Sporting Allstars Limited ("we", "us", or "our") is the data controller responsible for your personal data collected through the Sporting Allstars mobile application ("App"). Our registered office is at 56 Onslow Gardens, Wallington, England, SM6 9QQ.
We process your data in accordance with the UK GDPR, the Data Protection Act 2018, and the ICO's Age Appropriate Design Code. This Policy is available at: sportingallstars.com/privacy.html
Who This Policy Applies To
This policy applies to all users of the App. You must be at least 16 years of age to use the App. We do not knowingly collect personal data from anyone under 16. If we become aware that a user is under 16, we will delete their account and all associated data without delay.
Data We Collect
Account & Identity Data
- Name and username;
- Email address;
- Date of birth (for age verification);
- Gender;
- Profile picture (if provided).
⚕ Health & Fitness Data — Special Category
Collected only with your explicit consent. You may withdraw at any time.
- Height and weight;
- Fitness and performance metrics;
- Activity and exercise data;
- Sporting achievements and progress.
Location Data
- Precise or approximate location (only with your permission, for location-relevant sporting features).
Payment & Transaction Data
- For In-App Purchases: transaction records and purchase history. Card data handled solely by Apple or Google — we do not receive or store it;
- For Offline Component purchases (team and club memberships): transaction records and membership details. Card data collected and stored by Stripe under their privacy policy. We receive confirmation and transaction references only;
- We do not store full payment card numbers, CVV codes, or sensitive authentication data.
Social Login Data
- If you log in via Apple, Google, or Facebook, we receive your name and email address as permitted by your privacy settings with that provider.
Technical & Usage Data
- Device type, operating system, and unique device identifiers;
- IP address and approximate location derived from it;
- App usage patterns, features accessed, and session duration;
- Crash reports and performance diagnostics.
Analytics Data
We use basic analytics to understand how the App is used. This data is aggregated and does not identify you personally. We do not use advertising SDKs or share data for advertising purposes.
How We Use Your Data
- To create and manage your account;
- To provide and personalise the App's sporting features and content;
- To track and display your health and fitness progress (with your explicit consent);
- To process In-App Purchases via Apple or Google billing systems;
- To process Offline Component purchases (team and club memberships) via Stripe;
- To manage membership records and communicate membership-related information;
- To provide location-based sporting features (with your permission);
- To send service notifications, updates, and support responses;
- To send marketing communications where you have opted in;
- To analyse usage and improve App performance and features;
- To detect and prevent fraud, abuse, and security incidents;
- To comply with our legal obligations, including financial record-keeping.
Legal Bases for Processing
Contract
Processing your account, identity, and payment data is necessary to provide you with the App's features and to fulfil membership and purchase agreements.
Explicit Consent
We process your health and fitness data, location data, and optional analytics only with your explicit consent. You may withdraw consent at any time through App settings.
Legitimate Interests
We process technical and usage data to maintain App security and improve functionality, where this is not overridden by your rights.
Legal Obligation
We may process data where required by applicable law, including financial and tax regulations.
App Store Data Disclosures
In accordance with Apple App Store and Google Play requirements:
Data Used to Track You
We do not use your data to track you across third-party apps or websites, and we do not share your data with data brokers.
Data Linked to You
- Contact information (name, email address);
- Health and fitness data — with explicit consent;
- Location (with permission);
- Identifiers (user ID, device ID);
- Purchase history and transaction records;
- Usage data and diagnostics.
Data Not Linked to You
- Aggregated, anonymised analytics data used to improve the App.
Data Deletion
You can request deletion of all your personal data through App Settings > Account > Delete Account, or by emailing contact@sportingallstars.com. We will action deletion requests within 30 days. Note: financial transaction records are retained for 7 years under UK tax law.
Data Encryption
All data is encrypted in transit using TLS. Personal and health data is encrypted at rest. We follow industry-standard security practices.
