Privacy Policy
This Privacy Policy explains how Huddle Sports Ireland ("Huddle", "we", "us") collects, uses and protects personal data when you use the Huddle platform and website. We take privacy seriously: we do not sell your data, we do not share it with third parties for their own purposes, and we have no interest in monetising it.
On this page
1. Who we are
Huddle is a platform that helps community sports clubs run their finances and membership. The service is provided by [LEGAL ENTITY - name, form and CRO number to be inserted on incorporation], trading as Huddle Sports Ireland, with a correspondence address at 137 Ardmore Park, Bray, Co. Wicklow, A98 A782, Ireland. For any privacy question or request, contact us at privacy@huddlesports.ie.
2. Controller and processor
The way we handle data depends on whose data it is:
- For people who create an account directly with us (for example club administrators, or members aged 16 or over who hold their own login), Huddle is the data controller.
- For the personal data a club enters or collects about its own members, the club is the data controller and Huddle acts as a data processor, processing that data only on the club's instructions and on its behalf. Our data processing agreement with clubs is set out in our Terms of Service.
3. What we collect
- Account and identity data - your name, email address and login credentials, managed through Firebase Authentication, and your role within a club.
- Club and membership records - stored in our database (Firestore): member names and contact details, age group or date of birth, gender where a club uses it for team and plan criteria, teams and squads, membership plans, payment status, and any sport-specific identifiers a club chooses to record (such as governing-body registration numbers).
- Payment data - processed by Stripe. We receive limited transaction information such as amounts, status and descriptions. We never see or store full card details; these are handled entirely by Stripe.
- Usage and device data - collected, with your consent, through Firebase Analytics and standard server logs (such as pages viewed, approximate location, and device or browser type) to help us understand and improve the service.
- Communications - messages and support requests you send us.
Huddle is not designed for medical or other special-category data, and clubs must not collect it through the platform - see Health data.
4. How we use personal data, and our lawful basis
- To provide and operate the platform - performance of a contract.
- To process payments, memberships and events - contract, and the club's instructions where we act as processor.
- To suggest or assign membership plans and squads from the criteria a club sets (such as age group and gender) - contract, and the club's instructions. This is a convenience feature under the club's control: administrators can review and change any assignment, and no automated decision with legal or similarly significant effects is made about you.
- To keep the service secure and prevent fraud and abuse - legitimate interests.
- To understand usage and improve the product - legitimate interests, and consent for analytics cookies.
- To send service messages about your account or club (such as payment receipts, renewal reminders and important changes) - contract.
- To send product news or marketing - only with your consent, and you can opt out at any time. We do not send marketing to children.
- To meet legal, accounting and tax obligations - legal obligation.
5. Cookies and analytics
We keep this simple. The website stores two small settings in your browser's local storage: your light-or-dark theme choice, and whether you accepted or declined analytics. With your consent - given through the cookie banner, and changeable at any time through the Cookies link in the footer - we use Firebase Analytics (Google) to understand how the website is used. If you decline, no analytics run. We never sell your data, and we never share it with third parties beyond the processors listed below. The website is hosted on Firebase Hosting, which keeps standard server logs. You can also control cookies through your browser settings.
6. Sub-processors
We rely on a small number of trusted providers to run Huddle. They process data only to provide their services to us, under their own data-protection commitments:
- Google / Firebase - authentication, database (Firestore), hosting and analytics. See Google's Privacy Policy.
- Stripe - payment processing via Stripe Connect. See Stripe's Privacy Policy.
If we add or replace a sub-processor that handles club member data, we will give clubs reasonable advance notice (by email or in-app), and a club may object on reasonable data-protection grounds as set out in our Terms of Service.
7. Sharing your data
We do not sell your personal data, and we do not share it with third parties for their own marketing or other purposes. We share data only: with the sub-processors above to run the service; with a club's authorised administrators (for that club's own records); where you ask us to; or where we are required to by law.
8. International transfers
Some of our providers (such as Google and Stripe) may process data outside the European Economic Area, including in the United States. Where they do, the transfer is protected by appropriate safeguards, such as the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.
9. How long we keep data
- Account data - for as long as your account is active, then deleted within 90 days of account deletion, except where the law requires longer.
- Club and membership records - for as long as the club's account is active and the club instructs us to hold them; clubs can delete member records at any time. When a club leaves Huddle, we delete or return its member data as set out in the data processing agreement.
- Financial and transaction records - at least six years after the year they relate to, as required by Irish tax and accounting law.
- Analytics data - retained by Firebase Analytics for 14 months.
- Support correspondence - up to two years after the request is closed.
10. Security and breaches
We protect personal data using encryption in transit and at rest, access controls, and the security measures provided by Firebase and Stripe. Card details are handled by Stripe under PCI-DSS Level 1 and never reach our systems.
If a personal data breach occurs, we will notify affected clubs without undue delay after becoming aware of it, and we will notify the Data Protection Commission and affected individuals where the law requires it.
11. Your rights
Under the General Data Protection Regulation you have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent where we rely on it. To exercise any of these, contact privacy@huddlesports.ie. We respond within one month.
Where Huddle acts as a processor for a club, please contact the club (the controller) first; we will help them respond. You also have the right to complain to the Irish Data Protection Commission.
12. Children's data
Sports clubs are, above all, children's organisations - so we treat this carefully:
- Accounts. You must be at least 16 to hold your own Huddle login (Ireland's digital age of consent). A parent or guardian can consent for a younger member where the club uses that flow.
- Member records. Children below 16 are otherwise represented on Huddle as club records, created and managed by the club and by parents or guardians - not as account holders.
- The club's responsibilities. Where a club records a child's personal data, the club is responsible, as controller, for having the appropriate legal basis and any parental consent required, and for its safeguarding obligations.
- What we never do. We do not use children's data for analytics profiling, we do not send marketing to children, and we apply data minimisation to child records.
13. Health data
Huddle does not currently support the collection of medical, health or other special-category data, and clubs must not collect it through the platform (for example in registration or camp forms). If we add support for it in future - with the explicit-consent and security controls it requires - we will update this policy first.
14. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page and change the effective date above, and we will email account holders about any material change before it takes effect.
15. Contact
For any privacy question or request, email privacy@huddlesports.ie or write to Huddle Sports Ireland, 137 Ardmore Park, Bray, Co. Wicklow, A98 A782, Ireland.