Transition XL — Go Beyond Better

Legal

PRIVACY POLICY

Last updated: May 2025

1. Who We Are

Transition XL ("we", "us", "our") is a basketball academy operating in the United Kingdom. We are the data controller for personal information collected through our website (transitionxl.co.uk) and associated booking platform.

Contact for data matters: hello@transitionxl.co.uk

2. Data We Collect

We collect and process the following personal data:

  • Account data: name, email address, phone number, password (stored hashed with bcrypt).
  • Booking data: sessions booked, attendance history, cancellations.
  • Payment data: transaction records. We never store full card details — payments are processed by Stripe and tokenised on their infrastructure.
  • Child profiles: first name, last name, and date of birth of children, added by a parent or guardian.
  • Progress data: coach-logged development notes.
  • Usage data: session activity, streak counts, badges earned.
  • Communications: email and SMS notification history.

3. How We Use Your Data

We use your personal data to:

  • Manage your account and authenticate you securely.
  • Process session bookings and payments.
  • Send booking confirmations and session reminders (email and SMS).
  • Track attendance and award gamification badges.
  • Generate motivational messages powered by AI (Anthropic). These messages are generated using only your first name, total sessions attended, and current streak — no personally identifiable details are sent to the AI provider beyond this.
  • Comply with legal and tax obligations.
  • Send newsletters and promotional emails, where you have opted in.

4. Legal Basis (GDPR)

We process your data under the following lawful bases:

  • Contract: processing necessary to fulfil your session bookings.
  • Consent: marketing emails and SMS notifications. You can withdraw consent at any time in your account settings.
  • Legitimate interests: fraud prevention, security, and platform improvement.
  • Legal obligation: financial record-keeping and tax compliance.

5. Third-Party Processors

We share data with the following trusted processors:

  • Stripe — payment processing (UK/EU data centre).
  • SendGrid (Twilio) — email delivery.
  • Twilio — SMS delivery.
  • MongoDB Atlas — database hosting (EU region).
  • Anthropic — AI message generation. Only anonymised usage statistics are sent (no name, email, or identifying details beyond first name).
  • Google — Google OAuth (if you choose to sign in with Google).

All processors are GDPR-compliant and bound by data processing agreements.

6. Data Retention

  • Account data: retained for the duration of your account, then deleted within 30 days of account closure.
  • Booking and payment records: retained for 7 years for tax and legal compliance.
  • Notification logs: retained for 12 months.
  • Progress notes: retained until you request deletion or your account is closed.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten"), subject to legal retention requirements.
  • Restrict processing in certain circumstances.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent for marketing communications at any time.

To exercise any of these rights, email us at hello@transitionxl.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use strictly necessary cookies for session management (authentication tokens). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded without your explicit consent.

9. Children's Data

Where parents or guardians create sub-profiles for children under 18, this data is collected with the consent of the responsible adult. We do not knowingly collect data directly from children under 13 without verified parental consent.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be notified by email. The "last updated" date at the top of this page will always reflect the most recent version.