NOOGA Privacy Policy

Last updated: 14 July 2026

This Privacy Policy explains how Saudade Media OÜ ("NOOGA", "we", "us", or "our") collects, uses, and protects your personal data when you use the NOOGA mobile app, website, and related services (together, the "Service"). NOOGA is a competitive padel matchmaking service: you buy a ticket for a match-day time window, we match you with nearby players of similar skill, we book a court and start time, and we help you coordinate, play, and report the result.

For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the personal data described here.

1. Who we are and how to contact us

ControllerSaudade Media OÜ
Registered addressHarju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia
Country of establishmentEstonia
Privacy contactgui@saudad.studio
Data Protection Officer / EU representativeNot appointed; for privacy questions contact gui@saudad.studio

2. The personal data we collect

2.1 Data you give us

2.2 Data created through your use of the Service

2.3 Data we receive from third parties

3. How and why we use your data

The table below sets out each purpose, the data involved, and our legal basis under GDPR Article 6.

PurposeData usedLegal basis
Create and secure your account, and send sign-in codes over WhatsAppPhone number, one-time passcodePerformance of a contract, Art. 6(1)(b)
Match you with players and auto-book a court and start timeApproximate location, ELO rating, match historyPerformance of a contract, Art. 6(1)(b)
Send service messages (match found, reminders, cancellations, waitlist updates) over WhatsApp and pushPhone number, push token, match detailsContract for service-critical messages; your consent for optional channels, Art. 6(1)(a)
Coordinate your match through a WhatsApp group with your fellow playersPhone number, profile namePerformance of a contract, Art. 6(1)(b)
Process ticket payments, wallet credit, and subscriptionsTransaction and subscription dataContract, Art. 6(1)(b); legal obligation for tax and accounting, Art. 6(1)(c)
Prevent fraud and abuse and keep matchmaking fairAccount and usage dataLegitimate interest, Art. 6(1)(f)
Improve the Service and fix problemsDiagnostic and usage dataLegitimate interest, Art. 6(1)(f), or your consent
Comply with legal and regulatory dutiesAs requiredLegal obligation, Art. 6(1)(c)

Where we rely on your consent (for example, optional WhatsApp updates or non-essential analytics), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. WhatsApp messaging

NOOGA uses the WhatsApp Business Platform, provided by Meta Platforms Ireland Limited, to send you messages. In practice this means:

To deliver these messages, your phone number and the content of the messages are processed by Meta. Meta's processing is governed by the WhatsApp Business Terms and Meta's own Privacy Policy. You can turn off optional WhatsApp notifications at any time in the app settings. Sign-in codes cannot be turned off while you use phone-based sign-in.

5. Who we share your data with

We do not sell your personal data. We share it only with service providers who process it on our instructions, and where the law requires. Our main providers are:

ProviderWhat they do for us
Meta Platforms Ireland LimitedWhatsApp message and sign-in code delivery
SupabaseAuthentication and database hosting
Stripe Payments EuropePayment processing for tickets, service fees, wallet credit, and web subscriptions
AppleApp Store subscription billing for NOOGA Club on iOS
GoogleGoogle Play subscription billing for NOOGA Club on Android
ExpoMobile push notification delivery
Trigger.devBackground job processing
Court booking partnersCourt availability lookups

We may also disclose data to professional advisers, and to public authorities or an acquirer in connection with a valid legal request, a corporate transaction, or to protect the rights, property, or safety of NOOGA, our users, or the public.

6. International data transfers

Some of our providers process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an adequacy decision. You can ask us for a copy of the relevant safeguards using the contact details in Section 1.

7. How long we keep your data

We keep personal data only as long as we need it for the purposes above:

8. Your rights

Under the GDPR you have the right to access your data, and to its rectification, erasure, restriction, and portability, as well as the right to object to certain processing. Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at gui@saudad.studio. You also have the right to lodge a complaint with a data protection supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), and you may also complain to the authority in your country of residence.

9. Security

We use technical and organizational measures to protect your data, including encryption in transit, access controls, and signed and verified webhooks between our systems and our providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Children

The Service is intended only for people aged 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has given us personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we do, we will post the new version here and update the "Last updated" date at the top. We will notify you of material changes in the app.

12. Contact

For any question or request about this policy or your data, contact us at gui@saudad.studio.