SquadTracker Logo

Privacy Policy

Last updated: 8 February 2026

This Privacy Policy explains how SquadTracker ("we", "us", "our") collects, uses, discloses, and protects your information when you use our web and mobile applications (iOS/Android via Capacitor) and related services (collectively, the "Service"). We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

By using the Service, you agree to this Policy and our Terms of Use.

1. Who We Are and How to Contact Us

Controller: 4JQ Limited (Company Number: 16841559)

Registered Office: 16 Hulme Grove, Highfield, Wigan WN3 6GS, United Kingdom

Trading as: SquadTracker

Privacy contact email: privacy@squadtracker.co.uk

General support: support@squadtracker.co.uk

2. Scope

This Policy applies to all users, including coaches, team administrators, players, and invited participants who access or use the Service.

3. Categories of Personal Data We Process

Account/User Data:

  • First name, last name
  • Email address
  • Password (hashed/salted)
  • Email verification status
  • Password reset tokens (time‑limited)
  • Authentication/session tokens (e.g., NextAuth sessions)

Team & Role Data:

  • Team name, colours, description, founded date
  • Role assignments (Head Coach, Assistant Coach)
  • Team invitations (invited email, status)
  • Feature flags (e.g., cards tracking, minutes tracking)

Player Data:

  • First/last name
  • Jersey number, position
  • Active/inactive status

Match & Training Data:

  • Match date, home/away, referee
  • Home/away teams and scores
  • Player participation and minutes played
  • Goals, assists, clean sheets
  • Yellow/red cards (if enabled)
  • Game awards (coach award & player award)
  • Player minutes played (if enabled)
  • Training date, venue, description
  • Attendance records
  • Trainer of the Week awards

Technical/Usage Data:

  • Device and browser information
  • Log data (timestamps, IP address, actions) for security/troubleshooting
  • Cookies/local storage for authentication and session continuity

Payment & Subscription Data:

  • Stripe Customer ID (for web payments)
  • Subscription tier (Single Team or Multiple Teams)
  • Billing period (monthly or yearly)
  • Subscription status and renewal dates
  • Payment method type (not full card details)
  • Transaction history and invoice data
  • Adapty Profile ID (anonymous identifier linking purchases across platforms)
  • Purchase receipts and entitlement status

Note: We do not store full payment card details. Stripe processes and securely stores payment information. For iOS and Android in-app purchases, Apple and Google handle payment processing under their respective terms.

Club Organisation Data:

  • Club name, description, and contact information
  • Club administrator details
  • Teams linked to the club
  • Coach access codes
  • Facility information (pitch names, locations)
  • Facility booking schedules
  • Stripe Connect account ID (for payment collection)

Parent Contact Data (Club Platform):

  • Parent/guardian first and last name
  • Email address
  • Phone number (optional)
  • Linked player(s)
  • Payment request history
  • Payment status and transaction records
  • Invoice and receipt data

Note: Parent contact data is collected by clubs for the purpose of managing payments and club communications. Clubs are responsible for ensuring they have appropriate consent or lawful basis to collect this data.

Special category data: We do not intentionally collect special category data under UK GDPR (e.g., health, biometric, political opinions). Please do not input such data.

Children's data: Coaches and team administrators may add basic information about minor players (first name, last name, jersey number, position, and performance statistics). We do not knowingly collect personal data directly from children under 13 (or 16 in the UK/EEA). Coaches/admins must ensure they have appropriate authority (such as parental consent or legitimate interest as a coach) to add minors' data. We collect only the minimum necessary information for team management purposes. Parents/guardians may contact us at privacy@squadtracker.co.uk to exercise rights on behalf of their child.

4. Lawful Bases for Processing (UK GDPR Art. 6)

  • Contract: To provide the Service and core features (accounts, team/player management, scheduling, stats/analytics).
  • Legitimate Interests: To secure the Service, prevent abuse, improve features, and perform aggregated analytics, balanced against your rights.
  • Consent: For optional features (e.g., profile images), non‑essential cookies, or marketing communications. You may withdraw consent at any time.
  • Legal Obligation: To comply with applicable laws and regulatory requirements.

For minors' data, coaches/admins are responsible for ensuring a valid basis (including parental consent where required by law).

