Skip to main content
Legumpire
Create your club

Privacy Policy

Effective 15 May 2026

Draft — review with a lawyer before publishing.

This document is a starting template and does not constitute legal advice. Each club using Legumpire has its own privacy policy at /c/<slug>/privacy; this one covers Legumpire-the-platform.

1. Who we are

Legumpire ("we", "us", "our") operates a multi-tenant cricket club operations platform at legumpire.com. Each cricket club using the platform is a separate "Tenant"; their own privacy policy applies to data they collect from their members. This policy covers data we hold on behalf of all tenants and visitors.

2. What we hold

  • Account data — your email address, name, and (if you sign in with Google) the OAuth account identifier returned by Google.
  • Tenant membership data — which clubs you belong to and your role within each (owner, admin, EC, player, sponsor, etc.).
  • Authentication artefacts — short-lived one-time passcode hashes (never plaintext) and session tokens.
  • Usage and diagnostic data — pages visited, clicks, and error reports automatically captured by our analytics and monitoring providers.
  • Per-tenant operational data — fixtures, availability, player profiles, scoring, sponsors, etc. We hold this on behalf of each tenant and treat it as their data; we access it only to operate the Service or to respond to specific tenant requests.

3. Tenant isolation

Each tenant's operational data (player rosters, availability, scoring, etc.) is isolated. Members of one tenant cannot see another tenant's data unless they hold a role in both. Public surfaces (a tenant's landing page, fixtures, sponsors) are intentionally browsable without sign-in; everything else requires the right tenant role.

4. Processors we use

  • Google — OAuth sign-in (when you choose to use it).
  • Neon — managed PostgreSQL database hosting.
  • Vercel — application hosting and edge networking.
  • Resend — transactional email delivery.
  • Sentry — server and client error monitoring.
  • PostHog — product analytics.
  • Vercel Blob / S3-compatible storage — profile photo storage.

We do not sell or rent personal information. We do not share data with advertisers or data brokers.

5. Cookies and analytics

We use a small number of cookies and similar storage mechanisms (localStorage) to keep you signed in and to remember your preferences. Where analytics cookies are used, you will be asked for consent on first visit and can withdraw consent at any time by clearing site data or contacting us.

6. Data retention

We keep account records for as long as your account is active and for a reasonable period afterwards. One-time passcodes expire within ten minutes. Tenant operational data is retained on behalf of the tenant; deletion of that data is the tenant's call. Error and analytics events are retained for a limited period in line with each provider's defaults.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete the personal information we hold about you, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, contact us at hello@legumpire.com.

8. Security

We use industry-standard practices to protect information, including encrypted transport (HTTPS), hashed one-time codes, and access controls on the underlying database.

9. Contact

For privacy questions, requests, or complaints about the platform, please contact us at hello@legumpire.com. For questions about a specific club's data, contact that club directly.

10. Changes

We may update this policy from time to time. Material changes will be notified to account holders by email or via an in-app notice. The "Effective" date at the top of this page reflects the current version.

See also: Terms of Use.