowingly create accounts for, or collect account information from, anyone under 18. The public-profile removal path in Section 4.5 applies to a minor's public profile and can be used by the minor or their parent or guardian to request removal.
12.1 MatchMetric is operated from, and its service providers are primarily hosted in, the United States. If you access the Service from outside the U.S., you understand that your information will be processed in the U.S. and other countries, where data-protection laws may differ from those in your country.
12.2 Where we transfer personal information internationally and the law requires safeguards (such as Standard Contractual Clauses or the UK IDTA), we and our providers work to put appropriate safeguards in place. See the note in Section 10.5.
13.1 The Service relies on and may link to third-party services and sources — including Stripe, our email, hosting, analytics, and error-monitoring providers, and publicly available USTA, USTA NorCal, TennisLink, and ClubSpark information.
13.2 We don't control those third parties and aren't responsible for their content or privacy practices. When you follow a link to a third-party site, or when your payment is handled by Stripe, that party's own privacy policy applies (see Terms of Service Section 11).
14.1 We may update this Policy from time to time. When we do, we'll revise the "Last updated" date above and, for material changes (those that affect how we collect, use, or share personal information, or that reduce your rights), give reasonable notice — for example, by email (if we have your address) or by a notice in the Service.
14.2 For non-material updates, changes take effect when posted, or on the later date we specify, and your continued use of the Service means you accept them. For material changes, we will provide notice as described above; where the law requires your consent for a new use of information we already hold, we will obtain it before that use.
Questions about this Policy, a data-removal request, or a privacy request? Email us at hello@matchmetric.app. For data-removal of a public profile and account-deletion requests, see Section 10 and Terms of Service Section 13.3.