GrassrootsFC ("we", "us") is operated by Barazovsky Limited, a UK-based company. We provide website hosting and management tools for grassroots football clubs.
We are the data controller for personal data collected through the GrassrootsFC platform itself (e.g., admin account details, billing information). For content uploaded by clubs (including photographs, documents, and form submissions), the club is the data controller and GrassrootsFC acts as a data processor.
For any data protection questions or requests, contact us at hello@grassrootsfc.co.uk.
To be clear about our practices:
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Operating your club account and website | Performance of contract (Art. 6(1)(b)) |
| Processing subscription payments | Performance of contract (Art. 6(1)(b)) |
| Processing shop orders and customer payments | Performance of contract (Art. 6(1)(b)) |
| Sending service emails (welcome, password reset, admin invitations, subscription receipts) | Performance of contract (Art. 6(1)(b)) |
| Service announcements and platform updates | Legitimate interest (Art. 6(1)(f)) |
| Improving the platform and fixing bugs | Legitimate interest (Art. 6(1)(f)) |
We share data with the following third-party services, and only these services, to operate the platform:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting, storage (S3), database (DynamoDB), content delivery (CloudFront) | All platform data | EU-West-1 (Ireland) |
| AWS SES | Transactional email delivery (password resets, welcome emails, admin invitations) | Email addresses and email content | EU-West-1 (Ireland) |
| Stripe | Payment processing for subscriptions and shop orders | Email, name, payment details (handled directly by Stripe) | EU / US (Stripe infrastructure) |
We do not share data with any other third parties. If a club chooses to enable Google Analytics (see section 8), that is the club's own integration and their responsibility.
All platform data is stored within the European Economic Area:
Your data stays in the EU. Stripe may process payment data outside the EEA; these transfers are covered by Standard Contractual Clauses and adequacy decisions as required by UK GDPR.
GrassrootsFC uses only essential cookies and local storage. We do not use tracking cookies.
| Type | Name / purpose | Essential? |
|---|---|---|
| Auth token | Admin session authentication | Yes — required for admin login |
| localStorage | Shopping cart contents ({clubId}_cart) |
Yes — required for shop functionality |
| localStorage | Cookie consent preference (grfc_cookie_consent) |
Yes — records your cookie choice |
| Cookies (Stripe) | Set during checkout for payment security | Yes — required for payments |
If a club enables Google Analytics, Google will set its own cookies on the club website. This is the club's responsibility — see section 8.
Clubs can optionally add a Google Analytics (GA4) tracking ID in their settings. If enabled:
GrassrootsFC does not control or have access to the Google Analytics data collected on club websites. If you enable GA, you are responsible for:
If you do not add a GA tracking ID, no Google scripts or cookies will be loaded on your site.
GrassrootsFC accounts can only be created by individuals aged 18 or over. We do not knowingly collect personal data directly from children.
However, we recognise that grassroots football clubs regularly work with young players, and clubs may upload content that includes photographs or information about minors (e.g., match photos, team photos, award presentations).
In this context:
If you believe that a photo or personal data of a minor has been uploaded without proper consent, please contact us immediately at hello@grassrootsfc.co.uk and we will act promptly to investigate and remove it if necessary.
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the right to:
To exercise any of these rights, email us at hello@grassrootsfc.co.uk. We will respond within 30 days.
If you are a member of a club and want to exercise your rights regarding data held on a club website (e.g., your photo in a gallery, a form submission), please contact the club directly in the first instance, as they are the data controller for that data. If you are unable to resolve the matter with the club, contact us and we will assist.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.
We protect your data using:
Your data is stored within the European Economic Area (AWS Ireland). Some third-party services (primarily Stripe) may process data outside the EEA. These transfers are covered by Standard Contractual Clauses or adequacy decisions as required by UK GDPR.
We may update this policy from time to time. If we make significant changes, we will notify club administrators by email. The "last updated" date at the top of this page will always reflect the current version.
For data protection questions, data subject requests, or any privacy concerns, contact us at:
Barazovsky Limited
United Kingdom