Privacy Policy

Last updated: 27 January 2026 1. Introduction Trialist (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use the Trialist platform (the “Service”). By using the Service, you acknowledge and agree to this Privacy Policy. 2. Roles and Responsibilities (Important) Data Controller vs Data Processor Trialist organisations (clubs, academies, coaches) are the Data Controllers for player and trial data they upload. Trialist acts as a Data Processor, processing data only on the instructions of the organisation and solely to provide the Service. Each organisation is responsible for ensuring it has a lawful basis to collect and upload personal data, including obtaining parental or guardian consent where required. 3. Information We Collect 3.1 Account and Organisation Data When you create or are invited to an account, we may collect: Name Email address Role (admin, head coach, coach) Organisation details 3.2 Trialist (Player) Data Data uploaded by organisations may include: Names Age or date of birth Position and performance notes Attendance, scores, assessments Parent or guardian contact details (if provided) We do not collect player data directly from children. 3.3 Payment Data Payments are processed by Stripe. Trialist does not store full card details. Stripe processes payment data according to its own Privacy Policy: https://stripe.com/privacy 3.4 Technical and Usage Data We may collect limited technical data such as: IP address Device and browser information Logs relating to authentication and security events This data is used for security, abuse prevention, and service reliability. 4. Legal Basis for Processing (GDPR) We process personal data under the following lawful bases: Contractual necessity – to provide the Service Legitimate interests – security, fraud prevention, service improvement Legal obligations – accounting, compliance, data protection laws Consent – where required, obtained by the organisation uploading data 5. How We Use Personal Data We use personal data to: Provide and operate the Service Authenticate users and enforce role-based access Enable trial management and communication Process subscriptions and billing Respond to support and data protection requests Maintain security and audit logs Comply with legal obligations We do not sell personal data. 6. Third-Party Processors We use trusted third-party providers: Supabase – authentication, database, and storage Vercel – application hosting Stripe – payment processing These providers only process data on our instructions and are subject to appropriate data protection agreements. ## Security & Abuse Prevention We use Google reCAPTCHA v3 to protect our Service from automated abuse and fraudulent activity. reCAPTCHA works by collecting information about users and their devices (including application, browser, and device data) and sending this information to Google for analysis. The use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service: - https://policies.google.com/privacy - https://policies.google.com/terms 7. Data Security We implement industry-standard security measures, including: Encrypted connections (HTTPS) Role-based access control Row-Level Security (RLS) Audit logging Rate limiting and abuse protection No system is completely secure. While we take appropriate measures, we cannot guarantee absolute security. 8. Data Retention Account and organisation data is retained while an account is active. Trialist data is retained according to organisation usage and configuration. Deleted data is removed from live systems and may persist temporarily in encrypted backups for disaster recovery. Legal or compliance holds may delay deletion where required. 9. Children’s Data Trialist is not intended for use directly by children. Organisations using the Service are responsible for obtaining appropriate consent before uploading data relating to minors. If you believe a child’s data has been uploaded unlawfully, contact us immediately. 10. Your Rights Depending on your jurisdiction, you may have rights to: Access your personal data Correct inaccurate data Request deletion Restrict or object to processing Receive a copy of your data Requests can be submitted through the Service or by contacting us. You can submit a data privacy request here: https://www.trialist.club/privacy/data-deletion 11. Changes to This Policy We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service constitutes acceptance of the updated policy. 12. Contact Us If you have questions or data protection requests, please use our contact form: https://www.trialist.club/contact