F.C.football.club

football.club — Privacy Policy

Effective Date: May 8, 2026

1. Introduction

Fairfax Partners Inc. ("Company," "we," "us," or "our") operates football.club, the operating system for football clubs, powered by Fair. This Privacy Policy explains how we collect, use, process, disclose, and otherwise handle personal information in connection with football.club.

football.club is a B2B platform sold to and operated by adult-administered football clubs ("Clubs"). It is not intended for direct use by individuals under 18 years of age. Clubs are responsible for personal information they upload concerning their members, including any minors. Section 6 of this Policy sets out the obligations of Clubs and the rights of parents and guardians.

This Privacy Policy applies to all users in Canada, the United States, the United Kingdom, the European Union, Australia, and other jurisdictions.

2. Information We Collect

2.1 Information Provided Directly by Clubs

Club Account Registration and Profile Information: When a Club signs up, we collect the Club name, the name and contact details of the Authorized User registering the account, billing contact information, physical address, and other profile information necessary to deliver Services.

Club Data: Personal information that the Club uploads, stores, or processes within football.club, including:

  • Member rosters (player names, dates of birth, ages, jersey numbers);
  • Contact details for players, parents, guardians, coaches, and volunteers;
  • Training schedules, match schedules, and attendance records;
  • Photographs and video of training and matches;
  • Mentorship and coaching communications;
  • Payment, dues, and registration records;
  • Other Club-managed information.

Where Club Data concerns individuals under 18, the Club is the sole data controller of that information. The Club is responsible for obtaining all required parental and guardian consents prior to upload (see Section 6).

Fair AI Agent Interactions: Communications routed through the Fair AI agent for the purpose of Club operations.

Support and Correspondence: Information from Club support inquiries, feedback, surveys, and complaints.

Payment Information: Subscription payments are processed through Stripe. We do not store complete credit card data.

2.2 Information Collected Automatically

Usage and Access Logs, Device and Browser Information, Cookies and Tracking Technologies, Platform Metrics — collected for authentication, preference management, security, fraud prevention, and platform optimization.

2.3 Information from Third Parties

Information from fraud prevention partners, payment processors, and verification services to assess fraud risk and verify Club legitimacy.

2.4 Payment Processing & Stripe Integration

We use Stripe, Inc. ("Stripe") as our payment processor. Club payment data is transmitted directly to Stripe via secure, encrypted channels (HTTPS with PCI-DSS compliance). We do not store complete credit card or bank account data.

Stripe collects payment method information; billing address and contact information; transaction date, amount, and frequency; device information and IP address (for fraud detection); and transaction history. Stripe uses this data to process and settle payments; detect and prevent fraud; comply with AML and KYC regulations; resolve payment disputes; and generate tax compliance records (retained up to 7 years).

For our purposes, Stripe acts as a data processor under GDPR, PIPEDA, and similar laws. Stripe is an independent data controller for certain uses, particularly fraud prevention and regulatory compliance.

3. How We Use Information

We use information collected to: deliver football.club Services to the Club; authenticate and manage Club accounts; process payments; communicate about Services; comply with legal and regulatory obligations; prevent fraud and ensure security; and pursue legitimate business interests in operating the Service.

We do not use Club Data, or any data concerning individuals under 18, to train AI models, generate cross-customer insights, or for any purpose other than direct delivery of the Services to the Club.

Stripe's use of payment data is governed by Stripe's Privacy Policy at stripe.com/en-ca/privacy.

4. Data Processing Roles — Controller and Processor

We act in different data protection roles depending on the data in question.

(a) Club Account Data — Fairfax as Controller. When the Club registers an account, manages a subscription, or communicates with us in its commercial capacity, we are the data controller of the information the Club provides directly.

(b) Club Data — Fairfax as Processor. All personal information uploaded, stored, or processed within football.club concerning Club members, players, coaches, parents, guardians, or other individuals (collectively, "Club Data") is processed by us as a data processor. The Club is the data controller. The Club is solely responsible for the obligations set out in Section 6 below.

In our processor capacity, we process Club Data only on documented instructions from the Club, apply appropriate technical and organizational measures, and assist the Club in fulfilling obligations under applicable law. A Data Processing Agreement (DPA) is available on request and will govern the processing relationship in detail.

