Privacy Policy

Bluebridge LLC (“Bluebridge,” “we,” or “us”) operates the Bluebridge platform for tennis officiating (the “Service”). This Privacy Policy explains what information we collect when you use the Service, how we use it, who can see it, and the choices you have. By using the Service you agree to the collection and use of information as described here.

When you sign up, complete your profile, apply to events, accept assignments, or send messages, you give us things like:

• Your name, email address, and password.
• Optional profile details, phone number, mailing address, USTA section, certifications, and roles you officiate.
• Applications, assignment responses, release requests, and match reports.
• Free-text fields you fill out (release reasons, group notes, event descriptions, etc.).
• Calendar dates you mark as blocked (unavailable) from your officials dashboard.
• Tax-form (W-9) data you submit to Profile → Tax & Finance → Tax info so Bluebridge can generate a filled IRS Form W-9 on your behalf when you (or an assignor you have explicitly authorized) send it to a payor. See “Tax forms (W-9) and TIN handling” below for how the taxpayer identification number is stored.
• Subscription / billing details, when you start a paid Bluebridge plan as an assignor. The payment method itself (card number, bank account) is captured by Stripe inside their hosted Checkout — Bluebridge never receives it. From Stripe we store only your plan kind, plan status (active / trialing / past_due / canceled), renewal date, trial-end date, and a Stripe customer identifier so we can route you back to their Customer Portal to manage billing.

Some information is created by your use of the Service rather than typed in by you:

• Authentication metadata such as login timestamps, IP address, and basic device information.
• Records of platform activity, events you created, matches you were assigned to, who assigned you, who accepted your application, when status changes happened, and viewer seats granted on events (who was added, by whom, and when).
• Per-event match-reminder preferences for viewers (the event, the user, and the chosen cadence in days) so the reminder job knows when to send.
• Email delivery status (sent, bounced, etc.) for transactional messages.
• Derived location data. If you fill in a mailing address on your profile, we send the street/city/state/zip to a geocoding service to determine the U.S. county your address falls in. We store the resulting county name on your profile for potential future product use; we do not store latitude/longitude.

Bluebridge is a coordination platform, so some of the information you provide is intentionally visible to other users:

• When you apply to an event, the assignor for that event can see your name, profile, and any contact details you have chosen to share on your profile.
• When you are assigned to a match, other officials on the same match can see that you are assigned and your role (head referee, line judge, etc.).
• If you are a member of a group, the group owner and other members can see your name and that you belong to that group.
• Assignors with access to the platform-wide officials directory can see your name, email, USTA section, and city (built from address_city and address_state). Your full street address is never shown to other users.
• When an assignor attempts to assign you to a date you have blocked, the assignor sees a “Blocked this date” indicator on your row and a confirmation step warning that you marked the date unavailable; they can override the warning if they choose to. The specific list of dates you have blocked is not surfaced outside that one-date-at-a-time check.
• Match reports submitted by an official may be viewed by the event's assignor and by Bluebridge administrators.
• If you have been granted viewer access to a specific event (a per-event, read-only role for coaches, athletic directors, and support staff), the assignor who added you sees your name and email on that event's viewers panel. The grant is scoped to that single event; being a viewer on one event does not expose your information on any other event.
• Viewers on an event see the name, email, and phone number (when provided) of each official accepted onto a date of that event, along with the contact info of the assignor and any co-assignors. Viewers do not see information about events they have not been granted access to.

You can review and update what is on your profile from the in-app Profile page at any time.

The viewer role is a per-event, read-only access tier. An assignor can grant viewer access on an event they own; the recipient can read the officials roster for that event and copy contact details, but cannot apply, accept, assign, or edit anything.

When viewer access is granted:

• The assignor sees the viewer's name and email on the event's viewers panel, so they know who they have added.
• The viewer sees the name, email, and phone number of every official accepted onto a date of that event (phone is shown when the official has provided one), plus the contact info of the assignor and any co-assignors.
• The grant is per-event. A viewer added to one event does not gain visibility into any other event the assignor runs and does not appear in the platform-wide officials directory.

