Rotate. Back to site

Privacy Policy

Last updated 14 June 2026. Written for the UK and Ireland (UK GDPR and the Data Protection Act 2018; the EU GDPR and the Irish Data Protection Act 2018). This is a working draft and should be reviewed by a qualified data-protection adviser before launch; it is not legal advice. Placeholders in [square brackets] must be completed.

This policy explains how Rotate Performance ("Rotate", "we", "us"), a service operated by Move at Pace [trading name of [Move at Pace Ltd], registered in [Northern Ireland / England & Wales], company number [company number], registered office [registered office address]], handles personal data. We take particular care with data about children and young people.

1. Our role: controller and processor

Rotate is used by coaches and clubs. Your role determines ours:

  • Player records you create. When a coach or club records information about their players (including under-18s), the coach or club is the data controller and Rotate is the data processor, acting on their instructions. We process that data to provide the Service and as set out in our data-processing terms.
  • Account, login and billing data. For the data we need to run accounts, sign-in, security and payments, Rotate is the controller.

If you are a player or parent and have a question about your data, contact the coach or club you are connected with in the first instance, as they control that record. We will support them in responding.

2. The personal data we collect

  • Account data: name, email, password (stored hashed), and role.
  • Workspace data: club or organisation name, members, roles, and settings.
  • Player profiles, including under-18s: name, date of birth, gender, region, assessments and scores, goals, training and session records, attendance, coach notes, and consent records, entered by coaches, players, or parents.
  • Parent and player accounts: name, email, and the approved links between a parent and the players they may see.
  • Payment data: billing contact and subscription details. Card payments are handled by Stripe; we receive confirmation and limited details, not full card numbers.
  • Communications: messages and announcements you send through the Service, and support correspondence.
  • Usage and technical data: log, device, and security data needed to run and protect the Service.

3. How we collect it

We collect data you and your members provide directly (at sign-up and while using the Service), data generated automatically as you use the Service (logs and essential cookies), and data from our payment processor when you subscribe.

4. Cookies and similar technologies

We use strictly necessary cookies to sign you in, keep your session secure, and remember essential preferences. We do not use advertising cookies or sell data for advertising. Where any non-essential analytics are used, we will ask for consent as required by the Privacy and Electronic Communications Regulations (UK) and the ePrivacy Regulations (Ireland). You can control cookies in your browser, though disabling essential cookies will stop the Service working.

5. How we use data and our lawful bases (UK/EU GDPR Article 6)

  • To provide the Service (planning, assessments, goals, communications, billing) — performance of our contract with you.
  • To take payment — performance of a contract and compliance with legal obligations (for example tax and accounting).
  • To secure, support, maintain and improve the Service — our legitimate interests in running a safe, reliable product, balanced against your rights.
  • To meet legal and safeguarding obligations — legal obligation and, where relevant, substantial public interest.
  • Consent — where we rely on it (for example certain communications), which you can withdraw at any time.

For player records, the coach or club is responsible for the lawful basis and for obtaining any consents needed before entering a player's data. We do not sell personal data and we do not use players' data for advertising or to train third-party AI models.

6. Children and young people

Much of the information in Rotate concerns under-18s. It is entered by the responsible coach, club, parent, or the player. Accounts for minors are intended to be managed by a parent or guardian; parent-child links require coach approval; and consents are recorded and versioned. Under UK law, children can consent to online services from age 13; in Ireland the digital age of consent is 16. Where consent is the basis, the coach or club must obtain it from a parent or guardian below the relevant age. Squad-selection decisions are visible only to coaches.

7. Who we share data with (sub-processors)

We use a small number of vetted providers to run the Service. They act under contract, only process data to provide their service to us, and are bound by appropriate data-protection terms:

  • Hosting and database — hosted in the European Union (Germany).
  • Stripe — payment processing.
  • Amazon Web Services (SES) — transactional email (EU region, Ireland).
  • AI provider — optional drafting features (see "AI features" below).

We may also disclose data where required by law, to establish or defend legal claims, or to protect the rights and safety of users (including safeguarding). We do not sell your data. A current list of sub-processors is available on request.

8. International transfers

Personal data is primarily stored within the EU/EEA. The UK recognises the EEA as providing adequate protection, and the EU recognises the UK as adequate, so UK–EEA transfers are permitted. Where a provider processes data outside the UK/EEA (for example certain payment or AI processing in the United States), we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and the EU Standard Contractual Clauses.

9. How long we keep data

We keep personal data for as long as the account is active and for a reasonable period afterwards, then delete or anonymise it, except where we must keep certain records longer to meet legal obligations (for example financial records). Controllers (coaches and clubs) set retention for their player records and can delete them at any time; we act on those instructions.

10. Your rights

Subject to applicable law, you have the right to: access your personal data; have it corrected; have it erased; restrict or object to certain processing; data portability; and to withdraw consent where processing is based on it. To exercise these rights, contact us (or, for player records, the relevant coach or club, who is the controller). We will respond within the time limits set by law and will not charge unless a request is manifestly unfounded or excessive.

11. AI features

Some optional features (such as draft training plans and assessment summaries) use a third-party AI provider to generate suggestions. Only the data needed to produce the output is sent, it is processed under a data-processing agreement, and it is not used to train the provider's models. AI output is a suggestion for the coach to review, not a decision made about anyone. These features can be left switched off.

12. How we protect your data

Data is encrypted in transit, passwords are stored hashed, access is role-based, and database-level access controls (row-level security) restrict each user to only the data they are permitted to see. We restrict and log administrative access and keep the platform patched. No system is perfectly secure, but we work to protect your data and will notify you and the relevant regulator of a personal-data breach where the law requires.

13. Marketing and communications

We send service and transactional messages needed to run your account (for example billing, security, and password resets). Any optional marketing is sent only with the appropriate consent or where permitted, and you can opt out at any time. Opting out of marketing does not stop essential service messages.

14. Third-party links

The Service may link to third-party sites we do not control. This policy does not cover them; please review their own privacy notices.

15. Changes to this policy

We may update this policy from time to time. We will post the current version here and, for material changes, give reasonable notice. The "last updated" date shows the latest revision.

16. Complaints

If you have a concern, please contact us first. You also have the right to complain to a supervisory authority:

  • UK — Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; ico.org.uk; 0303 123 1113.
  • Ireland — Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28; dataprotection.ie.

17. Contact

For privacy questions or to exercise your rights: privacy@rotateperformance.com. General and account queries: support@rotateperformance.com. [If you appoint a Data Protection Officer or UK/EU representative, add their details here.]

© 2026 Rotate Performance · The coaching platform for racket sports