← Back to Footymatch

Privacy Policy

Last updated: 5 July 2026

Who we are

Footymatch is a dating and social app operated in the United Kingdom. We are the data controller for the personal information you provide. Contact: privacy@footymatch.co.uk.

What we collect

Account: email, name, password (hashed). Profile: age, gender, sexual orientation, who you're interested in, supported football club, town/city, optional UK postcode, bio, photos. Activity: swipes, matches, messages, fixture RSVPs, reports and blocks, verification selfies, feedback you submit.

Why we collect it

To create your account, show you other users based on club, connection type, age and distance, let you chat with mutual matches, verify photos are genuine, keep the community safe, respond to abuse reports, and improve the service.

Legal basis (UK GDPR)

Consent — for optional data such as postcode and photo verification selfies. Contract — for the data needed to run the service you signed up to. Legitimate interest — for safety features (block/report, ban lists) and product analytics.

How we store your postcode

If you enter a UK postcode, we send it to postcodes.io to get approximate latitude and longitude, which we store on your profile. We show other users your distance (in miles and km) — never your postcode itself.

Photos

Uploaded photos and verification selfies are stored on Emergent Object Storage, encrypted in transit and served only to authenticated Footymatch clients.

AI-assisted features

Bio generator: sends the football club, connection types and short interest text to Anthropic (Claude) via a proxy. Photo verification: sends your selfie and a gesture prompt to Anthropic (Claude Vision) for automated gesture-matching. These providers process the data as sub-processors under contract.

Who we share with

Sub-processors: MongoDB Atlas (database), Emergent (hosting + object storage + LLM routing), Anthropic (Claude), postcodes.io (postcode → lat/lng only). We do not sell your data. We may disclose data if required by law.

How long we keep it

Account data: while your account is active. Messages: while both users have not deleted their accounts. Reports: 24 months for safety audit even after the reported user deletes. Backups: up to 30 days after deletion.

Your rights

Under UK GDPR you can: access your data, correct it, delete it (Profile → Delete account), export it (email us), object to processing, or complain to the ICO (ico.org.uk).

Cookies

We use only essential cookies: authentication tokens (httpOnly), a CSRF token, and a preference cookie for the feedback prompt. No advertising or third-party tracking cookies.

Changes

We will notify you in-app about any material changes to this policy before they take effect.

Made with Emergent