5. How We Use Your Information

  • Operate and deliver the Service (authentication, roles, team/player management, scheduling, analytics).
  • Maintain security and integrity (fraud prevention, access controls, auditing).
  • Improve the Service (bug fixes, performance tuning, feature development).
  • Communicate with you (account notices, service updates, invitations).
  • Comply with legal obligations and enforce our terms.

We do not sell personal data.

6. Where We Store and Process Data

Hosting: Railway infrastructure with primary data storage in the Netherlands (EU/EEA).

International transfers: If limited transfers occur (e.g., support tools, content delivery), we use safeguards recognised under UK GDPR (e.g., UK International Data Transfer Agreement or UK Addendum to EU SCCs), or rely on UK adequacy regulations where applicable.

7. Data Sharing and Disclosure

  • Service Providers/Processors: We share data with trusted service providers who assist in operating the Service:
    • Hosting: Railway (Netherlands/EU) for infrastructure and database hosting
    • Payment Processing: Stripe for web subscription payments, billing management, and club payment collection via Stripe Connect
    • Subscription Management: Adapty for cross-platform subscription synchronization (iOS, Android, Web)
    • App Stores: Apple App Store and Google Play Store for in-app purchases (subject to their privacy policies)
    • Authentication: NextAuth for secure login and session management
    • Email Delivery: Email service providers for transactional emails and notifications
    These providers act as data processors under data processing agreements and process data only per our instructions.
  • Team visibility: Coaches/admins can see team-related data according to role-based permissions.
  • Club visibility: Club administrators can see all teams, coaches, parent contacts, and payment data within their club.
  • Parent communications: When clubs send payment requests, parents receive emails containing club name, payment details, and links to pay. These emails are sent via our email service providers on behalf of the club.
  • Legal/Compliance: Where required by law or to protect rights, safety, and security.
  • Business transfers: In a merger/acquisition, data may be transferred with appropriate safeguards and notice.

We do not sell personal data or allow third parties to use it for their own marketing.

8. Retention

  • General: We retain personal data only as long as necessary for the purposes described.
  • Inactive accounts: Accounts and associated personal data are deleted after 6 months of inactivity or following your deletion request, subject to legal obligations and backup cycles.
  • Team and player records: Retained for active seasons and legitimate interests (e.g., historical stats) where allowed. Admins can delete specific records via in-product controls.
  • Parent contact and payment records: Retained while the club account is active and for up to 7 years after the last transaction for legal and accounting compliance. Club administrators can delete parent contacts, but transaction records may be retained for legal requirements.
  • Logs/security data: Retained for a limited period, then deleted or anonymised.

Backup copies may persist temporarily and are purged on a rolling basis.

9. Your Rights (UK GDPR)

Subject to conditions and exceptions, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase data ("right to be forgotten")
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability (structured, commonly used, machine‑readable format)
  • Withdraw consent (where processing relies on consent)
  • Lodge a complaint with the UK Information Commissioner's Office (ICO): https://ico.org.uk

Contact us at privacy@squadtracker.co.uk to exercise your rights if in‑app tools are not sufficient.

10. Self‑Serve Data Export and Deletion Options

  • Self‑serve export: Export your data directly in‑app.
  • Account deletion: Delete your account in‑app; we delete or anonymise associated data per the Retention section.
  • Player and team records: Coaches/admins can delete player profiles, attendance, match/training entries, notes, and teams.
  • Club and parent records: Club administrators can export payment data, delete parent contacts, and manage club information. Payment transaction records may be retained for legal compliance.
  • Emails: Unsubscribe links are provided for non‑essential emails.

For assistance, email privacy@squadtracker.co.uk.

11. Security

We implement appropriate technical and organisational measures, including:

  • HTTPS/TLS encryption in transit
  • Password hashing (never plaintext)
  • Role-based access and session controls
  • Environment hardening, monitoring, and least‑privilege access

Incident response and breach notification: Our preferred contact method is email. We aim to notify the ICO (where legally required) without undue delay and, where feasible, within 72 hours after becoming aware of a personal data breach, and to notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

12. Cookies and Similar Technologies

We use cookies/local storage for:

  • Authentication and session continuity
  • Security (e.g., CSRF)
  • Basic analytics to improve the Service (used only with consent where required)

You can manage cookies via your browser settings. Non‑essential cookies are used only with consent where required.

