Football Apptitude ("we", "us", "our") operates the Football Apptitude mobile application (the "App") on Android (Google Play) and iOS (Apple App Store). This Privacy Policy explains what information is collected, how it is used, and your choices regarding that information.
Information We Collect
Access codes: To use the App you must enter an access code, which is provided to you by email after subscribing. No personally identifiable information (name, email address, phone number, physical address) is collected or stored by the App.
Session tokens: Upon successful login, a temporary access token is issued by our server and stored securely on your device using Android EncryptedSharedPreferences or iOS Keychain, depending on your platform. This token is used solely to authenticate data requests and expires automatically after a set period.
User-generated content: Prediction notepad entries and bet request drafts that you create within the App are stored locally on your device only. This data is not transmitted to our servers or any third party.
Subscription and payment information: Access to the App requires a paid subscription (£8.99/month).
On iOS, payment is processed by Apple via In-App Purchase. Apple collects your Apple ID and payment details during checkout, which are subject to Apple's privacy policy. We do not collect or store your Apple ID or payment card details. Our database (Google Cloud Firestore) stores only: your access code, subscription status, account type, and — for iOS subscribers — an Apple transaction identifier (originalTransactionId) used solely to verify and manage your subscription status.
On Android or via our website, payment is processed by Stripe via their hosted checkout page. We do not collect, store, or have access to your payment card details, billing address, or any financial information. Your email address is collected by Stripe during checkout and is used solely to send you your access code via our transactional email provider (Resend). Your email address is not stored in our database. Our database stores only: your access code, subscription status, account type, and Stripe customer/subscription identifiers. We do not hold any directly-identifying information (name, email address, postal address, phone number or payment details); the access code and payment-platform identifiers are pseudonymous identifiers used solely to operate the service.
Subscription status: We monitor whether your subscription is active in order to grant or revoke access to the App. Your subscription status (active, expired, etc.) is checked when you log in. This check is performed against our database (Google Cloud Firestore) and does not involve sharing your information with any additional third parties.
Device notification token (FCM token): If you grant notification permission, your device's Firebase Cloud Messaging (FCM) registration token is generated by the Firebase SDK and stored securely on your device (Android: EncryptedSharedPreferences; iOS: the system Keychain). The token is transmitted to our prediction server (Google Cloud Run) as part of each custom lineup prediction request, solely to allow the server to send a push notification to your device when the prediction is complete. The token is not stored in our database beyond the duration of the prediction request (typically under 60 seconds). It is used for no other purpose and is not shared with any third party. You can revoke notification permission at any time in your device settings, which prevents further push notifications without affecting any other App functionality.
How We Use Your Information
To authenticate you and maintain your session.
To retrieve football statistical data on your behalf.
To generate prediction and analytics results within the App.
We do not sell, rent, or share your information with third parties for marketing purposes. We do not send marketing emails. The only email you will receive from us is your access code upon subscribing.
Custom Lineup Predictions — Data Transmitted and Stored
When you request a custom lineup prediction, the following data is transmitted from the App to our prediction server (Google Cloud Run) over HTTPS:
Fixture details: home team, away team, league, and season.
Your selected starting XI for each team: player names and positions (e.g. "Salah", "Forward").
A unique request ID (randomly generated, not linked to your identity).
Your session token (for authentication only — not stored by the prediction server).
The prediction server processes this data, generates statistical predictions (match result probabilities, expected goals, over/under markets, player performance estimates, etc.), and returns the results to the App.
The prediction results, along with the fixture details and lineup selections, are written to a Google BigQuery table for analytical and service-improvement purposes. This record includes:
Fixture and lineup information (team names, player names, positions).
All generated prediction values (probabilities, expected stats, market lines).
A request ID and timestamp.
No personally identifiable information (name, email, payment details) is included in the prediction request or the stored record. The prediction results are also cached locally on your device so you can review them without re-requesting.
Third-Party Services
The App uses the following third-party services, each of which may collect limited technical data in accordance with their own privacy policies:
Apple App Store / StoreKit — processes in-app purchase payments on iOS. Apple collects your Apple ID and payment details during the App Store checkout. We do not receive your Apple ID or payment details. We receive only a transaction identifier (originalTransactionId) to verify and manage your iOS subscription status.
Stripe – processes subscription payments. Stripe collects your email address, payment card details, and billing information during checkout. This data is held by Stripe and is subject to Stripe's privacy policy. We do not store your email, card details, or billing information. Our database retains only Stripe customer and subscription identifiers for subscription management purposes.
Resend – used to send transactional emails (e.g. your access code after subscribing). Your email address is passed to Resend solely for delivery of the email and is not stored in our systems.
Internet – required to sign in, fetch football data, and retrieve predictions.
Network State – used to check device connectivity before making network requests
iOS:
Network access – required to sign in, fetch football data, and retrieve predictions.
