We collect the data we need to run the service: account info, content you create, and basic analytics. We don't sell your data.
We use Stripe for payments, Bunny for video hosting, Google AdSense and Amazon Associates to monetise free-tier pages, and Google Analytics for site stats.
You can export, delete, or correct your data at any time by emailing hello@blockandbank.com.
Block & Bank ("we", "us", or "the service") is a basketball drill library and session-builder web application operated from the United Kingdom. The data controller for the purposes of UK GDPR is the operator of blockandbank.com. You can reach us at hello@blockandbank.com for any privacy-related question.
When you sign up, we collect your email address, display name, password (stored as a salted bcrypt hash, never in plain text), and the role you select (coach, player, or both). We use this to provision and authenticate your account.
Any drills, sessions, comments, and uploads you create on the service. This content is associated with your account and may be publicly visible if you choose to publish it.
If you subscribe, your payment details are collected and stored by Stripe, our payments processor. We never see or store your full card number. We do receive a Stripe customer ID, your subscription status, and metadata about transactions (amount, plan, renewal date).
Videos you upload are hosted by Bunny.net. They process the video content for streaming. We retain a reference (video ID, thumbnail URL) but the actual files live on Bunny's CDN.
We log basic events such as page views, drill views, session creations, and clicks on affiliate links. This includes your IP address (for rate-limiting and abuse prevention), user agent, and referring URL. We use Google Analytics for aggregate site statistics, which sets cookies in your browser. You can opt out of Google Analytics globally using their browser add-on.
We use cookies for: keeping you logged in (an opaque session token), remembering your preferences, fraud prevention (CSRF tokens), and the third parties below. You can clear or block cookies in your browser settings, but the service won't work properly without the session cookie.
We rely on a small number of third-party providers, each governed by their own privacy policy:
Free-tier pages display ads from Google AdSense and product recommendations from Amazon Associates. Premium and trial subscribers see no ads.
Google may use a cookie called the DoubleClick DART cookie to serve ads based on your visit to this site and other sites on the internet. You may opt out of the use of the DART cookie by visiting Google's Ad and Content Network privacy policy.
We do not knowingly collect personal information from children under 13, and our advertising partners are instructed not to serve ads targeted to children on this site.
We use the data we collect to:
We do not sell your personal data to third parties.
We process your personal data on the following lawful bases:
We keep your account data while your account is active and for up to 90 days after deletion to allow recovery. Billing records are retained for 7 years to comply with UK tax law. Analytics data is retained for 26 months and then aggregated.
If you delete your account, we anonymise your personal data and disassociate it from your published content. You can also request full deletion by emailing us.
Under UK and EU GDPR, you have the right to:
To exercise any of these rights, email hello@blockandbank.com with the subject "Data request". We aim to respond within 30 days.
We protect your data with industry-standard practices: HTTPS everywhere, bcrypt password hashing, CSRF protection on state-changing requests, server-side input validation, and no storage of card numbers. Despite our efforts, no online service is 100% secure. If we ever discover a breach affecting your data, we'll notify you and the relevant authorities within 72 hours as required by UK GDPR.
Our infrastructure is hosted in the UK. Some of our third-party providers (Stripe, Google) may transfer data to the US under standard contractual clauses or adequacy decisions. By using the service, you consent to these transfers.
We may update this policy occasionally. Material changes will be communicated by email and noted on this page. The "last updated" date at the top reflects the most recent revision.
If you have any questions about this policy or how we handle your data, email hello@blockandbank.com.