FPL Captain Picker Privacy Policy
1. Who is responsible for your data
Prem Tipster FPL is the controller responsible for personal data processed through FPL Captain Picker, unless a different legal operator is stated on the Website. Contact: premtipsterfpl@gmail.com.
If the Website later operates through a company, partnership or other trading entity, this Privacy Policy may be updated to reflect the new controller.
2. Scope of this Privacy Policy
This Privacy Policy applies when you visit the Website, create an account, login, save picks, select a captain, use free or premium features, receive emails, join community features, enter competitions, contact us, interact with adverts or use related services.
It also covers related technical systems, such as authentication, analytics, hosting, database storage, email delivery, payment processing and operational monitoring.
3. Personal data we may collect
| Category | Examples |
|---|---|
| Account details | Email address, user ID, login method, account creation date, account status, role or tier, verification status. |
| Authentication data | Password handled by the authentication provider, login provider data such as Google account identifier, password reset tokens, session data, security logs. |
| Profile data | Display name, avatar or profile image if added, team name, preferences, public leaderboard name, moderation status. |
| FPL tool data | Saved captain picks, vice-captain picks, shortlist choices, gameweek selections, hidden rows, custom table settings, favourite metrics, leaderboard entries, Last Man Standing picks, competition entries. |
| Communications data | Emails sent to us, support requests, feedback, moderation appeals, survey responses, unsubscribe requests. |
| Marketing data | Marketing opt-in status, opt-in timestamp, unsubscribe status, email engagement where provided by the email platform. |
| Payment data | Plan, billing period, payment status, subscription ID, invoices, receipts, cancellation status. Full card details should be handled by the payment provider, not stored by us. |
| Technical data | IP address, browser, device, operating system, approximate location from IP, logs, error reports, security events, cookie/localStorage identifiers. |
| Usage and analytics | Pages viewed, features used, clicks, session data, performance data, referral source, ad or affiliate interactions. |
| Public content | Comments, display names, leaderboard entries, picks or other content you choose to make public or semi-public. |
4. Where data comes from
- directly from you, such as when you register, save picks, change settings, contact us or opt in to emails;
- from your device or browser, such as cookies, localStorage, logs and analytics events;
- from authentication providers, such as Google or Supabase Auth;
- from payment providers if paid features are introduced;
- from public or third-party data sources where needed to operate FPL tools, leaderboards, moderation or security features;
- from internal systems, such as data refresh logs, Slack or email alerts, validation checks and error monitoring.
5. How and why we use personal data
| Purpose | Examples | Likely lawful basis |
|---|---|---|
| Account creation and login | Create accounts, authenticate users, manage sessions, password resets. | Contract, legitimate interests, legal obligation where applicable. |
| Providing the service | Show saved picks, premium access, table settings, leaderboards, comments, competitions, reminders. | Contract, legitimate interests. |
| Essential service emails | Deadline reminders, saved-pick reminders, security notices, payment notices, account notices, important website changes. | Contract and/or legitimate interests. |
| Marketing emails | Tips, offers, sponsor promotions, newsletters, paid plan promotions, product news. | Consent or soft opt-in where legally available. |
| Payments and subscriptions | Process purchases, renewals, cancellations, refunds, receipts, failed payments. | Contract, legal obligation, legitimate interests. |
| Moderation and safety | Enforce Naming Rules, prevent abuse, investigate reports, manage hidden queues. | Legitimate interests, legal obligation. |
| Security and fraud prevention | Detect misuse, unauthorised access, bots, scraping, account compromise, payment abuse. | Legitimate interests, legal obligation. |
| Analytics and improvement | Understand usage, fix bugs, improve mobile/desktop UX, test new features. | Legitimate interests, consent where required for certain cookies/trackers. |
| Legal compliance | Comply with laws, respond to lawful requests, keep records of consents and transactions. | Legal obligation, legitimate interests. |
6. Service emails and marketing emails
Essential account and service emails are emails needed to operate the Website or features you use. These may include deadline reminders, account notices, saved-pick reminders, security notices, payment notices, moderation notices, changes to Terms, outages and important website updates.
Marketing emails include promotional offers, paid plan promotions, sponsor content, newsletters, product marketing and similar communications. We will send marketing emails only where we have a lawful basis, such as your consent or the soft opt-in where it applies. Marketing emails will identify us and include an unsubscribe option.
Unsubscribing from marketing emails does not stop essential account or service emails, though you may be able to disable certain optional reminders in your account settings if those settings are provided.
7. Legal bases explained
- Contract: where processing is needed to create your account, provide features you request, manage premium access or deliver a service.
- Consent: where you choose to receive marketing emails or where law requires consent for certain cookies, trackers or optional features.
- Legitimate interests: where we use data in a reasonable and expected way to run, secure, improve and protect the Website, provided your interests and rights do not override ours.
- Legal obligation: where we must keep records, respond to legal requests, handle consumer rights, tax/accounting obligations or regulatory requirements.
8. Cookies, localStorage and similar technologies
The Website may use cookies, localStorage, sessionStorage or similar technologies for login sessions, saved settings, captain picks, hidden rows, custom table choices, analytics, security, performance, ads or affiliate tracking.
