Privacy notice

FootyTime is a club-management platform built for UK football clubs. This notice explains what personal data we handle, why, and what control you have over it.

Most personal data on FootyTime — names, ages, contact details, attendance, match records — is entered by your club about its members. For that data, your club is the controller under UK data protection law (they decide what to collect and why), and FootyTime is the processor acting on the club's behalf. If you have a question about the data your club holds on you or your child, your club is the right first contact.

For a smaller set of data — your account login and billing details — FootyTime acts as a controller ourselves. This notice covers both roles. Where the distinction matters in a specific section, we say so.

Account data — the email address, name, hashed password, and role we need to sign you in and show you the right view. FootyTime is the controller for this.

Club and team data — team names, age groups, coaching assignments, fixtures, training sessions, and similar operational records entered by your club.

Player data — names, dates of birth, age grades, positions, emergency contacts, medical notes, and concussion stand-down status. Entered by club staff, sometimes with input from linked parents.

Match and training records — attendance, scores, scoring events, cards, match reports, and player awards.

Payment data — handled by Stripe. Card details are entered on Stripe's own surfaces and we never see or store full card numbers. We record enough information to match payments to invoices and to handle refunds.

Audit logs — a record of significant actions (e.g. role changes, deletions, refunds, exports) with the user, timestamp, and source IP. Used for security and accountability.

Optional analytics — described separately in the Analytics & cookies section below.

To run the platform. Your club has signed up for the service; we need account, club, player, match, and training data to actually deliver it.

To keep it secure. Authentication, role-based access, audit logs, and rate-limiting all rely on processing user and session data.

To meet legal duties. UK accounting rules require payment records to be retained for a set period. Youth-football safeguarding records have their own retention norms. Where law requires it, we keep records even if you ask us to delete them.

For optional product improvement. If you accept on the consent bar, anonymised page-view and usage signals help us see how the product is being used. You can decline; nothing important is turned off if you do. See Analytics & cookies.

Account and club data — kept while your account and your club are active on FootyTime. If you leave the club or close your account, we remove or anonymise the data the club no longer needs, subject to the legal-duty exception below.

Player records — clubs control retention for their own members. Most clubs keep historical match and badge records for the duration of a player's involvement plus a reasonable post-departure window. Parents and players can request erasure (see your rights, below).

Payment records — retained as required by UK accounting and tax rules (typically 6 years from the end of the relevant financial year).

Audit logs — retained for a limited operational retention window so we can investigate security and accountability questions, then removed.

You can ask to:

• see the personal data held about you (access)
• have it corrected if it's wrong
• have it deleted (erasure), subject to legal retention duties
• object to certain processing — for optional analytics, just decline on the consent bar
• receive your data in a portable format
• complain to the ICO (the UK regulator) at ico.org.uk

How to exercise them: most data on FootyTime is held about members by their club. For those records, start with your club admin — they decide what is collected and they hold the operational tools. For FootyTime-controlled data (such as your login, billing, or platform privacy concerns), email support@footytime.co.uk. We also build in-product tools for data export and account deletion; where those exist they are the fastest route. See also our account deletion page.

Youth football is FootyTime's main use case. The platform is built with several operational protections so children's data is handled carefully day to day:

• Parent-link relationships. Parents and players are linked deliberately (e.g. via a club-issued code), not by guessing or matching on shared details alone.
• Role-based access. Coaches see the teams they coach; parents see their own children; players see their own profile. Club admins see club-wide tools.
• Scoped permissions. Actions are checked against the actual link in the database, not just a UI view a user has switched to.
• Audit history. Significant changes to player data are recorded with the user and timestamp so clubs can review who did what.
• Retention and deletion workflows. Clubs can remove players who leave; parents can request erasure of their child's data, subject to legal retention duties (e.g. safeguarding-record minimums).
• Safeguarding-aware controls. Sensitive fields such as medical notes, emergency contacts, and concussion stand-down status are restricted to the people who need them.

These are practical operational protections, not legal guarantees about every edge case. Clubs remain responsible for safeguarding under their own policies and applicable UK football and child-protection guidance.

If you allow it, FootyTime records optional usage signals — page views and feature interactions — so we can see how clubs move through important steps like adding a team or a fixture. These signals are cookieless and we do not use third-party advertising trackers in this product.

Separately, we run cookieless performance monitoring to measure page-load timing and responsiveness. This is performance telemetry only — no cookies, no user identifiers, no behavioural data — and we keep it on so we can diagnose slow pages and fix them. We treat it as strictly necessary operational measurement (UK GDPR Article 6(1)(f), legitimate interest in keeping the service fast and stable).

The optional usage signals above do not run until you pick Accept on the consent bar. Declining keeps them off and does not limit normal portal features. Your choice is stored on your device using browser storage (localStorage). We do not sell or share your data for advertising.

Clubs remain responsible for their members' data under UK GDPR. This section is only about FootyTime's analytics on this site — not how a club handles registrations, payments, or messages to families.