Track The 92 ("the app", "we", "us") is operated by Phil Gillett, trading as a sole trader, based in the United Kingdom. This policy explains what data we collect, why, who we share it with, and what control you have over it.
We've tried to write this in plain English. If anything is unclear, email hello@trackthe92.app.
1. What we collect
Information you give us
Email address — when you create an account, so you can sign in across devices and recover your password.
Password — stored as a salted hash by our auth provider (Supabase). We never see your plain-text password.
Display name — the name shown to other members of any leagues you join. Optional. Maximum 60 characters.
Supported team — which English football club you follow, used to surface your team's fixtures inside the app.
Anonymous mode preference — a flag that determines whether other league members see your display name or "Anonymous fan".
Information you create using the app
Visits — for each ground you mark as visited, we store the ground identifier, visit date, visit type (own team league/cup/friendly/etc., other team, women's, junior, stadium tour), optional free-text notes, and optional fixture details (date + teams + score + competition).
League memberships — which private leagues you've created or joined, along with each league's name and invite code.
Information collected automatically
Photos — photos you attach to a visit stay on your device. We don't currently upload them to our servers. (If we change this in a future version, we'll update this policy and ask permission first.)
App diagnostics — when the app crashes or errors, we may collect anonymous information about the device model and what happened. We don't link this to your account.
Information we don't collect
We don't collect your real name (you choose your display name).
We don't access your contacts.
We don't track your location in the background. Location is only used if and when we offer a one-tap "log this visit" prompt while the app is open.
We don't show third-party ads in version 1.
2. Why we use it
Auth + sync — your email and password let you sign in and access your data across devices.
App functionality — your visits, display name, supported team, and league memberships are the core of the product.
Fixture display — your supported team is used to look up that club's fixtures via the Football-Data.org public API. We send the team identifier; we don't send your account details.
Crash diagnostics — to fix bugs.
3. Who we share it with
We use a small number of third-party services. None of them sell your data.
Supabase (data hosting, auth) — stores your account, profile, visits, leagues, and league memberships in a UK/EU data centre. Subject to their privacy policy: supabase.com/privacy.
Football-Data.org (public football data API) — we send team identifiers and competition codes to look up fixtures. We do not send your email, display name, or account ID. Subject to their terms: football-data.org/terms.
Apple App Store / Google Play Store — when you install the app and (if you ever upgrade) when you make in-app purchases.
We do not sell, rent, or share your personal data with advertisers or data brokers.
4. Other league members
When you join a league, other members of that league can see:
Your display name (or "Anonymous fan" if you've enabled Anonymous mode).
The list of distinct grounds you've visited, used to compute leaderboard scores.
Other members cannot see:
Your email address.
The dates of your visits.
Your free-text notes.
Photos you've attached.
Your supported team (unless your display name reveals it).
5. Your rights (UK GDPR)
You can:
Access all the data we hold about you — open the Profile tab; everything is visible there. Email us if you want a machine-readable export.
Correct anything inaccurate — change your display name, supported team, or anonymous mode from the Profile tab.
Delete your account — email hello@trackthe92.app and we'll delete your account, all your visits, and any leagues you own within 30 days. (A self-service "delete account" button is on the roadmap.)
Object to processing — same email address.
Complain to the UK Information Commissioner's Office (ICO) if you think we've mishandled your data: ico.org.uk.
6. Data retention
We keep your data while your account is active. If you delete your account, we delete:
Your profile (immediately).
Your visits (immediately).
Leagues you owned (immediately) and remove you from any leagues you'd joined.
Backups are retained for up to 30 days for disaster recovery, then deleted.
7. Children
The app is intended for users aged 13 and over. We don't knowingly collect data from anyone under 13.
8. Changes to this policy
If we materially change how we handle your data, we'll update this page and, where possible, notify you inside the app.