Sub-processors and Security Measures
Last updated: May 2026 Version: 2026-05-subprocessors-v1
This document describes sub-processors and security measures used by the Shootr.app family of websites, apps, products, and services.
It is intended to support the Shootr.app Privacy Policy and Terms and Conditions.
For questions, contact:
1. Sub-processors and service providers
Shootr.app uses third-party providers to operate, secure, support, and improve the Services.
The providers used for a particular user, organisation, event, or product may depend on which Shootr.app service is being used.
| Provider | Purpose | Data potentially processed |
|---|---|---|
| Google / Firebase Authentication | Authentication and sign-in | Email address, authentication identifiers, session/security data |
| Google / Firebase Firestore | Database | Account data, plotsheet data, event data, managed-access records, application data |
| Google / Firebase Storage | File storage | Uploaded/captured images, plotsheet images, scorecard images, related file metadata |
| Google Cloud Vision | OCR | Uploaded/captured images or image regions sent for OCR |
| Google Cloud Run | Service infrastructure and image processing | Images, extracted data, service requests, logs |
| Stripe | Payments, subscriptions, billing | Billing details, payment status, subscription/customer IDs, transaction data |
| Vercel | Hosting, deployment, logs, analytics | Technical logs, request data, performance data, analytics information |
| Microsoft Clarity | Behavioural analytics and session insights | Usage interactions, pages visited, device/browser data, session insights |
| OpenAI | AI coaching or analysis features | Shooting-performance data such as fall-of-shot coordinates and settings, where AI features are used |
| Email provider | Transactional emails and OTPs | Email address, email content, delivery metadata |
Shootr.app may add, remove, or change providers over time.
2. Security measures
Shootr.app uses reasonable technical and organisational measures designed to protect personal data and service data.
These may include:
- authentication controls;
- account-based access controls;
- role-based or permission-based access where appropriate;
- application-level data segregation;
- Firebase security rules or equivalent database/storage access controls;
- encrypted transport using HTTPS/TLS;
- managed infrastructure providers;
- logging and monitoring;
- backup and recovery measures;
- least-privilege access where practicable;
- secure coding practices;
- review of access-sensitive changes;
- support and incident response procedures.
No online service can be guaranteed to be completely secure or continuously available.
3. Managed-access security notes
Where a school, organisation, club, team, or event organiser uses Shootr.app with managed access:
- administrators assign access using user names and email addresses;
- administrators do not automatically receive access to user plotsheets merely because they assign access;
- user plotsheets are only visible to organisation/group managers if shared through a group or another valid sharing route;
- administrators are responsible for keeping their administrator access secure;
- organisations should promptly remove administrators who no longer require access.
4. Changes
Shootr.app may update this document from time to time as providers, infrastructure, and security measures change.
The latest version will be made available within the Services.