Privacy Policy

Last updated: March 2026

1. Who We Are

FANAP ("we", "our", "us") is an FPL analytics platform operated from the United Kingdom. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For privacy enquiries, contact us at: fanap.sbs@gmail.com

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data: Email address and password (hashed) when you register.
  • FPL data: Your FPL Team ID, which we use to retrieve your squad, transfers, and league standings from the official Fantasy Premier League API.
  • Usage data: Pages visited, features used, session duration, and device/browser information collected via our internal analytics tracker.
  • Payment data: Subscription billing is handled by Polar.sh (merchant of record). We do not store full card details; we retain only a subscription status flag and the Polar subscription ID.
  • Preferences: Cookie consent choices and UI preferences stored locally in your browser.

3. How We Use Your Data

We use your data to:

  • Provide and personalise the FANAP service — including transfer recommendations, player predictions, and rival comparisons.
  • Process subscription payments and manage your account.
  • Improve platform performance and fix bugs using aggregated usage analytics.
  • Send transactional emails (account creation, subscription confirmation, password reset).
  • Comply with legal obligations.

Our lawful basis for processing is contract performance (to deliver the service you signed up for) and legitimate interests (analytics and service improvement).

4. Third Parties

We share your data with the following third parties only as necessary:

  • Fantasy Premier League API (PL Technologies Ltd): We retrieve publicly available FPL data using your Team ID. No personal data is sent to FPL beyond what your browser already transmits.
  • Polar.sh: Our payment processor and merchant of record. Subject to Polar's own privacy policy. Polar (powered by Stripe) is PCI-DSS compliant and handles all tax obligations globally.
  • Hosting provider: Our servers are located in the EU/UK. We use industry-standard encryption in transit (TLS) and at rest.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law (e.g., financial records for 6 years under UK tax law).

6. Your Rights

Under UK GDPR, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate data.
  • Erasure ("right to be forgotten") — request deletion of your data.
  • Portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Restrict processing in certain circumstances.

To exercise any of these rights, email fanap.sbs@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Cookies

We use strictly necessary cookies for session management and CSRF protection, and optional analytics/functional cookies. You can manage your cookie preferences on our Cookie Settings page.

8. Changes to This Policy

We may update this policy periodically. We will notify registered users of material changes by email. The "last updated" date at the top of this page will always reflect the most recent revision.