Privacy

This is the privacy policy for Referee Tracker, a community-driven catalogue of refereeing decisions in professional football. It explains what we collect, why, and what choices you have. We've tried to keep it readable. If anything's unclear, email [email protected] and we'll explain.

Account info. When you sign in with Google, we get your email address, display name, and avatar URL through Firebase Authentication. We use this to identify you, sign you in, and show your name on votes and submissions. We don't ever see your Google password.

Payment info. If you subscribe, payments are handled by Stripe. We never see your card number — Stripe takes payment on its own pages. We store the Stripe customer ID, the subscription ID, and your current subscription status, so we know whether your account is active.

Things you create on the site. Your votes on incidents, any incidents you submit, and any video clips you upload. This is the content that makes the product work, and other users see it once an admin approves a submission.

Site usage. We use a self-hosted Umami instance to count anonymous pageviews. There are no analytics cookies, no cross-site tracking, and no identifiable data. We use this to know which pages people read.

Operational logs. Server errors and an audit trail of admin actions (e.g. who approved a submission). This keeps the site running and lets us hold ourselves accountable.

We use a small number of trusted providers to run the site. Each one only sees the data it needs:

• Firebase / Google — sign-in and identity.
• Stripe — payments and subscription billing.
• Cloudflare R2 — storage for the video clips you upload.
• Railway — hosting for the application and the Postgres database where everything else lives.
• API-Football — outbound only. We pull fixtures, line-ups and referee data from them. They don't receive any user data from us.
• X (Twitter) — outbound only. We post short summaries of incidents to our X account. We don't share user data with X.

We keep your account while it's in use. If you ask us to delete it, we will, and we'll remove your votes and submissions with it.

Video clips stay up while the incident they belong to is approved. If the incident is rejected or removed, the clip is removed too.

Subscription and payment records have to be kept for several years for tax, accounting, and chargeback reasons — this is a Stripe / HMRC requirement, not a choice on our part.

Operational logs are rotated periodically and not retained long-term.

If you're in the UK or the EU, you have the right to ask for a copy of the data we hold on you, to correct it if it's wrong, to delete it, to export it in a portable format, and to withdraw any consent you've given us.

To exercise any of these rights, email [email protected]. We'll get back to you within 30 days.

You also have the right to complain to a supervisory authority. In the UK that's the Information Commissioner's Office (ico.org.uk).

Firebase Authentication uses your browser's localStorage and a session cookie on this domain to keep you signed in. These are essential for the site to work.

Stripe Checkout sets cookies on its own domain (checkout.stripe.com) when you reach the payment page. We don't control those — they're documented in Stripe's own privacy policy.

Our analytics (Umami) uses no cookies and no cross-site trackers.

Referee Tracker is intended for users aged 13 and older. We don't knowingly collect personal data from anyone under 13. If you believe a child has signed up, email [email protected] and we'll remove the account.

We'll update the "Last updated" date at the top of this page when the policy changes. For material changes (e.g. new sub-processors, new categories of data), we'll email you at the address on your account.