Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Email Address: Used for account authentication and account recovery. Retained until account deletion.
• FPL Team ID: Used to fetch your FPL team data from the official API. Retained until account deletion.

1.2 Information We Generate

• Weekly Reports: Personalized weekly analysis for Premium users. Retained for the current season.
• Subscription Status: Records of your Premium access. Retained until account deletion.

1.3 Information Automatically Collected

• Usage Data: Page views and feature usage (aggregated, anonymous) for improving the Service
• Error Logs: Technical error information for debugging
• Performance Metrics: Service performance data
• Push Notification Tokens: If you enable push notifications, we store a device token to deliver notifications. You can disable notifications at any time in your device settings.

We do not use third-party analytics trackers.

1.4 Information We Do NOT Collect

• Passwords (authentication is handled securely by our third-party authentication provider)
• Payment card details (handled entirely by Apple, Google, or our third-party payment processor)
• Precise location data
• Device identifiers or advertising IDs
• Cookies for tracking or advertising

2. How We Use Your Information

We use your information to:

• Authenticate your account and provide the Service
• Fetch and display your FPL team data
• Generate personalized Premium recommendations and reports
• Process Season Pass purchases
• Send transactional emails (purchase confirmations, account notifications)
• Deliver push notifications (if enabled)
• Improve service reliability and fix bugs

We do NOT:

• Sell your personal information
• Share your data for advertising purposes
• Use your data for profiling beyond FPL recommendations
• Send marketing emails without explicit consent
• Track you across other apps or websites

3. Data Sharing and Disclosure

We do not sell your personal information. We share data only with the following categories of service providers, strictly as necessary to operate the Service:

3.1 Authentication & Database Provider

Manages user accounts, stores profiles, and persists generated reports. Data shared: email address, Team ID, subscription status, generated reports. Your password credentials are handled by our third-party authentication provider — we do not receive or store your plaintext password.

3.2 Payment Processors

Season Pass purchases are processed by Apple (on iOS via In-App Purchase), Google (on Android via Google Play Billing), or our third-party web payment processor. We never receive or store your payment card details.

3.3 AI Service Provider

Generates personalized weekly analysis reports (Premium feature). Data shared: anonymized FPL team data (player picks, fixtures, scores). We do not send personally identifiable information for AI processing.

3.4 Hosting Provider

Hosts the application and serves web requests. Data shared: standard web server logs (IP addresses, request metadata).

3.5 Fantasy Premier League API

Your Team ID is sent as part of API requests to fetch official FPL data. We only read publicly available data; we cannot modify your FPL team.

3.6 Legal Requirements

We may share information if required by law or in response to valid requests by public authorities.

4. Data Security

We implement reasonable security measures to protect your personal information:

• Encryption in Transit: All data transmitted over HTTPS/TLS
• Encryption at Rest: Database encryption provided by our database provider
• Access Controls: Row-level security policies restrict data access
• API Security: Server-side validation and rate limiting

While we strive to protect your data, no system is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Account data (email, Team ID): retained until you delete your account
• Weekly reports: cleared at the end of each FPL season
• Subscription history: retained until you delete your account
• Server logs: 30 days

5.1 Account Deletion

You may delete your account at any time through the account settings within the application, via our website, or by contacting support@myfpl.co. When you request account deletion:

• All personal data (email address, Team ID, subscription status) is permanently removed from our database
• Generated reports and cached data are removed
• Data shared with third-party service providers may be retained per their respective retention policies
• Anonymized, aggregated data that cannot identify you may be retained

We will process deletion requests within 30 days.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data (right to be forgotten)
• Data Portability: Request your data in a machine-readable format
• Withdraw Consent: Where processing is based on consent, you may withdraw at any time

To exercise any of these rights, contact us at support@myfpl.co. We will respond within 30 days.

7. Children's Privacy

Our Service is not directed to children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

8. International Data Transfers

Your data may be processed in countries outside your own, including the United States. We ensure appropriate safeguards are in place, including data processing agreements compliant with GDPR and other applicable regulations.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights:

• Right to Know: Request disclosure of data collected about you
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following additional rights:

• Legal Basis: We process data based on contract performance, legitimate interests, or consent
• Data Controller: MajaLabs LLC is the data controller for your personal information
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

11. Cookies and Local Storage

We use minimal, essential cookies for session management and security (CSRF protection). We do NOT use third-party advertising cookies, cross-site tracking, or analytics cookies that identify individuals.

We use browser local storage to persist:

• Your theme preference (dark/light mode)
• Planned transfers (for transfer planning feature)
• UI preferences

This data stays on your device and is not transmitted to our servers.

12. Third-Party Links

Our Service may contain links to third-party websites (e.g., Fantasy Premier League, team websites). We are not responsible for the privacy practices of these external sites.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the Service after notification constitutes acceptance.

14. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at support@myfpl.co. We aim to respond to all inquiries within 30 days.