13. Player Statistics, Awards, and Tracking Features

  • Feature flags: Certain tracking (e.g., cards) can be toggled at the team level.
  • Purpose: Provide team management insights and season analytics.
  • Transparency: Team admins should inform players (and parents/guardians for minors) about the nature and purpose of tracking.
  • Minimisation: Only enter data relevant to team management and performance.

14. Payment Processing and Subscription Management

Stripe (Web Payments):

For web-based subscriptions, we use Stripe to process payments. Stripe collects and processes:

  • Payment card information (securely stored by Stripe, not by us)
  • Billing address and contact information
  • Transaction and payment history
  • Device and browser information for fraud prevention

Stripe's processing is governed by their Privacy Policy: https://stripe.com/privacy

Club Payment Collection (Stripe Connect):

Clubs can collect payments from parents using Stripe Connect. When a club collects payments:

  • The club is the merchant of record and acts as a data controller for parent payment data
  • SquadTracker facilitates the payment as a platform but is not a party to the transaction
  • Parent payment card details are processed by Stripe, not stored by SquadTracker or the club
  • We store payment request details (amount, description, status, due date)
  • We store transaction records (payment date, amount, fees, payout status)
  • A 2.5% platform fee is deducted from successful payments before transfer to the club
  • Clubs must complete Stripe's onboarding which includes identity verification

Data Controller Relationship: For club payment collection, the club acts as the data controller for parent personal data, and SquadTracker acts as a data processor on behalf of the club. Clubs are responsible for providing appropriate privacy notices to parents.

Adapty (Subscription Synchronization):

We use Adapty to manage and synchronize subscription status across iOS, Android, and web platforms. Adapty collects:

  • Profile ID (anonymous identifier we generate, linked to your account)
  • Purchase receipts and transaction data from app stores
  • Subscription status, access levels, and renewal dates
  • Device type and platform information
  • Product identifiers and pricing information

Adapty acts as a data processor on our behalf. Their privacy practices are described at: https://adapty.io/privacy

App Store Purchases (iOS and Android):

For in-app purchases made through Apple App Store or Google Play Store:

  • Payment processing is handled entirely by Apple or Google
  • We receive only purchase confirmation and subscription status
  • We do not have access to your payment card details
  • Refunds for app store purchases are managed by Apple or Google per their policies

Apple Privacy Policy: https://www.apple.com/legal/privacy/
Google Privacy Policy: https://policies.google.com/privacy

Free Trial:

We offer a 30-day free trial for new subscriptions. During the trial:

  • Payment information is collected but you are not charged
  • You can cancel anytime before the trial ends without charge
  • After the trial, your subscription automatically converts to a paid subscription unless cancelled

15. App Store and Play Store Compliance

Apple App Store (iOS):

Our iOS app complies with Apple's App Store Review Guidelines. We provide clear data collection disclosures, process payments through Apple, and comply with children's privacy requirements.

Google Play Store (Android):

Our Android app complies with Google Play policies. We provide accurate data safety disclosures, process payments through Google Play Billing, and comply with the Families Policy.

Cross-Platform Synchronization:

Account data and subscription status synchronize across iOS, Android, and Web platforms via Adapty. Data deletion requests apply across all platforms.

16. Third‑Party Links

The Service may link to third‑party websites or services. Their privacy practices are their own; please review their policies.

17. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via the Service or by email. Continued use after changes indicates acceptance.

18. Contact Us

For privacy-related inquiries, data subject requests, or concerns:

Privacy Email: privacy@squadtracker.co.uk

General Support: support@squadtracker.co.uk

Company: 4JQ Limited (Company Number: 16841559)

Registered Office: 16 Hulme Grove, Highfield, Wigan WN3 6GS, United Kingdom

This Privacy Policy is aligned with our Terms of Use, including:

  • 30-day free trial for all new coach subscriptions
  • 7-day refund window after purchase for both monthly and yearly plans
  • Use of Stripe for web payments and Adapty for mobile subscription synchronization
  • Coach subscription tiers: Single Team (£2.49/month or £24.99/year) and Multiple Teams (£4.49/month or £44.99/year)
  • Club Platform: Free to use with 2.5% platform fee on payments collected via Stripe Connect
  • Incident response timelines consistent with UK GDPR breach notification expectations