Privacy notice
This notice explains what personal data ClubTitan handles, why, and the rights you have over it. We've written it to be read, not skimmed past — if anything is unclear, contact us and we'll explain it plainly.
Who we are
ClubTitan is operated by [to be confirmed before launch — registered company name and number], registered in [to be confirmed before launch]. Our ICO registration number is [to be confirmed before launch]. You can reach us about anything in this notice at [to be confirmed before launch — privacy contact email].
Two roles: your club's data, and our own
Most of the personal data on ClubTitan belongs to clubs, not to us. When a club uses ClubTitan to manage its members, the club decides what data is collected and why — the club is the data controller, and we process that data on the club's behalf and on its instructions.
For a smaller set of data we are the controller ourselves: your ClubTitan account details (name, email, sign-in information), records we need to run and secure the service, and — only where the law allows — marketing communications about ClubTitan.
What we hold for clubs
- Member and team records: names, contact details, dates of birth, registrations.
- Guardian and family links — who is responsible for which child (see the children's section below).
- Consents the club records: photo consent, trips, medical information the club needs for duty of care — versioned, per person, withdrawable at any time.
- Payment records: what was owed and paid. Card details never touch our systems — payments are processed by Stripe, and money goes to the club's own Stripe account.
- Messages, availability responses, fixtures, results and club website content.
Children's data — built children-first
Around half the people at a grassroots club are under 18, so this is not fine print for us. A child's profile is owned and controlled by their guardian — a verified parent or guardian creates it, answers for it, and can withdraw any consent at any time. That boundary is enforced in the database itself, not just in the interface.
We follow the ICO's Age Appropriate Design Code (the Children's Code) by default:
- High-privacy settings by default — nothing about a child is public unless a guardian chooses it.
- No geolocation tracking of children.
- No nudge techniques designed to keep children on screens — recognition rewards what happens on the pitch, never app time.
- When a coach messages a young player, the guardians are automatically included — the platform cannot send a private adult-to-child message.
DBS and safeguarding checks
To help welfare officers track that coaches' checks are current, we store DBS certificate numbers and dates only — never the certificates or any supporting documents.
Marketing communications
We follow PECR. We only send marketing to people who have signed up for ClubTitan or asked to hear from us (the “soft opt-in”), and every marketing message contains a one-tap unsubscribe link that works without signing in. Unsubscribing takes effect immediately. Club-to-member marketing sent through the platform follows the same rules, with the same tokenised unsubscribe in every send.
Where your data goes
We use a small number of service providers to run the platform — hosting, database and payment processing (Stripe) — under contracts that bind them to protect your data. We do not sell personal data, and we never will. The full list of sub-processors will be published at [to be confirmed before launch].
How long we keep it
Club data is kept for as long as the club uses ClubTitan and instructs us to hold it. When a club leaves, it can export everything first; we then delete the club's data on a published schedule [retention periods to be confirmed before launch]. Account data is deleted when you delete your account, except the minimum we must keep to meet legal obligations.
Your rights
You can ask for a copy of your data, ask us to correct or delete it, object to or restrict processing, and take your data elsewhere. Export is built into the product — clubs and members can download their data in open formats at any time, without asking us. For anything else, including subject access requests, contact [to be confirmed before launch — privacy contact email]. Where we process data on a club's behalf, we'll pass your request to the club and help them answer it. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).
Changes to this notice
If we change this notice in a way that matters, we'll tell clubs and members directly — not bury it. This draft was last updated in July 2026.