Gaffer HQ Ltd · Last updated: 20th May 2026
This Privacy Policy for Gaffer HQ Ltd (Company Number: 17189389), trading as GAFFER HQ ('we', 'us', 'our'), describes how and why we collect, store, use, and share your personal information when you use our Services, including when you:
GAFFER HQ (operated by Gaffer HQ Ltd) is an online platform designed to support youth and adult football clubs' team managers and referees across England. The platform enables managers to post team availability and arrange friendly fixtures, find and contact qualified referees, and discover local pitch facilities. GAFFER HQ is accessed via our website at app.gafferhq.uk.
Questions or concerns? Contact us at [email protected] or by post at: Gaffer HQ Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.
We collect personal information you voluntarily provide when you register, create a profile, or use our Services. This includes:
When you use our Services, we automatically collect certain aggregate information through Plausible Analytics, our privacy-first analytics provider. This includes:
We do not currently collect payment data. If subscription features are introduced in future, payment processing will be handled by a regulated third-party payment provider. We will update this Privacy Policy at that time.
We process your personal information for the following purposes:
Under UK GDPR, we rely on the following legal bases:
No. GAFFER HQ is designed for use by adults aged 18 and over, including referees. We do not permit users under 18 to create accounts.
However, in the future, the platform may hold personal data relating to players who are under the age of 18 (name-only as part of a squad list), entered by an authorised adult manager or club administrator using a team management capability (not yet in production). At such time, the Privacy Policy will be updated in accordance with under 18's data and child safeguarding regulations.
As part of our Services, we plan to offer AI-assisted features, including personalised match suggestions, referee recommendations, and platform improvements. These features are designed to improve your experience and may be powered by AI tools.
Where AI features are used to process your personal data, we ensure this is done transparently, on a clear legal basis, and in accordance with UK GDPR. We do not use fully automated decision-making that produces legally significant effects without human oversight.
Your personal data is not used to train external AI models. Any AI processing of data relating to players under the age of 18 in the future will be subject to additional safeguards.
You can opt out of personalised AI-assisted features by updating your preferences in Account Settings.
GAFFER HQ does not use cookies for tracking, advertising, or analytics purposes.
We use one strictly necessary session cookie to keep you securely logged in to your account. This cookie is essential to the operation of the service. It does not track your behaviour across other websites and does not share any data with third parties.
We do not use Google Analytics, Google Maps, or any other Google services. Our analytics provider, Plausible, is cookieless and collects no personal identifiers.
No cookie consent banner is required on GAFFER HQ under UK GDPR guidelines, as we use no non-essential cookies.
We do not sell your personal data. We do not share your personal data with advertisers.
We may share your information in the following limited circumstances:
Gaffer HQ Ltd is a UK-registered company. Your data is stored on Supabase infrastructure in the EU West (London) region, keeping it physically within the United Kingdom.
Some of our service providers (including Railway and Plausible) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions recognised under UK GDPR.
We keep your personal data for as long as your account is active or as necessary to provide the Services. When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, regulatory, or fraud-prevention purposes.
We implement appropriate technical and organisational security measures to protect your personal data, including:
No electronic transmission over the internet can be guaranteed to be 100% secure. While we take every reasonable precaution, we cannot guarantee the absolute security of your data.
We are committed to maintaining a safe, respectful, and trustworthy platform experience. In line with the UK Online Safety Act 2023, we implement proportionate measures designed to support user safety, reduce harmful activity, and provide clear ways for users to report concerns or manage their experience. Examples of supported Platform capabilities:
| Feature | Description |
|---|---|
| Report / Flag Button | Available within message chats, tournament listings, and availability posts. Submissions generate an alert within the admin moderation dashboard for review. |
| PDF Approval Queue | PDF content uploads are held in a pending review queue and require manual approval before publication. |
| Account Suspension | Admin dashboard controls allow administrators to suspend or permanently ban user accounts immediately where required. |
| Profanity Filter | Basic profanity and inappropriate language filtering applied across free-text inputs, including messages, usernames, and descriptions. |
| Appeals Process | Suspended users may submit an appeal request through a dedicated form, which is delivered to the admin review inbox. |
| Safety Onboarding Screen | Post-signup onboarding screen presenting some core community and safety guidelines, requiring user acknowledgement before continuing. |
| Rate Limiting on Messages | Message activity limited to a maximum number of messages per hour within each fixture thread to help reduce spam and harassment. |
| User Blocking | Users may block another manager account, preventing direct messages and match-related requests between the accounts. |
Under UK GDPR, you have the following rights regarding your personal data:
The easiest way to exercise your rights is through your Account Settings at https://app.gafferhq.uk/account, where you can update your preferences, request a data export, or submit an account deletion request. You can also contact us directly at [email protected].
We will respond to all data rights requests within 30 days in accordance with UK GDPR.
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. Our ICO registration number is ZC139011.
We will only send you marketing or promotional communications where you have given explicit consent by ticking the optional marketing opt-in box at registration. We will not send marketing emails based on implied consent or pre-ticked boxes.
You can withdraw your consent and unsubscribe from marketing communications at any time by: (a) clicking the unsubscribe link in any marketing email, or (b) updating your preferences in Account Settings.
Withdrawing marketing consent will not affect your receipt of transactional service emails, which are necessary to operate your account.
We do not currently respond to Do-Not-Track browser signals, as no uniform industry standard has been established. Given that GAFFER HQ does not use tracking cookies, this has limited practical effect on your privacy when using our Services.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you by email with at least 30 days' notice before the changes take effect. The updated date at the top of this policy will reflect the date of the most recent revision.
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: