Last updated: 5 July 2026
Footymatch is a dating and social app operated in the United Kingdom. We are the data controller for the personal information you provide. Contact: privacy@footymatch.co.uk.
Account: email, name, password (hashed). Profile: age, gender, sexual orientation, who you're interested in, supported football club, town/city, optional UK postcode, bio, photos. Activity: swipes, matches, messages, fixture RSVPs, reports and blocks, verification selfies, feedback you submit.
To create your account, show you other users based on club, connection type, age and distance, let you chat with mutual matches, verify photos are genuine, keep the community safe, respond to abuse reports, and improve the service.
Consent — for optional data such as postcode and photo verification selfies. Contract — for the data needed to run the service you signed up to. Legitimate interest — for safety features (block/report, ban lists) and product analytics.
If you enter a UK postcode, we send it to postcodes.io to get approximate latitude and longitude, which we store on your profile. We show other users your distance (in miles and km) — never your postcode itself.
Uploaded photos and verification selfies are stored on Emergent Object Storage, encrypted in transit and served only to authenticated Footymatch clients.
Bio generator: sends the football club, connection types and short interest text to Anthropic (Claude) via a proxy. Photo verification: sends your selfie and a gesture prompt to Anthropic (Claude Vision) for automated gesture-matching. These providers process the data as sub-processors under contract.
Sub-processors: MongoDB Atlas (database), Emergent (hosting + object storage + LLM routing), Anthropic (Claude), postcodes.io (postcode → lat/lng only). We do not sell your data. We may disclose data if required by law.
Account data: while your account is active. Messages: while both users have not deleted their accounts. Reports: 24 months for safety audit even after the reported user deletes. Backups: up to 30 days after deletion.
Under UK GDPR you can: access your data, correct it, delete it (Profile → Delete account), export it (email us), object to processing, or complain to the ICO (ico.org.uk).
We use only essential cookies: authentication tokens (httpOnly), a CSRF token, and a preference cookie for the feedback prompt. No advertising or third-party tracking cookies.
We will notify you in-app about any material changes to this policy before they take effect.
Made with Emergent