Privacy Policy

Last updated: June 2025

1. Who We Are

Sporo is operated by SporoApp Ltd, registered in England and Wales. We are the data controller for personal data collected through the Platform at sporo.fit.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about how we handle your data, contact us at legal@sporo.fit.

2. What Data We Collect

2.1 Account Data

  • Name and email address (provided at registration)
  • Password (stored as a secure hash — we never see it in plain text)
  • Profile information: bio, city, sports, skill level
  • Profile photo

2.2 Identity Verification Data

Paid members undergo identity verification via Stripe Identity. This involves submitting a government-issued photo ID and a selfie. This data is processed and stored by Stripe, not by us. We only receive a verification status (verified / not verified). See Stripe's privacy policy at stripe.com/gb/privacy.

2.3 Payment Data

Payment information (card details) is collected and processed by Stripe. We do not store your card details. We retain records of subscription status and payment history for billing and legal purposes.

2.4 Messages

Messages sent between members on the Platform are stored in our database to enable the messaging service. We use automated content filtering to detect and block sharing of personal contact information (phone numbers, email addresses).

2.5 Activity Data

Activities you create or join, group chat messages, and your interactions with other members on the Platform.

2.6 Technical Data

  • IP address and browser type (collected automatically when you use the Platform)
  • Usage data: pages visited, features used, session timestamps
  • Device information

3. How We Use Your Data

PurposeLegal Basis
Providing the Platform and your accountContract performance
Processing payments and managing subscriptionsContract performance
Identity verification for paid membersContract performance / Legal obligation
Displaying your profile to other membersContract performance
Enabling messaging between membersContract performance
Moderating content and enforcing our TermsLegitimate interests
Sending service emails (e.g. new message notifications)Contract performance
Responding to support requestsLegitimate interests
Improving the Platform and fixing bugsLegitimate interests
Complying with legal obligationsLegal obligation

4. Who We Share Your Data With

We do not sell your personal data. We share it only with:

  • Supabase — our database and authentication provider. Your account data and messages are stored on Supabase infrastructure. Supabase is ISO 27001 certified and GDPR compliant.
  • Stripe — our payment processor and identity verification provider. Stripe processes your payment details and identity documents under their own privacy policy.
  • Vercel — our hosting provider. Your requests pass through Vercel's infrastructure to serve the Platform.
  • Email service provider — we use a third-party email provider to send you service notifications (e.g. message alerts). Your email address is shared for this purpose only.
  • Law enforcement / legal authorities — if required by law or to protect the safety of our members.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Deleted accounts: Profile data and messages are deleted within 30 days of account deletion, except where we are required to retain records for legal or regulatory purposes.
  • Payment records: Retained for 7 years in accordance with UK tax and accounting obligations.
  • Moderation records: Reports and moderation decisions may be retained for up to 2 years to protect the safety of the Platform.

6. Your Rights Under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations
  • Restriction — ask us to restrict processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email us at legal@sporo.fit. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from logging in to the Platform.

8. Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), hashed passwords, and access controls on our database. However, no system is completely secure and we cannot guarantee absolute security.

If you suspect your account has been compromised, contact us immediately at legal@sporo.fit.

9. Children's Privacy

The Platform is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has registered, please contact us and we will delete the account promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. The date at the top of this page shows when it was last updated.

11. Contact Us

For any privacy-related questions or to exercise your rights:

SporoApp Ltd

Email: legal@sporo.fit

Website: sporo.fit

You may also contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data: ico.org.uk/make-a-complaint