If you receive officials' contact information through the viewer role, you agree to use it only for communication related to the event for which you were granted access. Do not pass it to third parties, add it to mailing lists, or use it to solicit officials outside the scope of that event. Assignors can revoke viewer access at any time, and once revoked you no longer have access to the event page or to future reminder emails for that event.

Viewers can opt in, on a per-event basis, to receive a reminder email a chosen number of days (1, 3, or 7) before each date on the event. Opting in is an explicit choice on the event page; absence of a setting means no reminders are sent. Because the reminder is an explicit opt-in, the general email-notification toggles in your profile do not suppress it — turning off other notification categories will not stop a reminder you asked for.

Each reminder email contains the date and time (or tournament day) of the upcoming match, the matchup and gender (for college matches), the name, email, and phone number of each accepted official for that date, the assignor's contact info, and a link back to the event page. You can change the cadence or turn the reminder off at any time from the event page; the change takes effect on the next daily run.

We use your information to:

• Operate, maintain, and improve the Service, authenticate you, surface your assignments and applications, and let assignors and officials coordinate.
• Send you transactional email related to your account (assignments, password resets, access requests, and similar notifications).
• Diagnose problems, prevent abuse, and enforce our Terms of Service.
• Comply with legal obligations.

We do not sell your personal information, and we do not use your information for third-party advertising.

Some emails are essential to the Service, assignments, password resets, and account-security notices, and cannot be turned off without closing your account. Other emails (such as viewer match reminders) are explicit, per-event opt-ins that the user controls directly from the relevant event page. Optional or promotional messages, if we ever send them, will include an unsubscribe link.

We use cookies and similar storage to keep you signed in and to remember your preferences. The session cookie is set by our authentication provider (Supabase) and is required for the Service to work. We do not currently use third-party advertising or cross-site tracking cookies.

We rely on a small number of vendors to run Bluebridge:

• Supabase , database hosting and authentication.
• Vercel , application hosting and serverless functions.
• Resend , delivery of transactional email.
• Stripe , subscription billing and payment processing for assignor plans. When you start a paid plan we pass Stripe your name, email, plan selection, and billing country; Stripe collects and stores your payment method (card or bank details) directly inside their hosted Checkout and Customer Portal. Bluebridge never sees your full card number, CVV, or bank account in cleartext — we only store the Stripe customer identifier and the subscription state (plan, status, renewal / trial dates) Stripe sends back. Stripe's processing is governed by their own privacy notice at stripe.com/privacy.
• U.S. Census Geocoder , public geocoding service we query with the address on your profile to derive the county. Address fields are sent only when you save a profile that includes them.
• OpenStreetMap (Nominatim) , fallback geocoding service used when the Census query doesn't return a county. Same scope as above: only address fields, only at save time.

These providers process your information on our behalf under their own privacy commitments. We do not share your information with third parties for their own marketing.

We retain your account information for as long as your account is active. Event records, applications, assignments, and match reports are retained as part of the historical record of the Service so assignors and officials can refer back to past seasons. You can request deletion of your account by contacting us; once deleted, your profile is removed, but anonymized references in shared records (e.g. a past match report that listed your name) may be preserved.

Bluebridge is operated from, and stores data in, the United States. If you access the Service from outside the U.S., you consent to the transfer of your information to the U.S. for processing.

You can review and update most of your personal information from the in-app Profile page. You can also email us to:

• Request a copy of the information we hold about you.
• Ask us to correct inaccurate information.
• Ask us to delete your account.

Depending on where you live, you may have additional rights under applicable privacy law (including the GDPR or CCPA). California residents have the right to know what personal information we collect, to request deletion, and to not be discriminated against for exercising those rights. We do not sell personal information.

We use industry-standard safeguards to protect your information, including encryption in transit and at rest and role-based access controls scoped to event ownership and group membership. No system is perfectly secure; we encourage you to choose a strong password, keep it confidential, and notify us promptly if you suspect unauthorized access to your account.

