Privacy Policy

• →Operating the marketplace: Displaying setter profiles to coaches, enabling contact between parties, and managing your account.
• →Account security: Verifying your identity at login, detecting suspicious activity, and protecting your account from unauthorised access.
• →Service communications: Sending account-related emails such as password resets, email confirmation links, and important policy updates. We do not send marketing emails without your consent.
• →Platform improvements: Aggregate, anonymised analysis to understand how the service is used and where it can be improved. We do not share individual-level data for this purpose.

UK GDPR requires us to have a lawful basis for each type of processing. Here is how that maps to what we do:

• Contract performance — Art. 6(1)(b)

  Processing your account data (name, email, password hash) is necessary to provide the service you signed up for. Without it, we cannot create or run your account.

• Legitimate interests — Art. 6(1)(f)

  Security monitoring and aggregate platform analytics serve our legitimate interest in running a safe, improving service. We have weighed these interests against your privacy rights and do not consider them to override them.

• Consent — Art. 6(1)(a)

  Where we ask for consent — for example before adding any optional analytics or marketing — we will ask explicitly. You can withdraw consent at any time without affecting anything that happened before withdrawal.

• Legal obligation — Art. 6(1)(c)

  We may retain certain records where required by law or where necessary to respond to a lawful request from a public authority.

We do not sell your personal data. We share it only with the following sub-processors who help us run the service, each under data processing agreements:

• Supabase, Inc.

  Our database, authentication, and file storage provider. Supabase processes your account data, profile data, and uploaded photos on our behalf. Our Supabase project is hosted in the eu-west-1 (Ireland) region — your data is stored within the EEA. See Section 9 on international transfers.

  View their privacy policy →

• Netlify, Inc.

  Our web hosting and deployment provider. Netlify serves the website to your browser and may log basic access data (such as IP addresses) as part of normal hosting operations.

  View their privacy policy →

We may also disclose data if required to do so by law, court order, or to protect the rights, property, or safety of our users or the public.

• →Your account and profile data are kept for as long as your account is active.
• →If you delete your account, we will delete your personal data within 30 days, unless we are required by law to retain it for longer.
• →If your account has been inactive (no login) for 24 months, we may email you to confirm whether you want to keep it. If we receive no response within 30 days, we may close and delete the account.
• →Authentication and security logs (login timestamps, IP addresses) are retained for up to 12 months.

To exercise any of the rights below, contact us at admin@setterschool.co.uk. We will respond within one calendar month.

• Right of access

  You can ask us for a copy of the personal data we hold about you.

• Right to rectification

  You can ask us to correct inaccurate or incomplete data. Most profile information can be corrected directly in your account settings.

• Right to erasure ("right to be forgotten")

  You can ask us to delete your personal data. We will do so unless we have a legal obligation to keep it.

• Right to data portability

  You can ask for your data in a commonly used, machine-readable format (such as JSON or CSV) so you can transfer it to another service.

• Right to object

  You can object to processing based on our legitimate interests. We will stop unless we can show compelling legitimate grounds that override your interests.

• Right to restrict processing

  You can ask us to pause processing of your data while a dispute about it is resolved.

• Right to withdraw consent

  Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

• Right to lodge a complaint

  If you are unhappy with how we have handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We use only strictly necessary cookies required to operate the service. We do not use analytics, advertising, or tracking cookies of any kind.

• →Authentication session cookies: Set by Supabase to keep you logged in between page loads. These are strictly necessary — disabling them will break login functionality. They expire when you sign out or after a period of inactivity (typically a few days).
• →No analytics cookies: We do not currently use any analytics tools. No analytics, performance, or measurement cookies are set.
• →No advertising or tracking cookies: We do not use advertising, retargeting, or cross-site tracking cookies.

The Setter Exchange is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at admin@setterschool.co.uk and we will delete it promptly.

Our database, authentication, and storage are hosted with Supabase in the eu-west-1 (Ireland) region, within the European Economic Area (EEA). Your data is stored and processed in the EU.

Some limited processing by our sub-processors may occur outside the UK/EEA — for example, Supabase's corporate operations and Netlify's global content delivery network. Where any such transfers occur, we rely on appropriate safeguards including the UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses (SCCs) as applicable.

For more detail, see Supabase's privacy policy at supabase.com/privacy and Netlify's at netlify.com/privacy.

If you are not satisfied with our response to a data request, you have the right to complain to the UK Information Commissioner's Office: ico.org.uk · 0303 123 1113

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify you by email or via an in-app notice before they take effect. Your continued use of the service after changes are posted means you accept the updated policy.