Legal
Privacy Policy
Last updated: April 2026
This policy explains how PLAYBACK Sports Ltd (company number 15638660, registered office 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ) collects, uses, and protects your personal data when you use playbacksports.ai and the PLAYBACK platform. We are the data controller for personal data processed through the Service. We comply with the UK GDPR and the Data Protection Act 2018.
Data we collect
- Account data - email, name, username when you sign up.
- Subscription data - academy subscriptions managed via Stripe. We do not store card details.
- Match content - footage, highlights, and performance data (GPS, analytics) where your club has uploaded or connected it.
- Newsletter - email address if you opt in via the website footer form.
- Contact form data - name, email, company, role, and message when you submit the contact form.
- Analytics - anonymised usage data to improve the product (via PostHog), including page views, feature usage, and session data.
- PLAYSCANNER search data - search terms, filters applied, and click-throughs to provider sites. We also log hashed IP addresses for anti-abuse rate limiting.
Data we do not collect via PLAYSCANNER
PLAYSCANNER aggregates publicly available venue, slot, and pricing information from third-party providers. We do not collect personal data about the customers of those providers. When you click through from PLAYSCANNER to book a slot, you are redirected to the provider’s own platform, which operates under its own privacy policy and terms. PLAYBACK does not receive or store the booking details you submit to third-party providers.
Children’s data
PLAYBACK is used by clubs, academies, and youth leagues that include players under 18 and under 13. We take the UK GDPR and the ICO’s Age Appropriate Design Code seriously.
Where a child is enrolled in a PLAYBACK-powered club or academy, parental consent for processing the child’s data is obtained by the club or academy as part of their registration, and PLAYBACK acts as a processor on the club’s behalf for that data. Clubs are responsible for ensuring appropriate consent is in place before a child’s data is uploaded to the platform.
We apply data minimisation to children’s data: we collect only what is necessary to deliver the Service, we do not use children’s data for marketing, and we do not profile children for advertising purposes. Public display of a child’s footage, highlights, or profile is controlled by the club and the parent / guardian; individual highlights and profiles are not made public by default. Parents or guardians may contact us at any time to request access, correction, or deletion of their child’s data.
How we use your data
- To deliver the Service (account management, subscriptions, match content delivery, payment processing).
- To communicate with you about the Service and, where you have opted in, about product updates and partnerships.
- To improve the Service through anonymised analytics.
- To prevent abuse, fraud, and unauthorised access.
- To comply with legal obligations.
Legal bases
- Contract - account and subscription data required to deliver the Service.
- Legitimate interest - product updates to customers with active subscriptions; analytics for product improvement; anti-abuse logs; PLAYSCANNER search logs (rate limiting).
- Consent - newsletter opt-ins via the website footer form (withdrawable at any time).
- Processor on behalf of the club - children’s data and match content processed under the consent the club obtained from the parent / guardian.
Processors and sub-processors
We use the following processors under Data Processing Agreements: Supabase (database, storage, auth), Stripe (payments), Resend (transactional + newsletter email), Vercel and Netlify (hosting), Sanity (CMS), PostHog (analytics), and Veo, Spiideo, PlayerData, and Clutch (match / performance data where connected by your club).
Retention
Account data is kept while your account is active and for a reasonable period afterwards in case of reactivation. Newsletter data is kept until you unsubscribe. Match content is kept per the partnership agreement with your club. Anonymised analytics are kept up to 24 months. PLAYSCANNER search logs are kept up to 12 months for trend analysis and fraud prevention.
Your rights
Under UK GDPR you have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw it at any time. To exercise any right, email admin@playbacksports.ai. You may also complain to the Information Commissioner’s Office (ico.org.uk).
International transfers
Some processors (Resend, PostHog, Vercel) may transfer data outside the UK. Where they do, transfers are covered by the UK International Data Transfer Addendum, Standard Contractual Clauses, or an adequacy decision such as the UK-US Data Bridge, as applicable.
Security
We use industry-standard technical and organisational measures to protect personal data, including TLS in transit, encrypted storage, row-level security on our database, and principle-of-least-privilege access controls. No system is perfectly secure; we work continuously to improve and respond to threats.
Changes
Material changes to this policy will be notified via the Site or by email. Minor edits will show in the “Last updated” date above.
Contact
Data protection queries: admin@playbacksports.ai. Postal: PLAYBACK Sports Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.