Legal

Data Processing Agreement

Last updated: 1 June 2026

1. Parties

This Data Processing Agreement ("DPA") is between:

Data Controller: You, the registered user of Coach Profile

Data Processor: Premier Development Academy (PDA), operated by Laurie Griffin, admin@pda-football.com

2. Scope of Processing

We process the following categories of personal data on your behalf:

Identity dataName, email address
Profile dataClub, age group coached, qualification level
Assessment dataCompetency assessment answers and domain scores
Report dataAI-generated coaching identity report and development plan
Payment dataStripe customer ID and payment reference (no card data)

3. Purpose of Processing

Personal data is processed solely for the purpose of delivering the Coach Profile service — providing you with a personalised coaching assessment, report, and development plan. Data is not sold, shared with third parties for marketing, or used for any purpose beyond service delivery.

4. Sub-Processors

We engage the following sub-processors. Each is bound by a data processing agreement and applicable Standard Contractual Clauses (SCCs) for international transfers:

Supabase Inc.EU (AWS eu-west)

Database, authentication, and data storage

Privacy policy →
Stripe Inc.USA (SCCs)

Payment processing

Privacy policy →
Anthropic PBCUSA (SCCs)

AI report generation (Claude API)

Privacy policy →
Vercel Inc.USA (SCCs)

Application hosting and edge delivery

Privacy policy →

5. Security Measures

All data in transit is encrypted using TLS 1.2 or higher

Database access is protected by Supabase Row Level Security (RLS)

Passwords are hashed using bcrypt and never stored in plaintext

API keys and secrets are stored as environment variables, never in code

Access to production data is restricted to authorised personnel only

6. Data Subject Rights

You may exercise the following rights at any time by contacting us:

Right of access
Request a copy of all personal data we hold about you
Right to rectification
Correct inaccurate personal data
Right to erasure
Request deletion of your account and all associated data (within 30 days)
Right to portability
Receive your assessment data in a machine-readable format (JSON/CSV)
Right to withdraw consent
Withdraw consent for marketing communications at any time
Right to complain
Lodge a complaint with the relevant data protection authority in your jurisdiction (UK: ico.org.uk)

To exercise any right: admin@pda-football.com

7. Data Breach Notification

In the event of a personal data breach, we will notify affected users without undue delay and report to the relevant supervisory authority within the timeframe required by applicable law in your jurisdiction (e.g. 72 hours under UK GDPR / EU GDPR). Where no specific timeline is prescribed by local law, we will act as promptly as possible.

8. Consent Record

By ticking the consent checkbox during registration, you confirm that you have read and agree to this DPA and the Privacy Policy. The date and content of your consent is logged at account creation.

Privacy PolicyTerms of UseBack to Home