Log In Get Started
Legal

Privacy Policy

Last updated: April 2026

1. Who We Are

TouchlineTalent ("we", "us", "our") is a private visibility and recruitment platform for professional football talent. We are the data controller for personal information collected via this website.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: email address, password (stored as a secure hash — never in plain text), account type and registration date.
  • Profile data (football talent): name, location, qualifications, professional experience, photo, CV and professional approach.
  • Profile data (clubs): club name, contact name, location, league, website and club description.
  • Usage data: login times, pages visited, job applications and messages sent within the platform.
  • Technical data: IP address (stored as a cryptographic hash, not in plain text) and browser information.

3. How We Use Your Data

  • To provide and operate the TouchlineTalent platform.
  • To match football talent with relevant professional opportunities.
  • To allow clubs to discover and contact relevant candidates.
  • To send transactional emails (account verification, password resets, application notifications).
  • To manage subscriptions and billing.
  • To improve the platform and fix technical issues.

4. Legal Basis for Processing

We process your data on the following legal bases under UK GDPR:

  • Contract: processing necessary to provide the service you have registered for.
  • Legitimate interests: security, fraud prevention and platform improvement.
  • Consent: where you have explicitly agreed to processing (e.g. marketing emails).

5. Who We Share Data With

We do not sell your personal data. We may share data with:

  • Other platform users: talent profiles are visible to clubs with an active subscription. Contact details are never publicly displayed.
  • Payment processors: when Stripe integration is enabled, payment data is handled by Stripe under their own privacy policy. We never store card details.
  • Email providers: our SMTP provider handles transactional emails only.
  • Legal obligations: we may disclose data if required by law or to protect the safety of users.

6. Data Retention

  • Active accounts: data retained while the account is active.
  • Deleted accounts: personal data removed within 30 days of account deletion request.
  • Login attempts: retained for 7 days for security purposes.
  • Billing records: retained for 7 years as required by UK law.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.

To exercise any of these rights, please contact us via the contact form.

8. Security

We take data security seriously. Measures include:

  • Passwords stored using bcrypt hashing — never readable, even by us.
  • All connections encrypted via HTTPS/SSL.
  • Sensitive configuration files stored outside the web-accessible directory.
  • CV and photo files served only via authenticated PHP — never via direct URL.
  • IP addresses stored as cryptographic hashes in line with data minimisation principles.

9. Cookies

We use a single session cookie to keep you logged in. This cookie is essential for the platform to function and does not track you across other websites. We do not use advertising or analytics cookies.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be notified via the platform. The date at the top of this page indicates the last update.

11. Contact

For any privacy-related questions, please use our contact form.