Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how Dudu Footy ("we", "us") collects, uses, and protects your personal information. The data controller is [CLUB LEGAL NAME]. Questions? Contact us at [CONTACT EMAIL].

1. Information We Collect

Account details: your name, email address, and (if you register with a password) an encrypted password. If you sign in with Google, we receive your name, email, and profile picture.

Player profile: full name, preferred name, phone number, home address, date of birth, playing positions, skill and fitness level, kit size, emergency contact name and number, any allergies or medical information you choose to provide, and your availability.

Activity data: your game registrations, attendance, match statistics, token balances and purchases, and any disciplinary records.

Payment data: payments are processed securely by Stripe. We do not store your card details — Stripe handles these. We keep a record of the transaction (amount, date, and a Stripe reference).

Technical data: device/browser information, IP address (for security and rate limiting), and push-notification subscriptions if you enable them.

2. How We Use Your Information

• To create and manage your account and player profile.
• To organise games, registrations, teams, and statistics.
• To process payments and manage your token balance.
• To send essential service emails (verification, password reset) and, if enabled, push notifications.
• To enforce our rules and keep the community safe.
• To comply with our legal obligations.

Special category data: any medical or allergy information you provide is used solely to help keep you safe during games, and is processed on the basis of your explicit consent. You are not required to provide it.

3. Legal Bases (UK GDPR)

We rely on: performance of a contract (to provide the app and games), legitimate interests (to run the community safely), consent (push notifications and medical information), and legal obligation (record-keeping).

4. Who We Share It With

We share data only with providers who help us run the app:

• Vercel — application hosting
• Neon — database hosting
• Stripe — payment processing
• Hostinger — email delivery
• Google — sign-in (if you use it)
• Web push services (e.g. Google, Apple, Mozilla) — to deliver notifications you opt into

We never sell your personal data.

5. International Transfers

Some providers (including our database and hosting) store data on servers outside the UK, such as in the United States. Where this happens, we rely on appropriate safeguards (such as Standard Contractual Clauses or an adequacy decision).

6. Cookies

We use only essential cookies required to keep you signed in securely. We do not use advertising or third-party tracking cookies.

7. Data Retention

We keep your data for as long as you have an account. If you delete your account or ask us to, we remove your personal data, except limited records we must keep to meet legal obligations (e.g. transaction records).

8. Your Rights

Under UK GDPR you can access, correct, delete, restrict, or object to the processing of your data, and request data portability. To exercise these, contact [CONTACT EMAIL]. You may also complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9. Children

[If your club includes players under 18, describe parental consent and safeguarding here. If the club is adults-only, state that the service is intended for users aged 18 and over.]

10. Security

We protect your data with encryption in transit, hashed passwords, access controls, and reputable hosting providers. No system is perfectly secure, but we take reasonable steps to safeguard your information.

11. Changes to This Policy

We may update this policy from time to time. The "last updated" date above shows when it last changed.

12. Contact

Questions about this policy or your data? Email [CONTACT EMAIL].