5. Data Retention

  • Club Account Information: retained for the duration of the Subscription plus 3 years for tax and legal compliance.
  • Club Data (processor data): retained per the Club's instructions; returned or deleted within 90 days of contract termination unless retention is required by law.
  • Access Logs and Usage Data: retained for 12 months, then anonymized or deleted.
  • Fair AI Agent Communications: retained for 24 months to support Service delivery, then deleted unless required by law.
  • Payment Records: retained for 7 years to comply with tax law in Canada, US, and UK.

The Club may request deletion of Club Data at any time, subject to legal retention obligations.

6. Children's Data, Parental Consent, and Safeguarding

football.club is not provided directly to individuals under 18 years of age. Direct accounts are issued only to adult Authorized Users. However, the platform is designed to be used by Clubs that manage members under 18, and Club Data may concern minors.

6.1 Club Responsibilities as Data Controller

When the Club uploads, stores, or processes personal information concerning individuals under 18 (including but not limited to player rosters, contact details, photographs, video, communications, training records, or attendance), the Club is the sole data controller of that information. The Club is solely responsible for:

(a) Parental and Guardian Consent. Obtaining all required consents from parents or legal guardians prior to upload, in accordance with applicable law, including:

  • PIPEDA in Canada and applicable provincial youth privacy laws;
  • GDPR Article 8 in the EU (parental consent typically required for children under 16, lower thresholds in some Member States);
  • UK GDPR and the ICO Age Appropriate Design Code;
  • COPPA in the United States (parental consent required for children under 13) and applicable state laws;
  • Privacy Act 1988 (Cth) in Australia and applicable state laws.

(b) Image Rights and Likeness Consents. Obtaining all required image rights, video, and likeness consents from parents or guardians prior to uploading any media depicting individuals under 18.

(c) Lawful Basis and Notice. Establishing a lawful basis for collection and use, and providing privacy notices to data subjects, parents, and guardians.

(d) Data Subject Rights. Honouring access, correction, deletion, and other data subject rights requests, including those made by parents or guardians on behalf of minors. The Club must instruct Fairfax accordingly within 30 days of receipt of any request.

(e) Safeguarding. Implementing safeguarding measures and complying with applicable child protection, sport governing body, and education law in the Club's jurisdiction.

(f) Authorized Users Only. Ensuring that only adult Authorized Users access communications, media, or personal information concerning minors. Sharing of platform credentials with minors is strictly prohibited.

(g) Breach Notification. Notifying parents and guardians of any data incident affecting their child's information, in coordination with Fairfax where breach notification is required by law.

(h) AI Communications Review. Reviewing all communications generated by the Fair AI agent and intended for dissemination to minors or their parents or guardians prior to dissemination, by an authorized adult Club representative.

6.2 Fairfax's Limited Role

Fairfax acts as a data processor for Club Data and processes such information only on documented instructions from the Club. Fairfax does not use Club Data concerning minors to train AI models, generate aggregated insights, or for any purpose other than direct delivery of football.club Services to that Club.

6.3 Reporting Concerns

If a parent, guardian, or any individual believes a Club has uploaded personal information concerning a minor in violation of these requirements — or has any safeguarding concern — they should contact admin@fairfax.partners. Fairfax will investigate and may suspend or terminate the Club's account, preserve account data and logs for child protection and law enforcement purposes, and cooperate with applicable authorities.

7. International Legal Framework

7.1 European Union and UK GDPR

EU and UK Clubs have rights of access, rectification, erasure, restriction of processing, data portability, and objection. Our legal bases for processing are: (a) performance of a contract; (b) compliance with legal obligations; (c) protection of vital interests (particularly in safeguarding contexts); and (d) our legitimate interests.

If we transfer EU/UK personal data outside the GDPR zone, we use Standard Contractual Clauses and other legally compliant mechanisms. We respond to data subject requests within 30 days.

7.2 Canada — PIPEDA

We are a Canadian company subject to PIPEDA. Clubs and individuals have the right to access personal information, request correction, understand our privacy practices, and opt out of non-essential collection and use.

