1. Who We Are
FootballPro ("we", "our", "us") is a club management platform for football academies and grassroots clubs. We are the data controller for personal data processed through our platform.
2. What Data We Collect
We collect the following categories of personal data:
- Account Information: Name, email address, phone number
- Player Data: Name, date of birth, gender, medical notes, allergies, emergency contacts
- Guardian Data: Name, email, phone, relationship to player
- Usage Data: Attendance records, session participation, wellbeing check-ins
- Technical Data: IP address, browser type, device information
3. Children's Data
We process data of children under 16 for the purposes of club management, safeguarding, and welfare. This data is collected with the consent of a parent or guardian. We take particular care to protect children's data and limit access to authorised club staff only.
4. How We Use Your Data
- Managing player registration and team assignments
- Tracking attendance and session scheduling
- Processing payments and invoicing
- Safeguarding and wellbeing monitoring
- Communication between clubs, coaches, and parents
- Generating reports and analytics for club management
5. Legal Basis for Processing
- Consent: For processing children's data, photo consent, medical data
- Contract: To provide the club management service
- Legitimate Interest: For safeguarding, security, and platform improvement
- Legal Obligation: For safeguarding duties and financial records
6. Data Sharing
We do not sell your personal data. Data is shared only with:
- Your football club's authorised administrators and coaches
- Payment processors (Stripe) for transaction processing
- Hosting providers (Vercel, Railway) for service delivery
- Authentication services (Supabase) for secure login
7. Data Retention
- Active accounts: Data is retained while your account is active
- Deleted accounts: All personal data is removed immediately upon deletion request
- Audit logs: Anonymised audit logs retained for 2 years
- Financial records: Retained for 7 years as required by law
8. Your Rights (GDPR)
Under the UK GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, use the data export and deletion features in your account settings, or contact us directly.
9. Security
We implement appropriate technical and organisational measures including encryption in transit (TLS), secure authentication, role-based access control, and regular security audits to protect your data.