Privacy Policy

Effective date: 27 May 2026

What we collect

CobraHQ collects account details, organisation details, club member records, player and guardian information, attendance records, session details, payment and billing references, invite activity, support messages, and technical information such as device, browser, log, and security event data.

How we use it

We use personal information to provide club management tools, authenticate users, manage access, operate teams and sessions, send transactional notifications, process payments through our payment providers, support clubs, maintain security, improve the service, and meet legal and compliance obligations.

Children and guardians

Grassroots football clubs may use CobraHQ to manage information about children. Clubs are responsible for having authority to provide and manage player and guardian information. CobraHQ processes that information to deliver the service to the club and authorised users.

Who we share it with

We share information with service providers that help operate CobraHQ, including hosting, database, email, SMS, payment, analytics, error monitoring, and support providers. We use cookieless, IP-anonymised page-view and visitor analytics through Vercel. We use Amplitude for product and marketing-funnel analytics to understand and improve how the service is used, including anonymous, non-identifying funnel events before sign-in — on our public web pages (such as page and pricing views and which calls-to-action are used) and on the sign-in and sign-up screens of our web and mobile apps (such as whether a sign-in was attempted and whether it succeeded or failed, recorded as a coded reason); these events carry no names, emails, passwords, or other directly identifying details, and we do not use them for cross-site or cross-app tracking. We use Sentry as an error-monitoring sub-processor. We do not sell personal information. We may disclose information where required by law, to protect the service, or as part of a business transfer.

Storage and security

CobraHQ is built for Australian clubs and uses reasonable technical and organisational safeguards for personal information. Some service providers may process information outside Australia. We keep service-role credentials server-side and separate client-safe code from privileged server operations.

Data retention

We retain information while an organisation uses CobraHQ and for as long as needed for operational, legal, accounting, dispute, backup, and security purposes. Application records are soft-deleted first so clubs can recover from mistakes and so audit requirements can be met.

Your rights

You may request access to, correction of, or deletion of personal information, subject to legal and operational limits. Parents and guardians may contact their club or CobraHQ about information relating to a child. Australian users may also contact the Office of the Australian Information Commissioner.

Contact us

For privacy questions or requests, contact nick@cobrahq.app. We may need to verify your identity and, for club-managed records, coordinate with the relevant organisation before changing or releasing information.

Last updated: 27 May 2026