Privacy Policy
Effective date: 22 May 2026
Rugby Ref Coach ("we", "us", "our") is operated by Thornton & Co Holdings. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our web application at app.rugbyrefcoach.com and our website at www.rugbyrefcoach.com (collectively, the "Service").
By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
Account information — when you register we collect your email address and a password. Passwords are managed by AWS Cognito and are never stored in plain text.
Match and coaching data — all match events, penalties, coaching moments, notes, field positions, scores and related data that you enter into the Service. This data is created by you and stored on your behalf.
Association data — if you create or join a referee association, we store the association name, membership details and any reports shared within the association.
Usage data — we may collect technical information such as your browser type, device type, IP address and pages visited. This information is collected automatically by our hosting infrastructure (Amazon Web Services) and is used solely for operational purposes such as performance monitoring and security.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain and improve the Service
- Authenticate your identity and manage your account
- Store and synchronise your match and coaching data across devices
- Enable sharing of match reports with other users or association members when you choose to do so
- Send transactional emails (account verification, password resets)
- Monitor the Service for security threats and abuse
3. Data Storage and Security
Your data is stored on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Sydney) ap-southeast-2 region. We use industry-standard security measures including:
- Encryption in transit via HTTPS/TLS
- AWS Cognito for secure authentication and token management
- Per-user data isolation — your match data is only accessible to your authenticated account
- Server-side access controls on all API endpoints
While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
4. Data Sharing and Disclosure
We do not sell, rent or trade your personal information to third parties.
Your data may be shared in the following limited circumstances:
- When you choose to share — if you share a match report via a public link or with specific users, those recipients can view the shared report
- Association members — if you belong to an association, association administrators may view match reports you submit to the association
- Service providers — we use AWS to host and operate the Service. AWS processes data on our behalf under their own privacy and security commitments
- Legal requirements — we may disclose your information if required by law, regulation or legal process
5. Data Retention
Your account and match data are retained for as long as your account is active. If you delete a match, it is moved to a soft-delete state and can be restored by you or a super admin. Permanently deleted data is removed from our databases.
If you wish to delete your entire account and all associated data, please contact us using the details below.
6. Your Rights
You have the right to:
- Access your data — all your match data is visible within the app at any time
- Correct your data — you can edit any match, event or coaching note at any time
- Delete your data — you can delete individual matches or request full account deletion
- Export your data — you can generate PDF reports of any match
- Withdraw consent — you can stop using the Service at any time
If you are located in the European Economic Area (EEA), you may also have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.
Australian users have rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
7. Cookies and Tracking
The Service uses session-based authentication tokens stored in your browser's local storage. These are functional tokens required for the app to operate and are not used for advertising or tracking purposes.
We do not use third-party analytics, advertising cookies or tracking pixels.
8. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to remove that information.
9. Third-Party Links
The Service may contain links to third-party websites (such as World Rugby). We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policies of any third-party site you visit.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: