Privacy Policy
How we collect, use, and protect your data — written in plain English.
Last updated: 1 June 2026
Contents
- About this Privacy Policy
- Who we are
- Summary in plain English
- Personal data we collect
- Children and young people
- How we use personal data
- Our lawful bases for processing
- Cookies and similar technologies
- Push notifications
- Marketing communications
- Who we share data with
- Current service providers
- International transfers
- How long we keep data
- Your rights
- UK, EU/EEA, and Tanzania rights
- Security
- Data breaches
- Squad, club, and organisation responsibilities
- User content and visibility
- Automated decision-making and AI
- Third-party links
- Changes to this Privacy Policy
- Contact us
1. About this Privacy Policy
This Privacy Policy explains how SquadLink collects, uses, stores, shares, and protects personal data when you use our website, mobile app, beta services, communications, and related features.
SquadLink is a sports team, club, league, and community platform. It is designed to help people create squads, manage members, organise activities, communicate, and build a connected sporting record from grassroots to elite.
This policy applies to:
- SquadLink website visitors
- SquadLink app users
- squad owners, admins, coaches, players, parents, guardians, volunteers, scouts, and supporters
- people invited into squads
- people who contact us, join the beta, or request early access
This policy is intended to comply with applicable privacy and data protection laws, including:
- UK GDPR
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations, where applicable
- EU GDPR, where applicable
- Tanzania Personal Data Protection Act, 2022, where applicable
- related data protection regulations and regulator guidance
Where local laws give you stronger rights, those rights continue to apply.
2. Who we are
SquadLink is operated by:
- Legal entity: [Insert legal company name]
- Trading name: SquadLink
- Registered address: [Insert registered address]
- Country of registration: [Insert country]
- Company number: [Insert company number, if applicable]
- Website: https://squad-link.app
- Contact email: hello@afrigap.org
For data protection purposes, SquadLink is usually the data controller for the personal data we collect and decide how to use.
In some cases, a squad, club, league, school, academy, or organisation may also act as a data controller for information they add, manage, or upload about their members. Where this applies, SquadLink may act as a processor or service provider for that organisation.
3. Summary in plain English
We collect only the data needed to run SquadLink, provide the service, keep accounts secure, support squads, improve the product, and meet legal obligations.
We do not sell your personal data.
We do not use children’s data for targeted advertising.
We do not claim AI, advanced analytics, payments, or elite performance tools are live unless they are actually available.
We do not make your squad data public unless a feature clearly allows sharing and the relevant user or organisation chooses to share it.
We treat children and young people’s data with extra care.
4. Personal data we collect
4.1 Account information
When you create or use a SquadLink account, we may collect:
- name
- email address
- phone number, if provided
- username or handle
- password or authentication information
- profile photo or avatar
- date of birth or age range, where needed
- country or region
- account settings
- login and security information
4.2 Profile and sporting identity data
You may choose to add information such as:
- profile photo
- role, such as player, coach, admin, parent, guardian, volunteer, scout, or supporter
- sport or activity
- team or club affiliation
- position or playing role
- short bio
- achievements or milestones
- squad history
- media or posts
- preferences and profile settings
You should not add sensitive information unless it is necessary and you have the right to share it.
4.3 Squad, club, and membership data
When a squad, club, league, school, academy, or organisation uses SquadLink, we may process:
- squad name
- sub-squad names
- member names
- member roles
- invite links and invite status
- admin, coach, manager, and staff roles
- member availability
- attendance
- event participation
- fixture or match information
- squad communications
- membership records
- parent or guardian links, where relevant
4.4 Events, matchday, and activity data
We may collect or process:
- training sessions
- matches
- meetings
- social events
- fixture details
- location information added to an event
- attendance and availability responses
- event comments or updates
- matchday activity
- results or basic statistics, where available
4.5 Communication data
If communication features are available, we may process:
- messages
- call logs or call metadata
- chat participants
- message timestamps
- notifications
- attachments or media shared by users
- support communications
We do not state that communications are end-to-end encrypted unless that has been technically implemented and verified.
4.6 Photos, media, and user content
Users may upload, post, or share content such as:
- photos
- videos
- profile images
- squad images
- comments
- posts
- stories
- messages
- event updates
You must only upload content that you have the right to share. If the content includes children or young people, you must have the appropriate permission from a parent, guardian, club, school, or organisation where required.
4.7 Technical and device data
We may automatically collect:
- device type
- operating system
- app version
- browser type
- IP address
- approximate location from IP address
- crash logs
- diagnostics
- performance data
- security logs
- authentication logs
- push notification token, if enabled
- usage events, such as screens viewed or features used
4.8 Location data
SquadLink may allow users to add locations to events, fixtures, meetings, or activities.
We do not continuously track your precise location unless a specific feature clearly asks for permission and you give it.
You can control mobile location permissions through your device settings.
4.9 Payment data
If payment features are introduced in the future, payment processing may be handled by a third-party payment provider.
SquadLink should not collect or store full card numbers unless explicitly stated and legally compliant.
At the time of this policy, payment features should not be described as live unless they have been implemented and verified.
4.10 Data we do not intentionally collect
We do not intentionally collect:
- biometric data for identification
- passport numbers, national ID numbers, or similar documents, unless a future verified feature clearly requires it
- medical or injury data, unless a future verified feature is introduced with suitable safeguards
- precise real-time location tracking without permission
- payment card details directly, unless a verified payment system requires it
- special category data unless necessary, lawful, and properly protected
5. Children and young people
⚠️ Requires professional legal review. This section covers data about under-18s in grassroots sport. It must comply with UK GDPR, the ICO’s Age Appropriate Design Code (Children’s Code), EU GDPR age-of-consent rules, Tanzania PDPA 2022, and any sport-specific safeguarding requirements. Do not publish without solicitor sign-off.
SquadLink may be used by grassroots teams, clubs, schools, academies, and community sports groups. This means children and young people may be involved.
We take children’s privacy seriously.
5.1 Minimum age
Users must be at least 13 years old to create their own SquadLink account.
Users under 18 should use SquadLink with the knowledge and permission of a parent, guardian, club, school, academy, or responsible adult where required.
Children under 13 should not create their own account. Their participation should be managed by a parent, guardian, club, school, academy, or responsible adult.
5.2 Parental and guardian involvement
Where a child or young person is added to a squad, the relevant adult, club, school, academy, or organisation must make sure that:
- they have the authority to add the child
- appropriate consent or legal basis exists
- the child’s information is accurate and limited to what is needed
- photos or media involving the child are only uploaded with suitable permission
- safeguarding policies are followed
5.3 Photos and media of children
Do not upload or share photos, videos, or personal details of children unless you have appropriate permission.
SquadLink may remove content involving children if we believe it may create a safeguarding, privacy, or legal risk.
5.4 Children’s data and advertising
We do not use children’s personal data for targeted advertising.
We do not sell children’s personal data.
5.5 EU and UK children’s consent rules
Where EU or UK law requires parental consent for online services offered directly to children, we will apply the relevant national age threshold and consent requirements.
6. How we use personal data
We use personal data to:
- create and manage user accounts
- provide SquadLink services
- create and manage squads
- send and manage invite links
- manage members, roles, and sub-squads
- support events, availability, matchday, and activity features
- provide communication features
- send service notifications
- provide support
- maintain security
- prevent fraud, misuse, or abuse
- improve the product
- test beta features
- fix bugs
- understand usage patterns
- comply with legal obligations
- protect users, children, clubs, and communities
7. Our lawful bases for processing
Depending on the situation, we rely on one or more lawful bases.
7.1 Contract
We process data when necessary to provide SquadLink to you or your organisation.
Examples:
- creating an account
- joining a squad
- managing events
- sending invite links
- providing app features
7.2 Legitimate interests
We process data where it is necessary for legitimate business, product, security, or operational interests, provided your rights do not override those interests.
Examples:
- improving the service
- preventing misuse
- diagnosing crashes
- securing accounts
- understanding how features are used
- supporting beta testing
7.3 Consent
We rely on consent where required, such as for:
- certain cookies or analytics
- marketing communications
- optional profile or media features
- push notifications, where device permission is required
- certain children’s data processing, where applicable
You can withdraw consent where consent is the legal basis.
7.4 Legal obligation
We may process data to comply with laws, court orders, regulator requests, tax rules, safeguarding duties, or other legal requirements.
7.5 Vital interests
In rare cases, we may process data to protect someone’s life or safety.
8. Cookies and similar technologies
Our website may use cookies or similar technologies.
8.1 Strictly necessary technologies
These help the site work properly, such as:
- security
- session management
- basic functionality
- remembering privacy choices
8.2 Analytics and performance technologies
If enabled, these help us understand how people use the website or app.
We will not use non-essential cookies, tracking pixels, or similar technologies without appropriate notice and consent where required by law.
8.3 Your choices
You can control cookies through:
- our cookie banner or preference tool, if available
- your browser settings
- device settings
If we use non-essential analytics or marketing cookies in the future, users should be able to accept, reject, or manage them.
9. Push notifications
If you enable push notifications, we may process a device push token so we can send notifications about:
- squad invites
- member activity
- events
- availability requests
- messages or calls, if available
- important service updates
You can disable push notifications through your device settings.
10. Marketing communications
We may send marketing communications if:
- you join the beta
- you request early access
- you sign up for updates
- you give consent where required
- we are otherwise allowed by law to contact you
You can unsubscribe at any time.
We do not send marketing to children where we know the user is a child.
11. Who we share data with
We may share data with:
- hosting providers
- database providers
- authentication providers
- email and notification providers
- analytics providers, if enabled
- crash reporting and diagnostics providers
- payment providers, if payment features are introduced
- legal, regulatory, or professional advisers
- law enforcement or regulators where legally required
- clubs, squads, leagues, schools, academies, or organisations that you join or interact with through SquadLink
We only share data where necessary and with appropriate safeguards.
12. Current service providers
SquadLink may use service providers such as:
- Supabase — database, authentication, storage, or backend services
- Expo — mobile infrastructure and update distribution
- Vercel — website hosting
- email or notification delivery services
- analytics or diagnostics tools, if enabled
This list may change as the service develops.
13. International transfers
SquadLink may process or store data in the UK, EU/EEA, Tanzania, the United States, or other countries where our service providers operate.
Where data is transferred internationally, we will use appropriate safeguards where required, such as:
- adequacy decisions
- standard contractual clauses
- data processing agreements
- risk assessments
- other lawful transfer mechanisms
14. How long we keep data
We keep personal data only for as long as necessary.
Retention periods may depend on:
- whether your account is active
- whether your squad or organisation still uses SquadLink
- legal, tax, or accounting obligations
- security and fraud prevention needs
- dispute resolution
- backup and technical retention periods
- safeguarding requirements
Examples:
- account data is usually kept while your account remains active
- squad records are kept while the squad or organisation remains active
- deleted account data may remain in backups for a limited period
- support messages may be retained for service and legal reasons
- anonymised or aggregated analytics may be retained longer
You can request deletion of your personal data, subject to legal, safety, safeguarding, or legitimate retention needs.
15. Your rights
Depending on where you live and which law applies, you may have the right to:
- access your personal data
- receive a copy of your data
- correct inaccurate data
- delete your data
- restrict processing
- object to processing
- withdraw consent
- request data portability
- object to direct marketing
- complain to a regulator
To exercise your rights, contact hello@afrigap.org.
We may need to verify your identity before responding.
16. UK, EU/EEA, and Tanzania rights
16.1 UK users
UK users may have rights under UK GDPR and the Data Protection Act 2018.
You may contact the UK Information Commissioner’s Office if you are unhappy with how we handle your data: ico.org.uk.
16.2 EU/EEA users
EU/EEA users may have rights under EU GDPR.
You may contact your local data protection authority if you are unhappy with how we handle your data.
If required, SquadLink will appoint an EU representative before actively offering services to EU users at scale.
16.3 Tanzania users
Tanzania users may have rights under Tanzania’s Personal Data Protection Act, 2022 and related regulations.
You may contact Tanzania’s Personal Data Protection Commission if you are unhappy with how we handle your personal data.
If required, SquadLink will complete applicable registration, representative, and compliance steps under Tanzanian law.
17. Security
We use reasonable technical and organisational measures to protect personal data, including:
- authentication controls
- access controls
- encrypted connections where appropriate
- secure hosting providers
- database security rules
- monitoring and logging
- least-privilege access where possible
- regular review of security practices
No system is 100% secure. You are responsible for keeping your login details safe.
18. Data breaches
If we become aware of a personal data breach, we will investigate and take appropriate steps.
Where required by law, we will notify affected users, organisations, or regulators within the required timeframe.
19. Squad, club, and organisation responsibilities
If you manage a squad, club, league, school, academy, or organisation on SquadLink, you are responsible for making sure that:
- you have authority to add members
- member information is accurate
- children’s data is handled lawfully
- parental or guardian permission is obtained where required
- safeguarding policies are followed
- photos and videos are uploaded lawfully
- invite links are shared responsibly
- admins and coaches have appropriate access only
- data is removed or updated when no longer needed
20. User content and visibility
Some content may be visible to other users depending on the feature and your settings.
Examples:
- profile information may be visible to squad members or connected users
- posts may be visible in community areas
- squad membership may be visible to squad admins or members
- event responses may be visible to relevant squad members
We will aim to make privacy and visibility settings clear.
21. Automated decision-making and AI
SquadLink may build AI-assisted tools in the future.
We do not currently claim that AI coaching, scouting, performance analytics, or automated pathway decisions are live unless they are verified.
If AI-assisted features are introduced, we will explain:
- what the feature does
- what data it uses
- whether it affects users significantly
- how users can challenge or correct outputs
- how children’s data is protected
AI should support people, not replace coaches, scouts, parents, guardians, or safeguarding responsibilities.
22. Third-party links
SquadLink may contain links to third-party websites, services, or platforms.
We are not responsible for the privacy practices of third parties.
You should read their privacy policies before using them.
23. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
If we make major changes, we will take reasonable steps to notify users, such as through the app, website, or email.
The updated policy will apply from the date shown at the top.
24. Contact us
For privacy questions, requests, or complaints, contact:
- Email: hello@afrigap.org
- General contact: hello@afrigap.org
- Website: https://squad-link.app
If you are contacting us about a child’s data, please include enough information for us to identify the relevant account, squad, club, or organisation.