Privacy Policy
Last updated: 3 July 2026
Sprout ("we", "us") provides club-management software for grassroots football clubs at sprout-club.co.uk and on club subdomains. This policy explains what personal data we hold, why, and the choices you have. We've kept it in plain English on purpose.
The short version
- Your club's data belongs to your club. We never sell it and never run third-party ads.
- We only collect what the product needs to work — no tracking across other websites.
- Children's data is entered and controlled by their own club's staff and parents, protected by safeguarding-aware permissions.
- You can export or delete your club's data at any time by contacting us.
What we collect and why
Account data — names, email addresses and roles (coach, parent, club admin) so people can sign in and see the right things.
Club and player data— squads, fixtures, availability, attendance, match events, and any medical or consent notes a club chooses to record. This data is entered by the club and is only visible to people the club has authorised. For players under 18, the club and the child's parent or guardian control what is recorded.
Payment data — club subscriptions are processed by Stripe. We never see or store card numbers; Stripe's own privacy policy applies to the payment itself.
Technical data — standard server logs (IP address, request time, page requested) kept for security and debugging, and a session cookie so you stay signed in. We do not use advertising or cross-site tracking cookies.
Analytics— we use Google Analytics to understand how our website is used: which pages people visit, which buttons get clicked, and roughly where visitors come from. This helps us improve the site. The data is aggregated, we never send Google your name or email address, and we don't use any of Google's advertising features. You can block analytics with your browser's settings or an extension and everything will still work.
Legal basis
We process club and account data to perform our contract with your club, and technical/log data under our legitimate interest in keeping the service secure. Where a club records medical or consent information, the club is the data controller and Sprout processes it on the club's instructions.
Where your data lives
Sprout runs on servers in the UK/European Economic Area. Each club's data is kept in its own separate database. Chat messages are stored encrypted.
Who can see it
Only your club's authorised users, plus the small Sprout team when needed to support you or keep the service running. We share data with no one else, except services essential to operating Sprout (e.g. Stripe for payments, our hosting provider) or where the law requires it.
How long we keep it
For as long as your club has an account. If your club leaves, we delete the club's database within 90 days (sooner on request), keeping only what we're legally required to retain (e.g. billing records).
Your rights
Under UK GDPR you can ask for a copy of your data, ask us to correct or delete it, or object to processing. Parents and guardians can exercise these rights for their children. Email us and we'll act on it — no forms, no runaround.
Contact
Anything in this policy, or any data request: hello@sprout-club.co.uk. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).
