SuperScout Privacy Policy
1. Who We Are
Data Controller: Paul Insley, trading as SuperScout, a sole trader registered in England, United Kingdom.
Email: privacy@superscout.pro
ICO registration number: ZC118315
We are registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.
2. Data We Collect
We collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, display name, password (hashed) | Provided by you at sign-up |
| FPL data | FPL Manager ID, team selections, league history | Provided by you or retrieved via the FPL public API |
| Preferences | Notification settings, playing style, favourite features | Your in-app choices |
| Usage data | Screen views, feature interactions, session duration | Collected only with your consent via analytics SDK |
| Device data | Device type, operating system version, app version | Automatically collected for service delivery |
| Subscription data | Subscription status, plan type (no payment card details) | Apple App Store or Google Play via RevenueCat |
We do not collect special category data (e.g. health, ethnicity, political opinions). We do not collect FPL login credentials.
3. How We Use Data and Our Lawful Basis
Under UK GDPR, we must have a lawful basis for each processing activity. The table below maps each purpose to its lawful basis:
| Purpose | Lawful Basis | Detail |
|---|---|---|
| Providing the service and managing your account | Contract (Art. 6(1)(b)) | Necessary to deliver what you signed up for |
| Personalised AI recommendations, analysis, and commentary | Legitimate interests (Art. 6(1)(f)) | Our interest in providing a useful, relevant product. We have conducted a Legitimate Interest Assessment confirming this does not override your rights |
| Push notifications (marketing content) | Consent (Art. 6(1)(a)) | You can withdraw at any time via app settings |
| Analytics and product improvement | Consent (Art. 6(1)(a)) | Only if you opt in via the app’s privacy settings |
| Financial record-keeping (subscription revenue) | Legal obligation (Art. 6(1)(c)) | HMRC requirements — up to 6 years |
| Preventing misuse and ensuring security | Legitimate interests (Art. 6(1)(f)) | Protecting the service and other users |
4. Automated Decision-Making and Profiling
SuperScout uses artificial intelligence (including large language models provided by Anthropic) to generate personalised recommendations, analysis, and commentary based on your FPL data, preferences, and publicly available football statistics. This constitutes automated profiling under UK data protection law.
You are not subject to decisions based solely on automated processing that produce legal or similarly significant effects. All recommendations are advisory — you retain full control over your FPL decisions.
You have the right to:
- Request human review of any automated output
- Express your point of view about automated processing
- Contest any decision or recommendation that affects you
To exercise these rights, contact privacy@superscout.pro.
5. Who We Share Data With
We share your data with the following processors, who act on our instructions under written Data Processing Agreements:
| Processor | Purpose | Data Shared |
|---|---|---|
| Supabase (data hosted in London, UK) | Database hosting and authentication | All account and app data |
| Anthropic | AI-powered analysis and recommendations | FPL data, preferences (pseudonymised) |
| RevenueCat | Subscription management | User ID, subscription status |
| Apple / Google | App distribution and in-app purchases | Account identifiers, purchase data |
| Beehiiv | Email newsletter delivery | Email address (if subscribed) |
| Expo | Push notification delivery | Device push token |
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
6. International Transfers
Some of our processors are based outside the United Kingdom. We ensure that all international transfers are protected by appropriate safeguards as required by UK GDPR Articles 44–49:
| Processor | Country | Transfer Safeguard |
|---|---|---|
| Supabase | USA (data hosted in London) | UK International Data Transfer Agreement (IDTA) |
| Anthropic | USA | UK IDTA |
| RevenueCat | USA | UK IDTA |
| Apple / Google | USA | UK Extension to EU-US Data Privacy Framework |
| Beehiiv | USA | UK IDTA |
| Expo | USA | UK IDTA |
You may request a copy of the relevant safeguard documents by contacting privacy@superscout.pro.
7. Cookies and Tracking Technologies
SuperScout is a mobile application. We do not use browser cookies. However, the app may use the following technologies:
- Analytics SDKs (only with your explicit consent) — these collect anonymised usage data to help us improve the product
- Local storage on your device — used to store your preferences and session data for service delivery
- Push notification tokens — used to deliver notifications you have consented to receive
If we introduce any web-based services in future, we will update this section with full cookie disclosure and provide appropriate consent mechanisms in compliance with the Privacy and Electronic Communications Regulations (PECR).
8. How Long We Keep Your Data
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (email, display name, preferences) | Until you delete your account, plus 30 days | Grace period to allow account recovery |
| FPL data and AI recommendation history | Current season plus 2 previous seasons | To provide season-on-season analysis |
| Analytics data | Rolling 12 months, then anonymised | Product improvement (consent-based) |
| Financial records (subscription revenue data) | Up to 6 years | HMRC legal obligation |
| Push notification tokens | Until you uninstall the app or revoke consent | Delivery of consented notifications |
When data reaches the end of its retention period, it is securely deleted or irreversibly anonymised.
9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) — ask us to delete your data in certain circumstances
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where we rely on your consent (analytics and notifications), you may withdraw it at any time through your in-app settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal
- Rights related to automated decision-making — see Section 4 above
We will respond to all rights requests within one calendar month, as required by law. In complex cases, we may extend this by up to two further months, and we will let you know if this is necessary.
To exercise any of these rights, contact privacy@superscout.pro.
Right to Complain
If you believe your data has been handled unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.
10. Children’s Privacy
SuperScout is not intended for children under 13. Users aged 13–17 may use SuperScout with parental or guardian permission, as required by our Terms of Service.
We are mindful of our obligations under the ICO’s Age Appropriate Design Code (AADC / Children’s Code). Because users aged 13–17 may access SuperScout, we have taken the following steps:
- We have conducted a Data Protection Impact Assessment (DPIA) assessing risks to younger users
- Privacy settings default to the highest level of protection for all users
- We do not use profiling or personalisation in ways that could be detrimental to a child’s wellbeing
- We do not use nudge techniques or dark patterns to encourage poor privacy choices
- We minimise data collection to what is necessary for the service
- We provide clear, accessible explanations of how data is used
If we discover that we have collected data from a child under 13 without appropriate consent, we will delete that data promptly. If you believe a child under 13 has provided us with personal data, please contact privacy@superscout.pro.
11. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33
- Inform you without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required by UK GDPR Article 34
- Take immediate steps to contain and remediate the breach
12. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest
- Secure, access-controlled infrastructure (Supabase, London region)
- Regular review of security measures
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements.
For significant changes, we will notify you via the app or email at least 30 days before the changes take effect. The “Last updated” date at the top of this document will always reflect the most recent revision.
14. Contact
For privacy and data protection queries:
Email: privacy@superscout.pro
For all other queries: hello@superscout.pro