The App does not request access to your camera, microphone, contacts, photos, location, or any other sensitive device features on either platform.
Data Security
All network communication is transmitted over HTTPS.
On Android, authentication tokens are stored in EncryptedSharedPreferences. On iOS, they are stored in the system Keychain. Both expire automatically.
Locally stored data (notepad entries, bet requests) is accessible only to the App and is not backed up to external servers.
Subscription Management
iOS subscribers: Your subscription is managed through Apple. To cancel, go to Apple Account Settings > Subscriptions. Cancellation takes effect at the end of the current billing period. For refunds, contact Apple Support directly.
Android / Web subscribers: Your subscription is managed through Stripe. You can cancel via the Stripe customer portal or by contacting us at cancel@footballapptitude.com. Please include your access code and the email address used to sign up.
On both platforms, if your subscription lapses your App access will be revoked, but any locally stored data on your device will remain until you uninstall the App or clear its data.
Data Retention and Deletion
Session tokens expire automatically and are removed on expiry or logout.
Locally stored notepad and bet request data is deleted when you clear the App's data in device settings or uninstall the App.
Your access code and associated subscription data stored in our database can be deleted upon request. To request deletion of your account, please contact us using the details below with “Data Deletion” in the subject.
Payment and billing records held by Stripe are subject to Stripe's own retention policies.
Beta Testing Mailing List
We may collect your email address through our Squarespace website if you voluntarily sign up to participate in beta testing of the App. Your email address will be used solely to contact you about the beta test programme (e.g. access instructions, known issues, feedback requests). It will not be used for marketing, newsletters, or any other purpose. Your email address will be permanently deleted once the beta testing period concludes. You may request removal from the mailing list at any time by contacting us at the address listed below.
Children's Privacy
The App is not targeted at anyone under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect information from children. If you believe a child has provided information through the App, please contact us and we will take steps to delete it.
Tracking and App Tracking Transparency (iOS)
The App does not track you across other companies' apps or websites. We do not use advertising identifiers (IDFA) and do not participate in ad networks. If prompted by Apple's App Tracking Transparency framework, you may safely deny tracking — the App does not request or rely on this permission.
Apple App Store and Google Play Disclosures
In accordance with Apple's App Privacy requirements and Google Play's Data Safety section:
Data collected: access code (for authentication only).
Data not collected: name, email address, phone number, physical address, payment information, precise location, browsing history, contacts, photos, or health data.
Data linked to you: none. Your username is not linked to your real-world identity.
Data used for tracking: none.
Third-party data collection: Firebase may collect device identifiers and crash/analytics data automatically. Stripe collects email and payment information during checkout. Resend processes your email address for transactional email delivery.
Gambling and Betting Disclaimer
The App provides football statistical analysis and prediction tools only. It does not facilitate, process, or handle any betting transactions or payments. The "Bet Request" feature generates text that users may choose to share externally at their own discretion. The App is not a gambling service.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated effective date. Continued use of the App after changes constitutes acceptance of the revised policy.
UK GDPR and Data Protection Rights
Football Apptitude is the data controller for any personal data we process in connection with the App. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where users are located in the European Economic Area (EEA), EU GDPR also applies.
Lawful basis for processing:
Performance of a contract: We process your access code and subscription status to fulfil our contractual obligation to provide you with access to the App.
Legitimate interests: We retain Stripe customer and subscription identifiers to manage subscription lifecycle (e.g. cancellations, renewals, access revocation) where this does not override your privacy rights.
Third-party processors: Stripe processes your email address and payment details as a data processor under a contract incorporating GDPR-compliant standard contractual clauses. Resend processes your email address solely to deliver your access code. Both operate under their own GDPR-compliant privacy programmes.
Data we hold directly:
Our database (Google Cloud Firestore) stores only your access code, subscription status, account type, Stripe customer/subscription identifiers (Android/web subscribers), Apple transaction identifier — originalTransactionId — (iOS subscribers), and short-lived per-user rate-limit counters. Our analytics database (Google BigQuery) holds custom-lineup prediction records linked to your access code for up to 30 days. We do not hold your name, email address, postal address, or payment details.
Your rights under UK GDPR / EU GDPR:
To the extent applicable, you have the following rights regarding your personal data:
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request that inaccurate personal data be corrected.
Right to erasure: You may request deletion of your personal data where there is no lawful reason for us to continue holding it.
Right to restriction: You may request that we restrict processing of your data in certain circumstances.
Right to data portability: You may request your data in a machine-readable format where processing is based on contract performance.
Right to object: You may object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at admin@footballapptitude.com. We will respond within one month. For data held by Stripe or Resend, you will need to contact those providers directly.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at www.ico.org.uk, or with your local supervisory authority if you are in the EEA.
Contact Us
If you have any questions about this Privacy Policy or wish to request account deletion, please contact us at:
