Legal

Privacy Policy

Last updated: 11 April 2026

1. Who We Are

SuperSmalls ("we", "us", "our") operates the SuperSmalls fantasy football platform. We are the data controller for the personal information we collect through our website and service.

If you have questions about this policy, contact us at support@supersmalls.cloud.

2. What We Collect

We collect the following personal information:

Account Information

  • Name and email address (provided during registration)
  • Password (stored securely using one-way hashing)

League & Gameplay Data

  • League names, squad names, and team selections
  • Scores, standings, and transfer history
  • Commissioner settings and league configuration

Payment Information

  • Payment status and transaction references (via Stripe)
  • We do not store your card number, expiry date, or CVV — these are handled entirely by Stripe

Live Auction Data

  • Bid amounts, timestamps, and outcomes
  • Chat messages and reactions sent during live auctions (stored permanently and visible to league members)
  • WebSocket connection data, including connection and disconnection timestamps
  • Auction participation logs (join times, pause requests, presence tracking)

Technical Data

  • IP address, browser type, and device information
  • Pages visited and usage patterns (via cookies and analytics)

3. How We Use Your Data

We use your personal information to:

  • Provide and maintain the Service (account management, league operations, scoring)
  • Process payments and send payment request emails
  • Send league-related notifications (invitations, activation, payment reminders)
  • Operate live auctions (real-time bidding, chat, presence tracking, and result calculation)
  • Improve the Service through usage analytics
  • Respond to support enquiries

We will never sell your personal data to third parties.

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

  • Contract: Processing necessary to provide the Service you've signed up for
  • Legitimate interest: Analytics, security monitoring, and service improvements
  • Consent: Marketing communications (you can opt out at any time)

5. Who We Share Data With

We share data only with the following third parties, all of whom act as data processors on our behalf:

  • Stripe — payment processing (Stripe Privacy Policy)
  • Google Analytics — website usage analytics (Google Privacy Policy)
  • Hosting providers — server infrastructure for running the Service
  • Email service providers — for transactional emails (payment requests, league notifications)

Your league data (squad names, scores, standings) is visible to other members of your league as part of normal gameplay. This includes live auction chat messages, bid history, and auction results.

6. Cookies

We use cookies for:

  • Essential cookies: Session management, authentication, CSRF protection. These are required for the Service to function and cannot be disabled.
  • Analytics cookies: We use Google Analytics (GA4) to understand how the Service is used, including page views, traffic sources, and user journeys. These cookies are only set with your consent and can be declined via the cookie banner or your browser settings.

You can withdraw consent for analytics cookies at any time by clearing your browser cookies. We will then ask for your preference again on your next visit.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your personal details are removed
  • Payment records are retained for 7 years as required by UK tax and accounting regulations
  • Anonymised gameplay data may be retained for historical league records

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest

To exercise any of these rights, email us at support@supersmalls.cloud. We will respond within 30 days.

9. Data Security

We take reasonable measures to protect your data, including:

  • HTTPS encryption for all connections
  • Secure password hashing (bcrypt)
  • Regular security updates and monitoring
  • No storage of payment card details (handled by Stripe)

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service.

12. Contact & Complaints

For privacy-related enquiries: support@supersmalls.cloud

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Ready to Start Your League?

Create your league in minutes and start running your own fantasy football competition.

No spam, ever. We'll only email you about SuperSmalls.