7.3 United States — CCPA and Other State Laws

California residents have rights to Know, Delete, Opt-Out of "sale" or "sharing" of personal information, and Correct. We do not sell personal information. Virginia, Colorado, Connecticut, Utah, and other state privacy laws confer similar rights. For data concerning children under 13, COPPA imposes additional obligations on Clubs operating in the United States; the Club is responsible for COPPA compliance.

7.4 Australia — Privacy Act 1988 (Cth)

Australian Clubs and individuals are protected under the Privacy Act 1988. You may complain to the OAIC at www.oaic.gov.au.

7.5 Stripe's International Data Transfers

Stripe transfers payment data internationally and complies with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF. By authorizing payment through Stripe, the Club consents to Stripe's international transfer and processing of payment data.

7.6 Other Jurisdictions

For Clubs and users in jurisdictions not specifically mentioned above, we commit to complying with applicable local privacy and child protection law.

8. Cookies and Tracking Technologies

We use essential cookies (authentication, security), preference cookies (settings, language), and limited analytics cookies. Clubs and users can control cookies through browser settings. Disabling cookies may affect platform functionality.

9. Third-Party Disclosure and Sharing

We do not sell or rent personal information. We may share information with: service providers (Stripe, cloud hosting, analytics) bound by confidentiality; in response to legal obligations and law enforcement; with child safety authorities and regulatory bodies investigating safeguarding or privacy violations; in business transfers (with notice); as aggregated, de-identified data (excluding any data concerning minors); and with Stripe for payment processing.

9.1 Contracted Sports-Science Partner — Pace Sports Performance Inc.

Pace Sports Performance Inc. ("Pace," pace.fit) is engaged by certain Clubs as a contracted sports-science provider. Where a Club has separately contracted Pace, the Club may direct football.club to share Club Data — which may include roster, performance, training, attendance, and related sports-science data — with Pace solely for the purpose of delivering sports-science services to that Club.

In this arrangement, the Club remains the data controller, and Pace acts as a data processor on the Club's behalf. The Club is responsible for the lawful basis, privacy notices, and any required consents (including parental and guardian consents for Minors per Section 6). Pace is contractually bound to handle Club Data in accordance with applicable laws (including PIPEDA, GDPR, UK GDPR, COPPA, and the Privacy Act 1988), and only for the purposes the Club has authorized.

Clubs that have not contracted Pace are not affected by this clause; no Club Data is shared with Pace by default.

10. Sub-processors

We may engage sub-processors (including hosting providers, AI service providers, and analytics partners) to assist with delivery of football.club. A current list of sub-processors is available upon request to admin@fairfax.partners. We will provide notice of material changes to the sub-processor list.

11. Data Security

We implement industry-standard administrative, physical, and technical security measures including encryption in transit and at rest, access controls on a need-to-know basis, secure cloud hosting, regular security audits, and a documented incident response plan. Given the sensitivity of Club Data — particularly Club Data concerning minors — we apply additional access restrictions and monitoring within football.club.

We notify affected Clubs of significant breaches as required by law. The Club is responsible for notifying affected data subjects, parents, and guardians.

12. Your Rights and Choices

The Club, and individuals whose data is processed within football.club (or their parents or guardians where applicable), have rights of access, correction, deletion, and objection under applicable law.

For data subject rights requests concerning Club Data: the data subject (or parent or guardian) should contact the Club directly. The Club, as data controller, is responsible for honouring the request.

For requests concerning Club account data, or where the Club fails to respond: contact admin@fairfax.partners. We respond within 30 days and may request identity verification.

For payment data processed by Stripe, contact Stripe directly at privacy@stripe.com or support.stripe.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The "Last Updated" date indicates when this Policy was last materially revised. Material changes will be communicated to Clubs by email or in-platform notice.

14. Contact Us

Fairfax Partners Inc. (operator of football.club)
Administration, Compliance & Safeguarding: admin@fairfax.partners
Customer Support: support@fairfax.partners
Website: football.club

For EU/UK residents: you may also contact your national Data Protection Authority.
For Australian residents: you may lodge a complaint with the OAIC at www.oaic.gov.au.
For child safety concerns: contact admin@fairfax.partners immediately. In any imminent safety emergency, contact your local police or child safety authority first.

Payment Processing Inquiries: Stripe Support or privacy@stripe.com.

Last Updated: May 8, 2026