Privacy Policy

1. Personal Data We Collect

1.1 Personal Data Provided by You

We may collect personal data including, but not limited to:

• Full name
• Email address
• Phone number
• Profile details (coach biography, experience, certifications, pricing)
• Booking information and schedules
• Communications and messages
• Billing and subscription information (processed via third-party payment providers)

1.2 Personal Data Collected Automatically

When you use the Service, we may automatically collect:

• IP address
• Device and browser information
• Usage data, logs, and timestamps
• Cookies and similar tracking technologies

1.3 Personal Data from Third Parties

We may receive personal data from:

• Authentication providers (e.g. Supabase Auth for email-based sign-in)
• Payment processors (e.g. Stripe for subscription billing)
• Google APIs — when you connect your Google account for calendar integration, we receive your Google email address, calendar event data, and free/busy information (see Section 3 for details)
• E-commerce platforms such as Shopify

2. Purpose of Processing Personal Data

In accordance with the PDPA, we process personal data for lawful and relevant purposes, including:

• Creating and managing user accounts
• Facilitating bookings between coaches and customers
• Processing payments and subscriptions
• Displaying coach profiles and availability
• Communicating confirmations, updates, and support responses
• Improving our Service and user experience
• Preventing fraud, misuse, or security threats
• Complying with legal and regulatory requirements

3. Google API Services — User Data

The PickleBase Coach App offers an optional Google Calendar integration that allows coaches to sync their coaching schedules with Google Calendar. This feature uses Google API Services and is subject to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google Data We Access

When you connect your Google account, we request access to the following scopes:

• Google email address — to identify the connected Google account and display it in your settings
• Calendar events (read) — to retrieve your free/busy times and prevent double-booking
• Calendar events (write) — to create, update, or cancel coaching session events in your Google Calendar when bookings are confirmed, modified, or cancelled

3.2 How We Use Google Data

Google user data is used solely to:

• Display your connected Google email address in your calendar integration settings
• Query your calendar for busy times so that your coaching availability is accurate
• Create, update, and delete calendar events that correspond to coaching session bookings

We do not use Google user data for advertising, analytics, market research, or any purpose unrelated to providing and improving the calendar sync feature you have enabled.

3.3 How We Store Google Data

• Your Google OAuth refresh token and access token are encrypted at rest using AES-256-GCM encryption and stored in our database. These tokens are used only to maintain your calendar connection.
• Your Google email address is stored in plaintext for display purposes in your settings.
• Calendar event data (event titles, times, busy/free status) is queried in real time from Google and is not permanently stored in our database.

3.4 Google Data Sharing

We do not share, transfer, or disclose Google user data to any third party, except:

• With your explicit consent
• Where necessary for security purposes (e.g. investigating abuse)
• Where required by applicable law, regulation, or legal process
• In connection with a merger, acquisition, or sale of assets, provided the successor agrees to protect Google user data in accordance with this policy

We do not transfer Google user data to advertising platforms, data brokers, information resellers, or any party engaged in surveillance or profiling.

3.5 Limited Use Compliance

The PickleBase Coach App's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve the calendar integration feature that is visible and prominent to you as a user.
• We do not allow humans to read your Google user data unless you have given explicit affirmative consent, it is necessary for security purposes, it is required to comply with applicable law, or the data has been aggregated and anonymised for internal operations.
• We do not transfer or sell Google user data to third parties, except as described in Section 3.4 above.

3.6 Revoking Google Access

You may disconnect your Google Calendar integration at any time through your coach dashboard settings. When you disconnect:

• Your stored Google OAuth tokens (refresh token and access token) are permanently deleted from our database.
• Your stored Google email address is removed.
• We will no longer access your Google Calendar data.

You may also revoke access directly from your Google Account permissions page.

4. Disclosure of Personal Data

We do not sell your personal data.

We may disclose personal data to:

• Service providers and vendors who assist in operating the Service
• Coaches and customers where disclosure is necessary to complete bookings
• Legal or regulatory authorities where required by law
• Successors in the event of a business restructuring, merger, or sale

All third parties are required to protect your personal data and process it only for authorised purposes.

5. Cookies

We use cookies and similar technologies to:

• Enable essential site functionality
• Maintain login sessions
• Analyse usage patterns and improve performance

You may disable cookies via your browser settings, but doing so may limit certain features of the Service.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required under applicable laws and regulations.

When personal data is no longer required, it will be securely deleted or anonymised.

7. Data Security

We take reasonable steps to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction by implementing appropriate administrative, technical, and physical safeguards.

However, no electronic transmission or storage method is completely secure.

8. Access and Correction of Personal Data

In accordance with the PDPA, you have the right to:

• Request access to your personal data
• Request correction of inaccurate, incomplete, or outdated personal data

Requests may be made by contacting us using the details in Section 13. We may require verification of identity before processing such requests.

9. Withdrawal of Consent

You may withdraw your consent to the processing of your personal data at any time by providing written notice to us. Please note that withdrawal of consent may affect your ability to use certain features of the Service.

10. Personal Data of Minors

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal data from minors without parental or guardian consent.

11. Transfer of Personal Data Outside Malaysia

Your personal data may be transferred to, stored, or processed outside Malaysia. Where such transfers occur, we will take reasonable steps to ensure that the receiving jurisdiction provides a level of protection comparable to the PDPA.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after such changes constitutes acceptance of the revised Privacy Policy.

13. Contact Information

If you have any questions, requests, or complaints regarding this Privacy Policy or our handling of personal data, please contact:

The PickleBase
Email: hello@thepicklebase.com
Website: coach.thepicklebase.com