Skip to content
FlikVault

Privacy

Privacy policy

How we collect, use, and protect personal information at FlikVault. Last updated 29 April 2026.

This policy explains how FlikVault (“FlikVault”, “we”, “us”) handles personal information for visitors to www.flikvault.com and customers of our academy management platform at app.flikvault.com. It applies in addition to any data processing terms agreed with academy customers.

Who is the data controller

For data submitted directly to us through this website (such as demo requests), FlikVault is the data controller. For data uploaded into the FlikVault platform by an academy customer (such as player records, attendance, video, or invoices), the academy is the data controller and FlikVault acts as data processor under our customer agreement.

What we collect on this website

  • Demo and contact form submissions: name, email, academy name, country, role, optional message, and approximate player count.
  • Server logs: standard request metadata including IP address, user-agent, page viewed, and timestamp. Retained for up to 30 days for security and debugging.
  • Cookies: we use only essential cookies for site function. We do not run third-party advertising or behavioural-tracking pixels on this site.

What the platform collects (for academy customers)

When an academy uses FlikVault, the platform stores the data the academy uploads: staff and player records, parent and player contact details, attendance, sessions, billing records, video clips, reports, and communication. The academy controls what is collected, who has access, and retention. We process this data to deliver the service and as instructed by the academy under our customer agreement.

Children's data

FlikVault is used by academies that work with minors. We treat data about minors (including video) as sensitive. Consent is captured during academy intake by the parent or legal guardian, scope of consent (what data is collected, who can see it, whether video can be shared) is preserved against every record, and consent can be revoked. Each academy is responsible for ensuring it has the legal basis to collect and process minors' data under the law of the academy's jurisdiction.

How we use data

  • To deliver the service contracted by the academy customer.
  • To respond to demo, support, and partnership enquiries.
  • To improve the platform — only on aggregated and anonymised data.
  • To meet legal, regulatory, and security obligations.

We do not sell personal information. We do not share customer data with third parties for advertising or marketing.

Sub-processors

FlikVault uses a small set of trusted sub-processors to operate the service. The current list — and changes to it — are made available to academy customers on request and on our customer status page. Current categories:

  • Cloud infrastructure (DigitalOcean, region-specific)
  • Transactional email (Resend)
  • Cloud storage and CDN for video assets (DigitalOcean Spaces)
  • Error and performance monitoring (limited and pseudonymous)

Where data is stored

Australian academies' data is stored in Australia (Sydney region) by default. Indian and other regions' data residency is configured per agreement. Backups stay in the same region as the primary data. Data is encrypted at rest and in transit.

Retention

Data uploaded by academies is retained for the life of the customer agreement and is deleted (or returned to the academy) within 30 days of termination, except where law requires longer retention. Demo and contact submissions are retained for up to 24 months unless you ask us to delete them sooner.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export the personal information we hold about you. To exercise these rights:

  • If you are a parent, player, or staff member of an academy using FlikVault, please contact your academy first (they are the data controller).
  • If you have submitted a demo or contact form, or otherwise interacted directly with FlikVault, contact us at hello@flikvault.com.

Security

Encryption in transit (TLS 1.2+) and at rest. Audit logging on the platform. Role-based access controls between coaches, parents, players, and directors. Production database access restricted to a small operations team and gated by SSH key + 2FA. We run regular dependency and configuration audits.

Changes to this policy

We may update this policy. The “last updated” date at the top reflects the most recent change. Material changes affecting academy customers will also be communicated through the platform.

Contact

Questions about this policy or how we handle data: hello@flikvault.com.

This document is a plain-language summary of our practices. If your jurisdiction requires specific contractual terms (Standard Contractual Clauses, Data Processing Addendum under GDPR / UK GDPR / DPDP Act 2023 / Australian Privacy Act 1988), our data team can provide them.