1. Introduction

Locked In FPL ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Fantasy Premier League analytics service.

By using Locked In FPL, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Data Controller

The data controller responsible for your personal data is Locked In FPL. For questions about your data, please use our contact form.

3. Information We Collect

3.1 Information You Provide

We collect the following information that you voluntarily provide:

• FPL Team ID: Your Fantasy Premier League team identification number, which you enter to access our services
• Contact Information: If you contact us via our contact form, we collect your name, email address, and message content

3.2 Information Collected Automatically

When you use our service, we automatically collect certain information:

• Browser Storage (localStorage): We store your last viewed Team ID in your browser's local storage for convenience. This data never leaves your device.
• Analytics Data: We use Google Analytics with IP anonymization to collect usage statistics, including pages visited, time spent, and general location data (country/region level only)
• Technical Data: Browser type, device type, operating system, and referral source

3.3 Third-Party Data

We retrieve publicly available Fantasy Premier League data from the official FPL API (fantasy.premierleague.com). This data is public and includes player statistics, team information, and league standings.

4. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our Fantasy Premier League analytics service
• To display your team information and provide transfer suggestions
• To improve and optimize our website performance and user experience
• To respond to your inquiries and provide customer support
• To analyze usage trends and improve our algorithms
• To comply with legal obligations

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Consent: When you voluntarily provide your Team ID and use our service
• Legitimate Interests: For analytics and service improvement, which do not override your data protection rights
• Legal Obligation: When required to comply with applicable laws

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: Google Analytics (with IP anonymization) for analytics purposes
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with any merger, sale of assets, or acquisition (with notification to users)

7. Your Rights Under GDPR

As a user in the UK/EU, you have the following rights:

• Right of Access (Article 15): Request copies of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Request limitation of how we use your data
• Right to Data Portability (Article 20): Request transfer of your data in a machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, please use our contact form. We will respond within one month.

8. Data Retention

We retain your data only as long as necessary for the purposes outlined in this Privacy Policy:

• Team ID in localStorage: Stored locally in your browser until you clear it or request deletion
• Analytics Data: Anonymized and retained for 26 months (Google Analytics default)
• Contact Form Data: Retained for 2 years or until you request deletion

9. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: localStorage to remember your last viewed team (no personal data collected)
• Analytics Cookies: Google Analytics cookies to understand site usage (anonymized)

For more information, see our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational security measures to protect your data, including HTTPS encryption, secure hosting on Vercel, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

12. International Data Transfers

Your data may be processed in countries outside the UK/EU where our service providers operate (e.g., USA for Google Analytics). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Third-Party Links

Our website may contain links to third-party websites (e.g., official FPL website, FPLBot). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

15. No User Accounts

Locked In FPL does not require user registration or accounts. We do not collect passwords, usernames, or other account credentials. All data you provide is minimal and used solely to deliver our analytics service.