ClubTitanPricingSafeguardingGet started
Pre-launch draft. This notice describes the platform as designed and is pending legal review. Anything marked [to be confirmed before launch] will be completed before ClubTitan launches to clubs.

Privacy notice

This notice explains what personal data ClubTitan handles, why, and the rights you have over it. We've written it to be read, not skimmed past — if anything is unclear, contact us and we'll explain it plainly.

Who we are

ClubTitan is operated by [to be confirmed before launch — registered company name and number], registered in [to be confirmed before launch]. Our ICO registration number is [to be confirmed before launch]. You can reach us about anything in this notice at [to be confirmed before launch — privacy contact email].

Two roles: your club's data, and our own

Most of the personal data on ClubTitan belongs to clubs, not to us. When a club uses ClubTitan to manage its members, the club decides what data is collected and why — the club is the data controller, and we process that data on the club's behalf and on its instructions.

For a smaller set of data we are the controller ourselves: your ClubTitan account details (name, email, sign-in information), records we need to run and secure the service, and — only where the law allows — marketing communications about ClubTitan.

What we hold for clubs

Children's data — built children-first

Around half the people at a grassroots club are under 18, so this is not fine print for us. A child's profile is owned and controlled by their guardian — a verified parent or guardian creates it, answers for it, and can withdraw any consent at any time. That boundary is enforced in the database itself, not just in the interface.

We follow the ICO's Age Appropriate Design Code (the Children's Code) by default:

DBS and safeguarding checks

To help welfare officers track that coaches' checks are current, we store DBS certificate numbers and dates only — never the certificates or any supporting documents.

Marketing communications

We follow PECR. We only send marketing to people who have signed up for ClubTitan or asked to hear from us (the “soft opt-in”), and every marketing message contains a one-tap unsubscribe link that works without signing in. Unsubscribing takes effect immediately. Club-to-member marketing sent through the platform follows the same rules, with the same tokenised unsubscribe in every send.

Where your data goes

We use a small number of service providers to run the platform — hosting, database and payment processing (Stripe) — under contracts that bind them to protect your data. We do not sell personal data, and we never will. The full list of sub-processors will be published at [to be confirmed before launch].

How long we keep it

Club data is kept for as long as the club uses ClubTitan and instructs us to hold it. When a club leaves, it can export everything first; we then delete the club's data on a published schedule [retention periods to be confirmed before launch]. Account data is deleted when you delete your account, except the minimum we must keep to meet legal obligations.

Your rights

You can ask for a copy of your data, ask us to correct or delete it, object to or restrict processing, and take your data elsewhere. Export is built into the product — clubs and members can download their data in open formats at any time, without asking us. For anything else, including subject access requests, contact [to be confirmed before launch — privacy contact email]. Where we process data on a club's behalf, we'll pass your request to the club and help them answer it. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

Changes to this notice

If we change this notice in a way that matters, we'll tell clubs and members directly — not bury it. This draft was last updated in July 2026.