Privacy Policy

This Privacy Policy explains how Stats & Solos (“we”, “us”, or “our”) collects, uses, shares, and protects personal information in connection with our website and related services (the “Service”).

If you have questions or requests, contact statsandsolos@gmail.com.

We collect only what we need to provide and operate the Service, including:

• Account information: your email address and sign-in method (for example, Google sign-in or magic-link login), and authentication/session records used to keep you logged in and secure your account.
• Season Pass access information: identifiers related to your purchase (for example, a customer/checkout/invoice ID from our payment provider), whether your account is marked Season Pass, and the date your access expires.
• Payment information: payments are processed by our payment provider via hosted checkout. We do not receive or store your full card details.
• Billing details for tax and eligibility: billing address country, payment method country (for example, card country), and payment-provider customer IDs that are returned to us.
• Basic technical data: limited device and usage information that is typically provided automatically when you access a website (for example, IP address, browser type, and timestamps). This may be processed in infrastructure-level server logs for security and troubleshooting and may also be used to help determine your country for availability and tax.
• Cookies and similar technologies: we use essential cookies for core functionality (for example, session and post-checkout redirects). We also use Vercel Web Analytics to understand how the site is used (for example, which pages are visited). Vercel Web Analytics does not use cookies. If we add non-essential cookies in future, we will update this policy and, where required, request consent.
• Player Power Rankings cookie (signed-out voting): if you use Player Power Rankings without signing in, we set a first-party, httpOnly cookie (for example, ss_anon_id) containing a pseudonymous identifier. This identifier does not identify you by name, but helps us recognise the same browser to operate the feature, apply rate limits or unlock rules, and protect voting integrity.
• Match polling cookie (signed-out voting): if you vote on fixtures without signing in, we use the same first-party, httpOnly cookie (for example, ss_anon_id) containing a pseudonymous identifier to link votes from the same browser and apply lightweight anti-abuse controls. This identifier does not identify you by name.
• Player Power Rankings interaction records: when you participate, we store records of which matchups were shown, whether you voted or skipped, and related timestamps. We also store temporary exposure records (for example, when a matchup was shown and when it expires or is used) to operate the feature reliably and prevent replay or abuse.These records are linked to your account if you are signed in. For integrity and anti-abuse purposes, we may also associate a pseudonymous identifier from our first-party cookie with your account.
• Match polling votes: when you vote on a fixture, we store the match identifier, your submitted prediction, and timestamps. If you are signed in, the vote is linked to your account; if you are not signed in, it is linked to a pseudonymous identifier stored in a first-party, httpOnly cookie.We do not store raw IP addresses as part of match polling vote records.
• Anti-abuse controls: we use lightweight technical controls (such as rate limiting) to protect the integrity of interactive features. We do not store raw IP addresses as part of voting records.
• Security cookies: certain anti-abuse tools (for example, Google reCAPTCHA) may set necessary cookies such as _GRECAPTCHA to help detect bots and protect forms/login flows. These are used only for security purposes.
• Communications: if you contact us, we keep the correspondence and information you provide so we can respond.
• Tax evidence: we may store country indicators (IP-derived country, billing country, payment method country) as required for VAT and availability compliance.
• Optional profile fields (future): we may later add optional fields (for example, name or home county). If we do, we’ll update this policy to explain what we collect and how we use it.

• To create and manage your account and log you in.
• To process payments and record Season Pass access.
• To determine and enforce Season Pass access and expiry.
• To send transactional emails, such as login links, purchase confirmations, service notices, and support responses.
• To operate Player Power Rankings (including anonymous voting where you choose not to sign in).
• To operate fixture match polling (including anonymous voting where you choose not to sign in).
• To maintain, secure, troubleshoot, and improve the Service.
• To prevent abuse, fraud, and unauthorized access.
• To comply with legal obligations (for example, accounting and tax record-keeping).

We do not sell your personal information.

We process personal data under the following lawful bases:

• Contract: providing the Service you sign up for (accounts, Season Pass access).
• Legitimate interests: operating, securing, and improving the Service, preventing abuse, and supporting users (including protecting the integrity of Player Power Rankings).
• Legal obligation: where we must keep certain records (for example, billing and tax).
• Consent: where we rely on your explicit choice for specific features (for example, if we add non-essential cookies that require opt-in).

We use third-party service providers (“processors”) to run the Service. They only receive the data necessary to perform their functions and are required to protect it.

• Payments: Stripe processes payments through hosted checkout.
• Authentication: if you choose Google sign-in, Google acts as an identity provider to authenticate your account.
• Hosting & infrastructure: we use infrastructure providers to host the website and related services.
• Email delivery: we use email services to send transactional emails (for example, login links and confirmations).

Note: specific providers may change over time as we evolve the Service. We will update this policy if changes are material.

We disclose personal information to processors in the following ways:

• Via secure API requests to our payment provider to create and confirm payments and to confirm access status (for example, so we can grant Season Pass access).
• Via authentication flows (for example, OAuth) when you choose an identity provider like Google sign-in.
• Via webhooks (server-to-server notifications) from our payment provider to keep payment/access status in sync.
• Via email delivery when we send transactional emails (login links, confirmations, and support replies).
• Via essential cookies stored in your browser to keep the Service working correctly (for example, basic session behavior and post-checkout redirects).

We may also disclose information if required to comply with law or lawful requests, or to protect the rights, safety, and security of the Service and users.

Some of our service providers may store or process personal data outside the UK or EEA (for example, in the United States). Where UK/EU international transfer rules apply, transfers are carried out using transfer mechanisms that those providers make available (for example, an “adequacy” decision where applicable, or standard contractual clauses in their data-processing terms). You can find more detail in the providers’ own privacy policies and data-processing information.

We may derive or confirm your country using multiple signals (for example, IP-derived country, billing address country, and payment method country) to help enforce availability and meet tax rules.

We keep personal data for as long as your account is active and for a reasonable period afterward. We may retain certain records longer where required for legal, accounting, or tax reasons (for example, billing and tax records), or to resolve disputes and enforce our agreements.

Player Power Rankings (signed-out voting): where you use the feature without signing in, we periodically de-link or remove the pseudonymous identifier from older voting records after a period of inactivity, and we may delete related exposure records. This reduces long-term linkability while still protecting integrity and preventing abuse.

You may have the right to access, rectify, erase, or restrict processing of your personal data, and to object in certain cases. To exercise these rights, email statsandsolos@gmail.com.

You also have the right to complain to your local data-protection authority (for example, the UK Information Commissioner’s Office).

We use reasonable technical and organisational measures to protect personal information.

• Encryption in transit: the Service is served over HTTPS, which helps protect data sent between your browser and our servers.
• Restricted access: access to systems and data is limited to what is needed to operate and support the Service.
• Payment security: payment details are handled by our payment provider via hosted checkout; we do not store full card numbers.

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to individuals under 18. If you believe a child has provided personal information, contact us and we’ll take steps to delete it.

We may update this policy from time to time. We’ll post the latest version here with an updated “Last updated” date.

For privacy questions or requests, contact us at statsandsolos@gmail.com.