Some storage is necessary for the Website to work. Optional analytics, advertising or marketing cookies may require consent depending on how they are implemented. A cookie notice or settings control may be added if needed.
9. Account settings, picks and public visibility
Some data may be private to your account, such as saved settings or picks. Some data may be visible to other users if you join public features, such as comments, leaderboards, share cards, competitions or public profiles. The Website should make clear when a feature is public or shared.
If you post public content, other people may view, copy or share it. Removing content from the Website may not remove copies others have already made.
10. Payment processing
If paid plans are introduced, payment data may be processed by a third-party payment provider. We may store plan, subscription, invoice, receipt, payment status and cancellation information, but full card numbers should be handled by the payment provider.
11. Ads, sponsors and affiliates
The Website may show adverts, sponsored content, affiliate links or partner offers. These may involve tracking links or analytics. Where third parties process personal data, their own privacy notices may apply. We will aim to label sponsored or affiliate content where required.
12. Who we may share data with
| Recipient type | Purpose |
|---|---|
| Hosting and database providers | Host the Website and store account/tool data. |
| Authentication providers | Login, account sessions, password resets, Google login and security. |
| Email providers | Service emails, deadline reminders, marketing emails, unsubscribe handling. |
| Payment providers | Payments, subscriptions, refunds, receipts, fraud prevention. |
| Analytics and monitoring providers | Usage analytics, error tracking, performance monitoring and security. |
| Slack or internal alerting systems | Operational alerts about system failures, unmapped data or workflow issues. These should not include unnecessary user data. |
| Moderators/admins | Review names, comments, reports, support requests and account issues. |
| Legal, regulatory or professional advisers | Comply with law, enforce Terms, obtain advice, handle disputes. |
| Business transfer recipients | If the Website or business is sold, merged, reorganised or transferred, subject to appropriate safeguards. |
13. International transfers
Some providers may process data outside the UK. Where this happens, we will rely on appropriate safeguards, such as adequacy regulations, standard contractual clauses or equivalent protections where required by data protection law.
14. How long we keep data
| Data type | Typical retention approach |
|---|---|
| Account data | Kept while your account exists, then deleted or anonymised within a reasonable period unless needed for legal, security or accounting reasons. |
| Consent records | Kept as evidence of what you agreed to, typically while your account exists and for a period afterwards. |
| Payment and invoice records | Kept as required for accounting, tax, dispute and legal obligations. |
| Marketing consent/unsubscribe records | Kept to respect your preferences and prove compliance. |
| Comments/public content | Kept while published, then removed, anonymised or retained where needed for moderation records. |
| Logs/security records | Kept for a limited period needed for security, debugging and abuse prevention. Serious incidents may be retained longer. |
| Analytics data | Aggregated or deleted when no longer needed for analysis. |
If we cannot specify an exact period, we decide retention based on the nature of the data, the reason it was collected, legal requirements, user expectations, security needs and whether the data can be anonymised.
15. Security
- We aim to use suitable technical and organisational measures to protect personal data.
- Passwords should be handled by an authentication provider and should not be stored in plain text by us.
- Access to admin tools, databases and monitoring systems should be limited to authorised people.
- No system is perfectly secure. You should keep your login details safe and tell us if you suspect unauthorised access.
16. Your rights
Depending on the circumstances, you may have rights to:
- access your personal data;
- correct inaccurate data;
- delete your data;
- restrict processing;
- object to processing based on legitimate interests or direct marketing;
- receive a portable copy of certain data;
- withdraw consent where processing is based on consent;
- complain to the UK Information Commissioner’s Office.
To exercise rights, contact premtipsterfpl@gmail.com. We may need to verify your identity before acting on a request.
17. Account deletion
You may request account deletion. Some information may be retained where needed for legal, accounting, security, fraud prevention, dispute handling, moderation records or to respect unsubscribe preferences. Public content may be deleted, anonymised or retained where legally or technically necessary.
18. Children
The Website is not intended for children under 13. If we learn that we have collected personal data from a child under 13 without appropriate authority, we will take reasonable steps to delete it. Users under 18 should have permission from a parent or guardian, especially for paid features, competitions or public features.
19. Automated decision-making and profiling
The Website may use automated systems to rank FPL players, personalise tables, identify unmapped data, flag unusual values, recommend features, prevent abuse or moderate content. These tools are used to operate and improve the service. We do not intend to make legal or similarly significant decisions about users solely by automated means without appropriate safeguards.
20. Changes to this Privacy Policy
We may update this Privacy Policy when features, providers, data uses, legal requirements or business arrangements change. If changes are material, we will take reasonable steps to notify users, such as through the Website or email.
21. Contact and complaints
For privacy questions or requests, contact premtipsterfpl@gmail.com.
You also have the right to complain to the UK Information Commissioner’s Office. We encourage you to contact us first so we can try to resolve the issue.
22. Version history
| Version | Date | Notes |
|---|---|---|
| 1.0 | 7 May 2026 | Initial Privacy Policy for account registration, service emails, FPL tools, community features and future website functionality. |