Back

Privacy Policy

Last updated: 23 March 2026

1. Who We Are

OffsideFPL is an independent companion app for Fantasy Premier League. We are not affiliated with the Football Association Premier League Limited. This policy explains how we collect, use, and protect your personal data when you use OffsideFPL.

2. Data We Collect

Account information

When you sign in via Google, Facebook, or X (Twitter), we receive and store your name, email address, and profile image from your OAuth provider. We also store authentication tokens to keep you signed in. We never store your password — authentication is handled entirely by your chosen provider.

FPL data

We fetch publicly available data from the FPL API, including league standings, gameweek scores, entry history, and team information. This data is associated with your FPL entry ID within your OffsideFPL league. For details on how the Premier League handles your FPL data, see the Premier League Privacy Policy.

League & game data

We store your league memberships, roles (admin, member), offside game results, nominations, drink submissions (text notes and optional media URLs), and notification history.

Push notifications

If you opt in to push notifications, we store your browser push endpoint URL, encryption keys, and user-agent string to deliver notifications to your device.

3. Data We Do Not Collect

  • Passwords (OAuth only)
  • Payment or financial information
  • Location data
  • Analytics or tracking data (no Google Analytics, no third-party trackers)
  • Contacts or phone data

4. How We Use Your Data

  • To authenticate your account and maintain your session
  • To display FPL scores, standings, and league data within the app
  • To run the offside game (nominations, results, drink tracking)
  • To send push notifications you have opted in to
  • To respond to support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Cookies & Local Storage

We use a single session cookie to keep you signed in. We do not use advertising or tracking cookies. A small localStorage flag is used to remember if you have dismissed the app install prompt.

6. Third-Party Services

  • OAuth providers (Google, Facebook, X) — handle authentication. Their own privacy policies apply to data they collect.
  • FPL API (Premier League) — we fetch publicly available league and score data. See the Premier League Privacy Policy.
  • Web Push— notifications are delivered via your browser's built-in push service (e.g. Google FCM for Chrome, Mozilla Push for Firefox).

7. Data Storage & Security

Your data is stored in a cloud-hosted PostgreSQL database. All connections use HTTPS/TLS encryption in transit. OAuth tokens are stored securely on the server and are never exposed to the browser.

8. Data Retention & Deletion

Your data is retained for as long as your account is active. You can delete your account at any time from the Danger Zone section in Account settings. Deleting your account permanently removes your profile, league memberships, and associated data.

9. Children

OffsideFPL is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will remove it.

10. Changes to This Policy

We may update this policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact

Questions about your data? Contact us at [email protected] or reach out on Discord and X.