Home Features Pricing Compare About Blog

For Clubs

Football GAA Rugby Cricket Coaches Secretary Club Admins Parents
Join the Waitlist

Privacy Policy

Effective date: 4 May 2026

This Privacy Policy explains how NoviNine Entertainment Limited (“we”, “our”, or “us”) collects, uses, and protects personal data when you use the CTM Club Team Management mobile application (“CTM”, “the App”) and the website at getctm.app.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and applicable UK data protection law.

1. Data Controller

The data controller is NoviNine Entertainment Limited, a company registered in Ireland. Contact: privacy@novinine.com. For requests relating to data protection rights, you can also contact our Data Protection Officer at dpo@novinine.com.

2. What we collect

We collect the following categories of personal data:

  • Account data: name, email address, phone number, and (where supplied) profile photo.
  • Club & team data: the club, team(s), and role(s) you belong to, and the data you (or your club admins) enter while using the App, including fixtures, attendance, messages, scorecards, and payment records.
  • Children’s data: where a parent or club admin records information about a child member (name, age group, attendance, RSVPs), this data is held under the parent’s or club’s legal basis. We apply additional safeguards for children’s data, including restricted visibility within the club.
  • Payment data: when you make payments through CTM, payment-card details are processed by Stripe. We do not store card numbers. We retain a record of the transaction (amount, date, fee) tied to your account.
  • Usage data: device type, app version, IP address (truncated), session timestamps, and crash reports.
  • Cookies / website analytics: getctm.app uses Vercel Analytics (privacy-respecting, no cross-site tracking) and Google Search Console.

3. Why we use your data (lawful bases)

  • Performance of the contract: to provide CTM features you sign up for (accounts, messaging, fixtures, payments).
  • Legitimate interests: to keep the service secure, prevent fraud, and improve product quality (with usage analytics).
  • Legal obligation: for tax, accounting, and safeguarding records.
  • Consent: for any optional communications such as product updates by email.

4. Where your data is stored

Personal data is stored on Google Firebase (Google Cloud) infrastructure within the European Union (Ireland or Belgium regions). Payments are processed by Stripe. Where any sub-processor transfers data outside the European Economic Area, we rely on appropriate safeguards including the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable.

5. Data retention

We retain personal data for as long as your account is active, plus a defined retention period needed for legal, accounting, and dispute-resolution purposes (typically up to seven years for transactional records). When you close your account, we will delete or anonymise personal data within 30 days, except where retention is required by law.

6. Sharing your data

We do not sell personal data. We share data only with the sub-processors needed to operate CTM:

  • Google Firebase (hosting, authentication, push notifications)
  • Stripe (payments)
  • Apple and Google (App Store / Google Play services)
  • Vercel (website hosting and analytics)

Your club’s data is visible only to authorised members of your club, in line with the role-based access controls in the App.

7. Your rights under GDPR

You have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability: receive your data in a structured, common format.
  • Withdraw consent at any time, where processing relies on consent.
  • Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

To exercise any of these rights, email privacy@novinine.com.

8. Children’s data and safeguarding

CTM is designed primarily for use by club admins, coaches, and parents. Where information about a child is recorded, it is held under the parent’s or club’s responsibility. Coaches in clubs on the Champion tier must have certifications logged before accessing junior content. Parents can request deletion of their child’s data at any time by contacting their club admin or privacy@novinine.com.

9. Security

We use industry-standard security controls including encryption in transit (TLS), encryption at rest, role-based access control, and regular security reviews. No system is perfectly secure; please contact us immediately if you suspect a security issue.

10. Changes to this policy

We may update this policy from time to time. The current version is always available at getctm.app/privacy. Material changes will be notified to active users by email or in-app notice.

11. Governing law

This policy is governed by the laws of Ireland.

Contact

NoviNine Entertainment Limited
Email: privacy@novinine.com
DPO: dpo@novinine.com