
Effective date: 25 September 2025
Last updated: 25 September 2025
This Privacy Policy explains how Avyari Pty Ltd ("BabaUmp", "we", "us", "our") collects, uses, shares, and protects personal information when you use the BabaUmp mobile and web applications, services, websites, and APIs (collectively, the "Services"). It also explains your rights and choices regarding your data.
By registering for or using our Services you accept the collection and use of information in accordance with this policy. If you do not agree, do not use the Services.
We collect:
We treat biometric, facial, and advanced biomechanical outputs as sensitive personal data and process them only with explicit consent and safeguards (see Section 4 — Sensitive data).
Depending on your jurisdiction, we rely on one or more of the following legal bases to process your data:
Where consent is required we will obtain it via clear prompts and consent screens. You may withdraw consent at any time (withdrawal does not affect prior lawful processing).
Name, display name, username, date of birth (optional), gender (optional), contact email, phone, postal address, club/organisation name, role (player/coach/admin), team membership, user profile photo.
Note: Derived biomechanical data may be stored as JSON, CSV, or binary artifacts.
Facial images or facial landmarks used for player identification, automatic cropping, or alignment; templates or embeddings derived from face images if you opt-in.
We will not perform automated facial recognition to identify individuals beyond matching to profiles you explicitly created or consented to. Facial/biometric data is processed only with explicit clear consent and retained under heightened safeguards.
Device model, OS version, app version, unique device identifiers (as permitted), IP address, crash logs, system logs, network diagnostics, storage usage, video metadata (codec, duration, resolution).
Approximate location when you grant it (for session metadata or local club features). We avoid continuous background location collection unless you explicitly allow it.
Payment processor data (tokenised card or wallet details when you subscribe). We do not store raw card numbers; payment processors may.
Support requests, messages, feedback, and any content you provide when contacting us.
Usage telemetry, anonymised analytics to improve the product, cookies and similar technologies on the website.
We use personal data for:
Biomechanical outputs and facial/biometric data are treated as sensitive. We will only process them if you (a) explicitly consent via an in-app consent screen describing purpose and retention, or (b) you are an organisational customer who has a data processing agreement allowing such processing for team management and with the explicit consent of affected persons.
We will provide granular consent toggles (e.g., "Use facial landmarks to improve alignment", "Allow biomechanical data export for third-party analysis").
You can opt out at any time; opt-out stops further processing but does not retroactively delete data unless you request deletion (see Section 11).
We do not sell your personal data. We may share data with:
These providers process data on our behalf under contracts and are required to implement appropriate security measures.
If you connect to a third party (team management tools, social accounts, club admin portals), we will share only the data you authorize. You control these connections and can revoke access.
To comply with law or enforce our Terms of Service; or to protect rights, property, or safety.
In the event of a reorganisation, sale, merger, acquisition, or insolvency event we may transfer personal data to the acquiring entity, subject to confidentiality and notice to users where required by law.
When we share data we require recipients to follow security standards and contractual restrictions. We publish a list of processors and DPAs on request.
We are based in Australia and use cloud providers with data centers in multiple regions. Personal data may be transferred to, stored in, and processed in countries outside your country of residence (including the United States and other jurisdictions). Where transfers occur we use legal safeguards (standard contractual clauses, local adequacy, or explicit consent) to protect your data.
We apply retention schedules and securely delete data when no longer required, except where legal holds apply.
We implement administrative, technical, and physical measures designed to protect personal data, including:
While we take strong measures, no system is perfect — if a breach occurs we will follow legal obligations on notification.
Depending on your jurisdiction you may have the right to:
To exercise rights, contact: privacy@babaump.com (or use the in-app Data Requests feature). We may require verification and will respond within applicable statutory timeframes.
Our Services use automated processing to generate predictions and overlays (e.g., predicted ball path). These outputs are decision-support tools for coaches, umpires and players — not final legal decisions. If any fully automated decisions with legal or similarly significant effects are made, we will notify you and obtain consent where required by law and provide an appeal/ review mechanism.
Our Services are not directed to children under 16 (or higher local age). We do not knowingly collect personal information from minors without parental/guardian consent. Organisations using the platform for junior players must obtain any parental consents necessary before uploading or processing minors' videos or biometric data.
Our websites use cookies and similar technologies for authentication, security, analytics, and preferences. You can control cookies via browser settings and consent banners where present.
We will respond to lawful requests from public authorities. When possible we will notify you of requests for your data unless prohibited by law.
If you are located in the European Economic Area, UK, California, or other jurisdictions with data privacy laws, additional rights or protections may apply. We will cooperate with regulators and follow applicable local rules (GDPR, UK GDPR, CCPA/CPRA, Australian Privacy Act, etc.). Data transfer safeguards are used for cross-border flows.
Our Services may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies.
We may update this Policy. Material changes will be communicated via the app, email or posted with a new effective date.
For data-subject requests please include account email and as much detail as possible.
We offer Data Processing Agreements (DPAs), Security Assessment documents, SOC2/ISO evidence (if/when available), and options for regional data residency on request. Contact sales@babaump.com for enterprise DPA and regional retention options.
"I consent to BabaUmp processing my video and extracting biomechanical and facial landmark data to provide analysis and overlays. I understand this includes storage of facial feature templates and derived biomechanical metrics. I can withdraw this consent at any time from Settings > Privacy."
When enabling coach/team sharing: "I consent to share selected videos, player profiles and derived analytics with [club/team name]."
(These items are for dev/ops; include in the privacy implementation checklist)
This policy is a template and does not constitute legal advice. We recommend review by a qualified privacy lawyer to ensure compliance with local laws (for example: Australian Privacy Act, GDPR, CCPA/CPRA) and to adapt wording for enterprise contracts and particular jurisdictions.