Privacy Policy / นโยบายความเป็นส่วนตัว
Version 1.0 — Effective date: 16 March 2026
This Privacy Policy explains how HubQL Co., Ltd. ("we", "us", "Lentennis") collects, uses, stores, and protects your personal data when you use the Lentennis platform (lentennis.com) and related services. This policy is prepared in accordance with the Thai Personal Data Protection Act B.E. 2562 (2019) (PDPA).
1. Data Controller / ผู้ควบคุมข้อมูลส่วนบุคคล
HubQL Co., Ltd.
Email: privacy@lentennis.com
For data deletion or access requests, contact the email above.
2. Personal Data We Collect / ข้อมูลส่วนบุคคลที่เราเก็บรวบรวม
2.1 Organisers (via LINE Login)
When you sign in with LINE, we collect:
- LINE profile data: display name, profile picture URL, LINE user ID
- Email address (via LINE's email scope, if available on your LINE account)
We store your LINE user ID and display name to create your Lentennis account. You may later add a phone number and Thai name to your profile.
2.2 Tournament Registrants (via CourtRival registration form)
When a player registers for a tournament, the organiser's form may collect:
- Core fields (always required): first name, last name, nickname, gender, phone number, tournament category selection
- Optional fields (configurable by organiser): Thai name, email, LINE ID, date of birth, emergency contact (name, phone, relationship), photo, preferred competition date, coach self-declaration, referral source
- Payment data: payment slip image (bank transfer receipt)
2.3 Sensitive Data (PDPA Section 26)
If the organiser enables the food allergy field, we collect health information (food allergies). This is classified as sensitive personal data under PDPA Section 26 and requires your separate, explicit consent via a dedicated checkbox on the registration form.
Food allergy data is stored in a separate database table with restricted access and is automatically deleted within 7 days after the tournament ends.
3. Purpose of Collection / วัตถุประสงค์ในการเก็บรวบรวม
| Data | Purpose | Legal Basis |
|---|---|---|
| Name, nickname, gender | Tournament registration, player identification, draw/bracket display | Contract performance |
| Phone, email, LINE ID | Communication about registration status, schedule updates, payment confirmation | Contract performance |
| Payment slip | Payment verification by the tournament organiser | Contract performance |
| Emergency contact | Safety during tournament events | Vital interest |
| Food allergy | Safe meal preparation at events | Explicit consent (PDPA s.26) |
| Photo | Player card creation for event check-in | Consent |
| LINE profile data | Account creation and authentication | Consent (given before OAuth redirect) |
| Date of birth | Under-18 detection for parental consent requirement | Legal obligation (PDPA s.20) |
4. Data Retention / ระยะเวลาในการเก็บรักษา
| Data | Retention Period |
|---|---|
| Account data (name, email, LINE ID) | Duration of account + 1 year after last activity |
| Food allergy (health data) | Deleted within 7 days after tournament ends |
| Payment slip images | Deleted within 90 days after payment approval |
| Emergency contact | Duration of account activity |
| Registration data | 3 years (for organiser records and dispute resolution) |
| Consent records | Retained indefinitely (audit trail) |
5. Data Sharing / การเปิดเผยข้อมูล
We may share your personal data with:
- Tournament organisers: your registration data is shared with the organiser of the tournament you registered for, so they can manage registrations, verify payments, and run the event.
- Other participants: your name and match results are displayed publicly on the tournament draw/bracket page.
- Service providers: Supabase (database hosting), Amazon Web Services (cloud infrastructure), Cloudflare (CDN and security).
We do not sell your personal data to third parties.
6. Cross-Border Data Transfer / การโอนข้อมูลข้ามพรมแดน
Your personal data is stored on servers located in Singapore (AWS ap-southeast-1) via our database provider Supabase. Singapore has data protection laws (PDPA Singapore) that provide a comparable level of protection. By using our services and providing consent at registration, you acknowledge and agree to this cross-border transfer.
7. Your Rights / สิทธิของท่าน
Under the Thai PDPA, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Deletion — request deletion of your personal data (we will comply within 30 days)
- Data portability — request your data in a machine-readable format (JSON or CSV)
- Objection — object to processing based on legitimate interest
- Restriction — request that we stop processing but retain your data
- Withdraw consent — withdraw any consent you have given, at any time, without affecting the lawfulness of processing before withdrawal
- Complaint — lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand
To exercise any of these rights, contact us at privacy@lentennis.com. We will respond within 30 days.
8. Under-18 / ผู้เยาว์
If you are under 18 years of age, parental or guardian consent is required before registering for a tournament. The tournament registration form will prompt for guardian information when a date of birth indicating a minor is provided.
9. Security / ความปลอดภัย
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption at rest (AES-256) and in transit (TLS)
- Row-level security on all database tables (data isolation per user/organiser)
- Separate storage for sensitive health data with restricted access
- Automatic data purge schedules for time-limited data
- JWT-based authentication with local signature verification
10. Cookies
We use only essential cookies for authentication session management. We do not use tracking or advertising cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the platform. The version number and effective date are shown at the top of this page.
12. Contact / ติดต่อเรา
HubQL Co., Ltd.
Email: privacy@lentennis.com
For data subject requests (access, deletion, portability), response time: within 30 days.