Health Data — Special Provisions
Your health and fitness data is special category data under UK GDPR. We process it only:
- With your explicit, freely given consent at the point of first use of health features;
- For the purpose of providing personalised fitness and sporting features within the App;
- We do not sell, share, or disclose health data to any third party except our infrastructure providers under strict data processing agreements.
You can withdraw consent at any time via App Settings > Privacy > Health Data. Withdrawal does not affect data already processed prior to withdrawal.
Location Data
We request location access only to provide location-relevant sporting features such as nearby events or location-based challenges. Location access is optional — the App remains functional without it.
You can revoke location permissions at any time:
- iOS: Settings > Privacy > Location Services > Sporting Allstars;
- Android: Settings > Apps > Sporting Allstars > Permissions.
Stripe Payment Processing
Offline Component purchases (team and club memberships) are processed by Stripe, Inc., a PCI DSS-compliant payment processor. When you make such a purchase:
- Your payment card details are entered directly into Stripe's secure payment form and processed and stored by Stripe under their privacy policy (stripe.com/gb/privacy.html);
- We receive transaction confirmation, a transaction reference, and your membership details only — not your full card number or CVV;
- Stripe may transfer payment data outside the UK in accordance with applicable data protection law;
- Stripe's processing of your payment data is governed by their terms of service.
By making an Offline Component purchase, you consent to Stripe processing your payment data in accordance with their privacy policy.
Sharing Your Data
We do not sell your personal data. We may share data only in the following circumstances:
Service Providers
Trusted third-party providers who help us operate the App (cloud hosting, analytics, customer support). All providers are bound by data processing agreements.
Stripe — Payment Processing
Personal and payment data necessary to process Offline Component purchases is shared with Stripe. See Section 8 above.
Apple & Google — In-App Purchases
In-App Purchases are processed entirely by Apple or Google. We do not receive or store payment card details for these transactions.
Social Login Providers
If you use social login, your provider shares limited profile data with us governed by their own privacy policies.
Legal Requirements
We may disclose data where required by law, court order, or regulatory authority, or to protect user safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.
International Transfers
Where we transfer personal data outside the United Kingdom (including to Stripe's infrastructure or other service providers), we ensure appropriate safeguards are in place in accordance with UK GDPR, including adequacy decisions or Standard Contractual Clauses approved by the ICO.
Data Retention
We retain personal data for as long as your account is active or as needed to provide the Services. On account deletion, personal data is deleted or anonymised within 30 days, except:
- Financial records relating to Offline Component purchases, retained for 7 years under UK tax law;
- Data we are required to retain for legal proceedings or regulatory compliance.
Health data is deleted within 30 days of account deletion or withdrawal of consent.
Your Rights
Under UK GDPR you have the following rights:
To exercise any rights, use the App settings or contact us at contact@sportingallstars.com. We will respond within one month and may need to verify your identity.
Cookies & Analytics
The App uses basic analytics (no advertising SDKs) to understand usage patterns. Analytics data is aggregated and does not identify you personally. You can opt out through App Settings > Privacy > Analytics.
Security
We implement appropriate technical and organisational measures including:
- TLS encryption for all data in transit;
- Encryption at rest for personal and health data;
- Access controls restricting data to authorised personnel;
- Regular security reviews and testing;
- PCI DSS-compliant payment processing via Stripe for Offline Component purchases.
In the event of a data breach posing a high risk to your rights and freedoms, we will notify you and the ICO without undue delay.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the App or by email. The current version is always available at sportingallstars.com/privacy.html.
Complaints
If you have concerns about how we handle your data, please contact us first at contact@sportingallstars.com. If you remain unsatisfied, you have the right to lodge a complaint with the ICO:
Contact
Data Controller — Sporting Allstars Limited
56 Onslow Gardens, Wallington, England, SM6 9QQ
Email: contact@sportingallstars.com
Privacy Policy URL: sportingallstars.com/privacy.html