Legal

Privacy Policy

Last updated: June 2026

playdrawr ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and what we do with it. Short version: very little, for good reason, and we never sell it.

1. Who we are

playdrawr is an online sweepstake platform for football tournaments, operating at playdrawr.co.uk. If you have any questions about this policy, contact us at headcoach@playdrawr.co.uk.

2. What data we collect

If you create an account (organiser):

  • Your name and email address, provided at signup or via Google sign-in
  • Sweepstake data you create (names, entry fees, participant lists)
  • Authentication tokens managed securely by Supabase

Lawful basis: performance of a contract (running your sweepstake).

If you are added as a participant:

  • Your name and, if you provide it, your email address
  • Your assigned team and points score

Lawful basis: legitimate interest in delivering the sweepstake service you signed up for.

Automatically:

  • Standard server logs (IP address, browser type, pages visited) — retained for up to 30 days
  • Analytics data collected by Google Analytics (pages visited, session duration, general location) — see Section 7
  • Advertising cookies set by Google AdSense, used to serve relevant ads — see Section 7
  • Basic hosting analytics collected by Vercel for infrastructure purposes

Lawful basis: consent (where required by UK GDPR) and legitimate interest in operating and improving the service.

3. How we use your data

We use your data to:

  • Run and manage your sweepstakes
  • Send transactional emails — draw results, participant invites, and leaderboard updates after matchdays
  • Respond to support enquiries
  • Improve the service
  • Display advertisements that help fund the free service
  • Detect and protect against fraud, abuse, and security threats
  • Comply with legal obligations

We do notsend marketing emails, newsletters, or promotional messages. If we ever email you, it's because something happened in your sweepstake that's worth knowing about.

4. Who we share data with

We do not sell, rent, or trade your personal data. We use the following third-party services to operate the platform:

  • Supabase — database and authentication (data stored in EU region)
  • Google — sign-in via Google OAuth 2.0; if you sign in with Google, we receive your name and email address from Google. Google's use of this data is governed by the Google Privacy Policy
  • Vercel — hosting and edge infrastructure
  • Resend — transactional email delivery
  • Google AdSense — advertising network; may set cookies to serve ads based on your prior visits to this and other websites
  • Google Analytics — website analytics; collects anonymised usage data

Each of these providers processes data only as needed to deliver the service and under appropriate data processing agreements.

5. Data retention

We retain your account data for as long as your account is active. Sweepstake data is retained for 12 months after the associated tournament ends, then deleted. Server logs are deleted after 30 days. Analytics and advertising data is retained in accordance with Google's own retention policies. You can request deletion of your account and all associated data at any time.

6. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict how we process your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, email us at headcoach@playdrawr.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

7. Advertising and analytics (Google)

We use Google AdSense to display advertisements across this site. Google AdSense uses cookies to serve ads based on your prior visits to this website and other sites on the internet.

Google's use of advertising cookies enables it and its partners to serve ads based on your visit to our site and/or other sites on the internet. You may opt out of personalised advertising by visiting Google Ads Settings or aboutads.info/choices.

We also use Google Analytics to understand how visitors use the site. This collects anonymised data about pages visited and time spent. You can opt out via the Google Analytics opt-out browser add-on.

Google's privacy policy is available at policies.google.com/privacy. For more information on how Google uses data when you use our site, see How Google uses information from sites that use our services.

Where required by UK GDPR, advertising and analytics cookies are only set with your consent. You can manage or withdraw your cookie consent at any time via your cookie settings or through your browser settings.

8. Cookies

We use a single session cookie to keep you logged in as an organiser. Google AdSense and Google Analytics set cookies as described in section 7. If you are just viewing a participant leaderboard without being logged in, only third-party cookies (where you have consented) are set.

You can manage or disable cookies through your browser settings at any time. For a full list of the cookies we use, see our Cookies Policy. Note that disabling essential cookies will affect how the site functions for logged-in organisers.

9. Children's privacy

playdrawr is not intended for children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us at headcoach@playdrawr.co.uk and we will delete it promptly.

10. International data transfers

playdrawr is based in the United Kingdom. Some of our third-party service providers (including Vercel and Resend) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place — such as UK adequacy regulations or standard contractual clauses — to protect your data to the same standard required under UK GDPR.

11. Security

All data is encrypted in transit (HTTPS) and at rest. Authentication is handled by Supabase with industry-standard security practices. We do not store passwords in plain text. Where you sign in via Google OAuth 2.0, we never see or store your Google password.

12. Changes to this policy

If we make material changes, we'll update the date at the top of this page. We won't email you every time we fix a typo, but we will notify you if anything significant changes. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

13. Contact

Questions about this policy? Use our contact form or email headcoach@playdrawr.co.uk.