๐Ÿ‘•Kittd
Sign inGet started

Privacy Policy

Last updated: 6 April 2026

At Kittd, we take your privacy seriously โ€” not because we have to, but because it's the right thing to do. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it. We've written it in plain English so you can actually understand it.

๐Ÿฉณ The short version: We collect only what we need to run Kittd. We never sell your data. We never use it for advertising. You're always in control and can ask us to delete everything at any time. Any questions โ€” privacy@getkittd.co.uk.

1. Who We Are

Kittd is a football kit ordering platform designed for clubs, coaches, approvers and suppliers. When this policy refers to "Kittd", "we", "us" or "our", it means the Kittd platform and the team behind it.

If you have any questions about this policy or how we handle your data, you can contact us at privacy@getkittd.co.uk.

2. What Data We Collect

Account information

When you register, we collect your full name, email address, and password (stored as a secure hash โ€” we never see your actual password). If you add it to your profile, we also store your phone number and club affiliation.

Order information

When placing an order, we collect player names, squad numbers, initials, garment sizes, and any customisation options you select. This is the core purpose of Kittd and cannot function without it.

Club and team data

Administrators and club admins provide club names, team names, age groups, and sponsor details. Sponsor information (name and email) is used solely to generate invoices via FreeAgent when an order is approved.

Communications

We store in-app notifications and, where you've opted in, may send email or SMS notifications about your orders. We use third-party services (SMTP email, Twilio for SMS) to deliver these messages. We do not sell your contact details.

Usage data

We may collect anonymised, aggregated information about how the platform is used โ€” such as which pages are visited most frequently โ€” to improve the product. This data cannot be used to identify you.

Technical data

Like most web platforms, our servers automatically log IP addresses, browser type, device type and timestamps when you access Kittd. This data is used for security monitoring and debugging, and is not linked to your identity for marketing purposes.

3. How We Use Your Data

We use your personal data only for the purposes for which it was collected:

  • To create and manage your account
  • To process and fulfil kit orders
  • To notify you of order status changes (submitted, approved, rejected, shipped)
  • To generate invoices in FreeAgent on behalf of your club
  • To allow club admins and approvers to manage their teams and orders
  • To allow suppliers to view and fulfil production orders
  • To improve the platform and fix bugs
  • To comply with legal obligations

We will never use your data for advertising, profiling, or sell it to third parties. Full stop.

4. Legal Basis for Processing

Under UK GDPR and the Data Protection Act 2018, we process your data on the following legal bases:

  • Contract โ€” processing your orders and managing your account
  • Legitimate interests โ€” platform security, fraud prevention, and service improvement
  • Consent โ€” SMS and email notifications (you can change your preference in your profile at any time)
  • Legal obligation โ€” retaining records as required by law

5. Who We Share Your Data With

We do not sell, rent or trade your personal data. We share data only with the following categories of trusted third parties, and only to the extent necessary:

  • Supabase โ€” our database and authentication provider. Data is stored securely with row-level security policies.
  • FreeAgent โ€” invoice generation. Sponsor name and email are shared only when your club has explicitly connected their FreeAgent account.
  • Twilio โ€” SMS notifications, only when you have opted in to SMS.
  • SMTP email provider โ€” transactional email delivery for order notifications.
  • Suppliers โ€” when an order is approved, production details (player names, sizes, garment choices) are shared with the appointed supplier to fulfil the order.

All third-party providers are contractually required to handle your data securely and in accordance with applicable data protection law.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

  • Account data โ€” retained until you delete your account
  • Order records โ€” retained for 7 years for accounting and legal compliance
  • Notifications โ€” retained for 12 months, then automatically deleted
  • Server logs โ€” retained for 90 days

When data is no longer required, it is securely deleted or anonymised.

7. Your Rights

Under UK GDPR you have the following rights over your personal data:

  • Right of access โ€” you can request a copy of the data we hold about you
  • Right to rectification โ€” you can correct inaccurate data via your profile, or by contacting us
  • Right to erasure โ€” you can request deletion of your account and personal data
  • Right to restriction โ€” you can ask us to limit how we process your data
  • Right to data portability โ€” you can request your data in a machine-readable format
  • Right to object โ€” you can object to processing based on legitimate interests
  • Rights related to automated decision-making โ€” we do not make automated decisions that significantly affect you

To exercise any of these rights, contact us at privacy@getkittd.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

Kittd uses a small number of essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies. For full details, see our Cookie Policy.

9. Security

We take security seriously. Your data is protected by:

  • Encrypted connections (HTTPS/TLS) across the entire platform
  • Passwords stored as secure hashes โ€” never in plain text
  • Row-level security policies ensuring users can only access their own data
  • Role-based access control limiting what each user type can see and do
  • OAuth2 token-based integration with third-party services (FreeAgent)

In the unlikely event of a data breach that affects your rights and freedoms, we will notify you and the ICO within 72 hours as required by law.

10. Children's Privacy

Kittd is not directed at children under 13. We do not knowingly collect personal data from children. Player names and squad numbers entered during ordering relate to team members and are provided by the coach or club admin, not the players themselves.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page and, for significant changes, notify you by email or in-app notification. Continued use of Kittd after changes are published constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or your personal data, please get in touch:

Kittd โ€” Data Privacy

Email: privacy@getkittd.co.uk

Website: getkittd.co.uk/contact

Privacy Policy โ€” Kittd | Kittd