Legal

Privacy Policy

Last updated: April 2026

playdrawr ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and what we do with it. Short version: very little, for good reason, and we never sell it.

1. Who we are

playdrawr is an online sweepstake platform for football tournaments, operating at playdrawr.co.uk. If you have any questions about this policy, contact us at headcoach@playdrawr.co.uk.

2. What data we collect

If you create an account (organiser):

  • Your email address and name, provided at signup
  • Sweepstake data you create (names, entry fees, participant lists)
  • Authentication tokens managed securely by Supabase

If you are added as a participant:

  • Your name and, if provided by the organiser, your email address
  • Your assigned team and points score

Automatically:

  • Standard server logs (IP address, browser type, pages visited) — retained for up to 30 days
  • No advertising tracking cookies. No third-party analytics beyond what Vercel collects for hosting.

3. How we use your data

We use your data to:

  • Run and manage your sweepstakes
  • Send transactional emails — draw results, participant invites, and leaderboard updates after matchdays
  • Respond to support enquiries
  • Improve the service

We do notsend marketing emails, newsletters, or promotional messages. If we ever email you, it's because something happened in your sweepstake that's worth knowing about.

4. Who we share data with

We do not sell, rent, or trade your personal data. We use the following third-party services to operate the platform:

  • Supabase — database and authentication (data stored in EU region)
  • Vercel — hosting and edge infrastructure
  • Resend — transactional email delivery

Each of these providers processes data only as needed to deliver the service and under appropriate data processing agreements.

5. Data retention

We retain your account data for as long as your account is active. Sweepstake data is retained for 12 months after the associated tournament ends, then deleted. You can request deletion of your account and all associated data at any time.

6. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict how we process your data
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, email us at headcoach@playdrawr.co.uk. We will respond within 30 days.

7. Cookies

We use a single session cookie to keep you logged in as an organiser. No tracking cookies, no advertising cookies. If you're just viewing a participant leaderboard, no cookies are set at all.

8. Security

All data is encrypted in transit (HTTPS) and at rest. Authentication is handled by Supabase with industry-standard security practices. We do not store passwords in plain text.

9. Changes to this policy

If we make material changes, we'll update the date at the top of this page. We won't email you every time we fix a typo, but we will notify you if anything significant changes.

10. Contact

Questions about this policy? Use our contact form or email headcoach@playdrawr.co.uk.