Privacy Policy

Last updated: 6 June 2026 · Version 1.0

This Privacy Policy explains how SportSweeps (“we”, “us”), registered in Ireland, collects, uses and protects personal data when you use our fantasy-golf platform. We act as the data controller for personal data described below and are committed to compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR and the Irish Data Protection Act 2018.

Data Controller: SportSweeps, Ireland

Data Protection Contact: dpo@sportsweeps.io

Our trading name and registered entity may change as we formalise the company. The dpo@ address will remain the primary GDPR contact.

1. Data we collect

We deliberately collect the minimum data needed to run the product.

UserWhat we store
PlayersFull name, email address, hashed password, display name, pool entries (picks, tiebreakers), draft state, email preferences.
Club/society adminsAdmin name, email, hashed password, society/group name, uploaded logo, billing subscription reference.
PaymentsCard and bank details are handled entirely by Stripe / Revolut. We never see or store card numbers, CVVs or IBANs - we only keep a processor subscription ID to operate the service.
TechnicalSession cookies, IP address (hashed for consent audit logs), browser user-agent string.

2. Why we process it (legal basis)

  • Contract (Art. 6(1)(b)) - to provide the pool platform you or your admin signed up for.
  • Legitimate interest (Art. 6(1)(f)) - service security, fraud prevention, aggregate usage analysis.
  • Legal obligation (Art. 6(1)(c)) - retaining payment / tax records where required.
  • Consent (Art. 6(1)(a)) - optional analytics or marketing cookies (off by default, can be withdrawn any time).

3. How long we keep it

  • Active account data - kept while your account is active.
  • Deleted player accounts - profile row removed immediately; pool entries soft-deleted and purged after 90 days.
  • Deleted admin accounts - society soft-deleted; pools deactivated immediately; purged after 180 days.
  • Payment records - kept up to 7 years where required by tax / accounting law.
  • Consent audit logs - kept for 2 years.

4. Who we share data with (sub-processors)

We do not sell personal data. We share only what each processor strictly needs:

ProcessorPurposeLocation
MongoDB AtlasPrimary application database (accounts, pools, entries)EEA region
StripeSubscription billing & payment processingIreland / USA (SCCs)
RevolutSubscription billing & payment processing (EU societies)Lithuania / Ireland
ResendTransactional email delivery (confirmations, receipts, resets)EU / USA (SCCs)
ESPNLive tournament leaderboards (public data, no personal data sent)USA
DataGolfGolfer odds feed (public data, no personal data sent)Canada

Where a processor is located outside the EEA, transfers are protected by the European Commission's Standard Contractual Clauses (SCCs).

5. Your rights

Under GDPR you have the right to:

  • Access your data (Art. 15) - one-click export from Profile → Download my data.
  • Rectification (Art. 16) - edit your profile in the app.
  • Erasure / “be forgotten” (Art. 17) - use Profile → Delete account.
  • Portability (Art. 20) - the export above is machine-readable JSON.
  • Object / restrict processing (Art. 21, 18) - email us.
  • Withdraw consent - via the panel at any time.
  • Complain to a supervisory authority - e.g., Ireland's Data Protection Commission (dataprotection.ie).

6. Cookies

SportSweeps uses only a small number of first-party cookies. Analytics and marketing cookies are off by default and only activated if you opt in. Full details are in our Cookie Policy.

7. Security

Passwords are hashed with bcrypt. Traffic is TLS-encrypted end-to-end. Access to production data is restricted, audited, and limited to personnel with a clear operational need.

8. Children

Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from children under 16.

9. Changes

If we materially change this policy we will notify registered users by email and update the “Last updated” date above.

10. Contact

For any privacy question or to exercise a right above, email dpo@sportsweeps.io. We respond within 30 days.