NOOGA Privacy Policy
Last updated: 14 July 2026
This Privacy Policy explains how Saudade Media OÜ ("NOOGA", "we", "us", or "our") collects, uses, and protects your personal data when you use the NOOGA mobile app, website, and related services (together, the "Service"). NOOGA is a competitive padel matchmaking service: you buy a ticket for a match-day time window, we match you with nearby players of similar skill, we book a court and start time, and we help you coordinate, play, and report the result.
For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the personal data described here.
1. Who we are and how to contact us
| Controller | Saudade Media OÜ |
| Registered address | Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia |
| Country of establishment | Estonia |
| Privacy contact | gui@saudad.studio |
| Data Protection Officer / EU representative | Not appointed; for privacy questions contact gui@saudad.studio |
2. The personal data we collect
2.1 Data you give us
- Phone number, used to create your account and to sign you in.
- First name and profile details you choose to add.
- Notification preferences (for example, whether you want WhatsApp or push notifications).
- Score reports, match feedback, and support messages you submit.
2.2 Data created through your use of the Service
- Match history, results, and your ELO rating.
- Ticket purchases, wallet credit balance, and transaction records.
- NOOGA Club subscription status.
- Approximate location, used to find courts and players near you.
- Device information and push notification tokens.
- App usage and diagnostic data needed to run and troubleshoot the Service.
2.3 Data we receive from third parties
- Payment and subscription confirmations from Apple, Google, and Stripe. We do not receive or store full card numbers.
- Court availability data from court booking partners.
3. How and why we use your data
The table below sets out each purpose, the data involved, and our legal basis under GDPR Article 6.
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and secure your account, and send sign-in codes over WhatsApp | Phone number, one-time passcode | Performance of a contract, Art. 6(1)(b) |
| Match you with players and auto-book a court and start time | Approximate location, ELO rating, match history | Performance of a contract, Art. 6(1)(b) |
| Send service messages (match found, reminders, cancellations, waitlist updates) over WhatsApp and push | Phone number, push token, match details | Contract for service-critical messages; your consent for optional channels, Art. 6(1)(a) |
| Coordinate your match through a WhatsApp group with your fellow players | Phone number, profile name | Performance of a contract, Art. 6(1)(b) |
| Process ticket payments, wallet credit, and subscriptions | Transaction and subscription data | Contract, Art. 6(1)(b); legal obligation for tax and accounting, Art. 6(1)(c) |
| Prevent fraud and abuse and keep matchmaking fair | Account and usage data | Legitimate interest, Art. 6(1)(f) |
| Improve the Service and fix problems | Diagnostic and usage data | Legitimate interest, Art. 6(1)(f), or your consent |
| Comply with legal and regulatory duties | As required | Legal obligation, Art. 6(1)(c) |
Where we rely on your consent (for example, optional WhatsApp updates or non-essential analytics), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
4. WhatsApp messaging
NOOGA uses the WhatsApp Business Platform, provided by Meta Platforms Ireland Limited, to send you messages. In practice this means:
- Sign-in codes. When you sign in, we send a one-time passcode to your phone number over WhatsApp. This is essential to using the Service.
- Match and account notifications. With your opt-in, we send match confirmations, reminders, cancellations, waitlist updates, and similar service messages over WhatsApp.
- Match group chats. When a match is booked, we may create a WhatsApp group so you and the other players can coordinate. Everyone in a group can see the phone numbers and profile names of the other participants in that group. Please do not share anything in a group that you would not want other participants to see.
To deliver these messages, your phone number and the content of the messages are processed by Meta. Meta's processing is governed by the WhatsApp Business Terms and Meta's own Privacy Policy. You can turn off optional WhatsApp notifications at any time in the app settings. Sign-in codes cannot be turned off while you use phone-based sign-in.
5. Who we share your data with
We do not sell your personal data. We share it only with service providers who process it on our instructions, and where the law requires. Our main providers are:
| Provider | What they do for us |
|---|---|
| Meta Platforms Ireland Limited | WhatsApp message and sign-in code delivery |
| Supabase | Authentication and database hosting |
| Stripe Payments Europe | Payment processing for tickets, service fees, wallet credit, and web subscriptions |
| Apple | App Store subscription billing for NOOGA Club on iOS |
| Google Play subscription billing for NOOGA Club on Android | |
| Expo | Mobile push notification delivery |
| Trigger.dev | Background job processing |
| Court booking partners | Court availability lookups |
We may also disclose data to professional advisers, and to public authorities or an acquirer in connection with a valid legal request, a corporate transaction, or to protect the rights, property, or safety of NOOGA, our users, or the public.
6. International data transfers
Some of our providers process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an adequacy decision. You can ask us for a copy of the relevant safeguards using the contact details in Section 1.
7. How long we keep your data
We keep personal data only as long as we need it for the purposes above:
- Account and profile data: while your account is active, then deleted or anonymized within 90 days of closure.
- Payment and transaction records: for 7 years, as required by the Estonian Accounting Act (Raamatupidamise seadus).
- WhatsApp delivery logs: 12 months.
- Diagnostic and usage data: 12 months.
8. Your rights
Under the GDPR you have the right to access your data, and to its rectification, erasure, restriction, and portability, as well as the right to object to certain processing. Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at gui@saudad.studio. You also have the right to lodge a complaint with a data protection supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), and you may also complain to the authority in your country of residence.
9. Security
We use technical and organizational measures to protect your data, including encryption in transit, access controls, and signed and verified webhooks between our systems and our providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. Children
The Service is intended only for people aged 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has given us personal data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. When we do, we will post the new version here and update the "Last updated" date at the top. We will notify you of material changes in the app.
12. Contact
For any question or request about this policy or your data, contact us at gui@saudad.studio.