The Bench View Soccer Logo
GDPR Compliant

Privacy Policy

Last updated: July 2025

1. Data Controller

Company: The Bench View Soccer

Purpose: Structured football decision-making training platform

Contact: Available through our social media channels

We are committed to protecting your privacy and complying with all applicable data protection regulations, including the General Data Protection Regulation (GDPR).

2. Data We Collect

Registration Data

  • Full name and email address
  • Password (encrypted)
  • Registration date

Training Access Data

  • Training access type (monthly/annual)
  • Payment information (processed by Stripe — we never store card details)
  • Billing history and access status

Usage Data

  • Course completion status and unit progression
  • IP address, browser type, device information
  • Cookies (see Cookie Policy)

3. Purpose of Data Processing

  • Service Provision: Manage your account and provide access to the 180-course training system
  • Payment Processing: Process transactions via Stripe and manage your subscription
  • Communications: Send account notifications and service updates (not marketing without consent)
  • Platform Improvement: Analyze usage patterns to improve the training experience
  • Legal Compliance: Fulfill legal obligations including tax and billing requirements

4. Your Rights (GDPR)

  • Right of Access: Request a copy of your personal data
  • Right of Rectification: Correct inaccurate personal data
  • Right of Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us through our support channels.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data is encrypted in transit using TLS/HTTPS
  • Passwords are hashed — we never store plain-text passwords
  • Payment processing is handled exclusively by Stripe (PCI-DSS compliant)
  • Access to user data is restricted to authorized personnel only

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of a deletion request.
  • Billing data: Retained for up to 7 years for legal and tax compliance.
  • Usage data: Retained for up to 2 years for platform improvement analysis.

7. Third-Party Services

  • Supabase: Database and authentication services
  • Stripe: Payment processing (PCI-DSS Level 1 certified)
  • YouTube: Embedded video content (Google's privacy policy applies)

Each service provider is bound by data processing agreements ensuring GDPR compliance.

Questions about your privacy?

If you have questions about this Privacy Policy or how we handle your data, reach out through our support channels.

Contact Us