Privacy Policy

Effective: March 28, 2026

Boccia Connect ("we", "us", "our") operates the boccia.website platform as part of the Beava ecosystem. This privacy policy describes how we collect, use, store, and protect your personal information when you use our platform.

Boccia Connect is a free community platform. We do not sell your data, display advertising, or use tracking technologies to profile you.

1. Information We Collect

Account Information

When you create an account, we collect:

• Full name
• Email address
• Username
• Password (stored as a one-way cryptographic hash — we never store or have access to your plain-text password)

You may optionally provide:

• Phone number
• City, province/state, and country
• Participation roles (player, volunteer, coach, referee, etc.)

Club Membership Data

When you join a club, the following information may be collected:

• Role within the club (member, volunteer, coach, manager)
• Boccia classification (BC1–BC4, Open, Recreational)
• Experience level
• Biography
• Medical notes (visible only to club managers)
• Emergency contact name and phone number (visible only to club managers)

Player Profiles

If you create a player profile, we collect:

• Classification and experience level
• Location (city, province, country)
• Travel radius for practice partner matching
• Practice time preferences and equipment needs
• Biography

You control whether your player profile is visible to others via a visibility setting.

Coach and Referee Profiles

If you register as a coach or referee, we collect:

• Role (coach, referee, or both)
• Certification level, number, and expiry date
• Location and travel radius
• Availability for events and clubs
• Specializations and experience level
• Phone number and biography

Event Registration

When you register for an event, we collect:

• First and last name, email, and phone number
• Boccia classification and club affiliation
• Dietary restrictions
• Emergency contact information

This information is shared with the event organizer to facilitate the event.

Donations and Payments

When you make a donation or pay membership dues through a club, we collect:

• Your name, email address, donation amount, and optional message

Payment card details are processed directly by Stripe and never reach or are stored on our servers. Each club configures its own Stripe account — Boccia Connect is not a party to the financial transaction between you and the club.

Chat Messages

If you participate in club chat, your messages (including your username and club context) are stored to enable the real-time messaging feature. Club managers may delete individual messages or clear chat history.

Club Email Accounts

Clubs with a verified custom domain may provide branded email accounts to their members. Email account credentials are stored in encrypted form. Email messages are stored on our mail server infrastructure and are accessible to the account holder through the platform's webmail interface.

2. Cookies and Session Data

We use a single session cookie to maintain your login state:

• Cookie name: connect.sid
• Purpose: Maintaining your authenticated session
• Duration: 7 days
• HttpOnly: Yes (not accessible to JavaScript)
• SameSite: Lax
• Secure: Yes (in production, transmitted only over HTTPS)

We do not use analytics cookies, tracking cookies, advertising cookies, or any third-party cookies.

3. What We Do Not Collect

Boccia Connect does not:

• Use Google Analytics or any other analytics service
• Use tracking pixels, web beacons, or fingerprinting
• Display advertisements or work with ad networks
• Sell, rent, or share your data with third parties for marketing purposes
• Profile your behavior for targeted content or advertising

4. How We Use Your Information

We use your information to:

• Provide and maintain the Boccia Connect platform
• Enable club membership, communication, and management features
• Facilitate event registration and participant coordination
• Process donations and dues payments through clubs' Stripe accounts
• Match you with practice partners and coaches in your area
• Display your profile in directories (subject to your visibility settings)
• Maintain platform security through session management and CSRF protection

5. Third-Party Services

Stripe

Clubs may configure Stripe for payment processing (donations and membership dues). When you make a payment, your payment information is handled directly by Stripe under their privacy policy. Each club manages its own Stripe account and relationship with Stripe independently.

Firebase Cloud Messaging

The Boccia Connect mobile app may use Firebase Cloud Messaging to deliver push notifications. Device tokens are stored to enable this functionality. You can disable push notifications in your device settings at any time.

6. Data Storage and Security

We take the security of your data seriously:

• Passwords are hashed using bcrypt with a strong salt factor and cannot be reversed
• Sensitive data (email credentials, payment configuration) is encrypted using AES-256-GCM encryption
• All connections are secured with HTTPS in production
• CSRF protection is applied to all form submissions
• Security headers (Content Security Policy, HSTS, and others) are applied via Helmet.js
• API endpoints are rate-limited to prevent abuse

7. Data Retention

• Account data: Retained while your account is active
• Session data: Automatically expires after 7 days
• API refresh tokens: Automatically expires after 30 days
• Email rate-limit logs: Automatically deleted after 24 hours
• Club memberships: Retained as inactive when you leave a club (your profile data within that club is preserved in case you return)
• Chat messages: Retained until deleted by a club manager or until you request deletion

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data through your account and profile settings
• Delete your account and associated personal data
• Control visibility of your player and coach profiles through privacy settings
• Export your data upon request

To exercise these rights, contact us through your club manager or platform administrator.

9. Children's Privacy

Boccia Connect is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can remove it.

Minors between 13 and 18 should use the platform with the involvement of a parent or guardian.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will update the effective date at the top of this page. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or how your data is handled, please contact us through your club manager, platform administrator, or by visiting the About page.