Data Processing Agreement

Last Updated: March 24, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Pickle Leagues ("Processor," "we," "us") and the league organizer, event operator, or account holder ("Controller," "you") who uses Pickle Leagues to manage leagues, tournaments, ladders, events, or programs involving participant personal data.

This DPA applies when you, as an organizer, input or manage personal data of your participants (players, coaches, attendees) through the Pickle Leagues platform, and Pickle Leagues processes that data on your behalf to provide the Service.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable individual, as defined under applicable data protection laws (including GDPR, PIPEDA, and CCPA).
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
  • "Controller" means the organizer who determines the purposes and means of processing Personal Data (i.e., you, the league/event organizer).
  • "Processor" means Pickle Leagues, which processes Personal Data on behalf of the Controller to provide the Service.
  • "Sub-processor" means a third-party service provider engaged by Pickle Leagues to assist in processing Personal Data.

3. Scope of Processing

3.1 Data Processed

When you use Pickle Leagues as an organizer, the following participant Personal Data may be processed:

  • Names and display names
  • Email addresses
  • Phone numbers (if provided)
  • Skill levels and playing preferences
  • Game scores, standings, and match results
  • Registration and attendance records
  • Payment transaction records (processed by Stripe)
  • Profile images
  • Location information (city/town)

3.2 Purpose of Processing

Pickle Leagues processes participant Personal Data solely for the purpose of providing the Service as described in the Terms of Service, including:

  • Managing league, tournament, ladder, and event operations
  • Displaying standings, schedules, and results
  • Processing event registrations and payments
  • Facilitating communication between organizers and participants
  • Generating statistics and reports for organizers

4. Obligations of the Controller (Organizer)

As an organizer using Pickle Leagues to manage participant data, you agree to:

  • Lawful Basis: Ensure you have a lawful basis (e.g., consent, legitimate interest) for collecting and providing participant Personal Data to Pickle Leagues
  • Consent for Minors: Obtain verifiable parental or guardian consent before adding participants under 18 years of age to your leagues or events
  • Transparency: Inform your participants that their data will be processed through the Pickle Leagues platform and direct them to our Privacy Policy
  • Accuracy: Ensure that participant data you provide is accurate and up to date
  • Data Subject Requests: Forward any data access, correction, or deletion requests from your participants to Pickle Leagues if you cannot fulfill them directly through the platform

5. Obligations of the Processor (Pickle Leagues)

As the Processor, Pickle Leagues agrees to:

  • Process on Instructions: Process participant Personal Data only in accordance with the Controller's instructions as provided through use of the Service, and as necessary to provide the Service
  • Confidentiality: Ensure that persons authorized to process Personal Data are bound by obligations of confidentiality
  • Security Measures: Implement and maintain appropriate technical and organizational security measures, including:
    • Encryption of data in transit (HTTPS/TLS)
    • Password hashing using bcrypt
    • Access controls limiting employee access to Personal Data
    • Regular automated database backups
    • Secure server infrastructure
  • Data Subject Requests: Assist the Controller in responding to data subject requests (access, correction, deletion) to the extent technically feasible through the platform
  • Breach Notification: Notify the Controller without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data breach affecting participant data
  • Deletion: Upon termination of the Controller's account or upon request, delete or return all participant Personal Data, except where retention is required by law

6. Sub-processors

Pickle Leagues uses the following sub-processors to provide the Service:

Sub-processor Purpose Data Processed
Stripe Payment processing Payment details, billing information
OpenStreetMap Nominatim Location search Search queries only (no personal data)
PB Vision API Video analysis Uploaded gameplay videos
DUPR Rating verification DUPR player ID
Web Push Services Push notification delivery Push subscription endpoints

Pickle Leagues will notify organizers of any new sub-processors by updating this DPA. If you object to a new sub-processor, you may terminate your use of the Service.

7. International Data Transfers

Participant Personal Data is primarily stored and processed in Canada. Where sub-processors process data outside of Canada (e.g., Stripe in the United States), Pickle Leagues ensures that appropriate safeguards are in place, including contractual protections consistent with applicable data protection laws.

8. Data Retention

Participant Personal Data is retained in accordance with our Privacy Policy. Specifically:

  • Participant data is retained while the organizer's account is active and the associated league, tournament, or event exists
  • When an organizer deletes a league or event, associated participant data is removed
  • When an organizer's account is terminated, all associated data is deleted (subject to legal retention requirements)
  • Backup copies may persist for up to 90 days after deletion

9. Audits and Compliance

Upon reasonable written request (no more than once per year), Pickle Leagues will provide the Controller with information necessary to demonstrate compliance with this DPA. This may include a summary of security measures, sub-processor lists, and breach notification procedures.

10. Term and Termination

This DPA is effective as long as the Controller maintains an active account on Pickle Leagues. Upon termination of the Controller's account:

  • Pickle Leagues will cease processing participant Personal Data on behalf of the Controller
  • All participant Personal Data will be deleted within a reasonable timeframe, subject to legal retention obligations
  • Backup copies will be purged within 90 days

11. Governing Law

This DPA is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, consistent with the Terms of Service.

12. Contact

For questions about this Data Processing Agreement or to exercise your rights as a Controller, contact:

Email: privacy@pickleleagues.com

Data Protection Officer: dpo@pickleleagues.com

By using Pickle Leagues as an organizer to manage participant data, you acknowledge that you have read and agree to this Data Processing Agreement.

Your community is out there. Give it a home.

Players, coaches, clubs, and organizers across Canada are already on Pickle Leagues — free to start.

Create Your Free Account Explore What's Happening
New icon
We have a new look! Re-add the app for the updated icon.