The Tax info section of your Profile lets you submit the fields the IRS requests on Form W-9, including a taxpayer identification number (SSN or EIN). Because the TIN is especially sensitive, we apply stronger controls to it than to other profile data:

• Your TIN is encrypted at the application layer using AES-256-GCM before it reaches the database. The encryption key is held only in our server environment, never written to the database, and never sent to your browser.
• After submission, your TIN is not displayed anywhere in the Bluebridge UI. The Profile summary shows only the last four digits (e.g. “•••-••-1234”) so you can recognize the on-file value without exposing it.
• The plaintext TIN is decrypted in server memory only to fill the W-9 PDF you (or an authorized assignor) are sending to a specific payor email address. The resulting PDF is attached to a single email and is not retained in Bluebridge storage after the send.
• An assignor can never read your W-9 fields or trigger a forward on your behalf unless you have approved a specific W-9 share request from that assignor. Approving a share request authorizes Bluebridge to email the filled W-9 PDF to the payor email named in that request.
• You can review who has been granted share access, revoke any active grant, and remove your W-9 entirely at any time from Profile → Tax & Finance → Tax info. Removing your W-9 deletes the encrypted record and revokes any outstanding grants.
• We keep an audit-log entry for each submission, edit, deletion, share request, approval, revocation, and forward, so a complete history of who acted on your W-9 record is available on request.

You should treat your TIN as you would any other tax-identifying information, and only authorize forwarding to payor addresses you trust.

Some events surface a dedicated form-filler — for example, UC Irvine's Game Operations Service Agreement on UCI women's tennis events. When you press Send on a form like this, Bluebridge does the following:

• Fills the agreement's blanks with values from the event (program, dates, location, pay rate) and your profile (name, email, phone, ArbiterPay/RefPay credentials), as edited by you in the form modal. Bluebridge does not retain a separate copy of the filled PDF after the send.
• Persists your ArbiterPay/RefPay Account ID and Username on your profile so future fills of similar forms pre-populate without re-entry. You can edit or clear these fields anytime from the form modal.
• Mints a short reference code (e.g. “BBR-XXXXXXXX”) and prints it together with a submission timestamp at the bottom of the generated PDF. The same code is recorded in our audit log along with the recipient list and submitter so we can reconstruct the chain of custody for any single submission on request.
• Sends the filled PDF to the form's designated recipient (for the UCI form, UCI Athletics' Business Operations contact) and to the recipients you chose in the confirm dialog (typically the event's assignor(s) and yourself). You can deselect any recipient before sending, including the institutional contact; if you deselect the institutional contact, the first remaining recipient becomes the To address.
• Includes a sworn-attestation footer in the email body stating that the contractor has confirmed the information is accurate and that Bluebridge is not responsible for the contents of forms its users submit. You must check an in-app attestation box before the Send button enables.

The Accounting hub at /accounts lets paid assignors keep client/account ledgers, invite co-admins to specific accounts, and issue invoices either to a tracked client account or as a standalone invoice. Data we store on your behalf in this surface:

• Account name + bill-to contact details (institution name, address, contact email, contact phone).
• Per-account membership: the assignor who owns the account and any users you invited as account admins. Account admins can view and edit invoices on that account but cannot see other accounts on your roster.
• Invoice records — line items, amounts, status (draft, sent, paid, void), and the bill-from snapshot (either your assignor entity or, for Bluebridge-vendor events, Bluebridge LLC's address + ACH/check details frozen at issue time).
• Account ledger transactions you record (deposits, payments, adjustments) so the per-account balance line stays accurate.
• Per-account toggles such as whether invoices on the account should be issued bill-from Bluebridge versus your own entity.

Account data is scoped to the owning assignor and any account admins they invite. Officials and applicants do not see your accounts hub. Bluebridge staff can access accounts data for support purposes only and never for advertising or resale.

For events that pay officials off-platform (Zelle, check, direct deposit, etc.) we let the assignor mark individual assignments as paid so the event page reads cleanly at a glance. When an assignor records an off-platform payment we store the amount, the method (e.g. “Zelle”), an optional reference identifier, an optional free-text note, the timestamp, and the user who recorded the payment. These rows are visible to the assignor team for the event and to the official being paid; they are not visible to other officials on the roster.

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us so we can delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, take reasonable steps to notify you (for example, by email or an in-app banner).

Questions about this Privacy Policy? Email us at albert@joinbluebridge.com.