Legal

Privacy Policy

Last updated: 25 April 2026

This Policy explains how Athlion LTD collects, uses, and protects your personal data. We comply with the UK GDPR and the Data Protection Act 2018.

1.

Who We Are

Athlion LTD is the data controller responsible for your personal data collected through the Platform.

Company: Athlion LTD, registered in England and Wales

Email: legal@athlion.co.uk

If you have questions about how we handle your data, please contact us at the email above before raising a complaint with a supervisory authority.

2.

What Data We Collect

We collect only the data necessary to operate and improve the Platform. This includes:

a) Account Information

  • Full name and username
  • Email address and password (stored in hashed form)
  • Profile details: sport, position, university or club, bio, and profile photo
  • Account role (athlete or fan)

b) User Content

  • Videos, images, and thumbnails you upload
  • Captions, tags, comments, and other interactions
  • Content metadata (upload time, duration, file size)

c) Usage & Behavioural Data

  • Pages and screens viewed, features used
  • Interactions: likes, follows, comments, video views
  • Search queries and filter selections
  • Session duration and frequency of use

d) Device & Technical Data

  • IP address and approximate location (country/region)
  • Device type, operating system, and app version
  • Browser type and language preferences
  • Crash reports and error logs

e) Communications

  • Emails or messages you send us (e.g. support enquiries)
  • Waitlist registration data (email address)
3.

How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and authenticate your identity
  • To provide core Platform features: video upload, profile pages, feed, discovery, and social interactions
  • To personalise your experience, including content recommendations
  • To send transactional communications (e.g. account confirmations, password resets)
  • To send service updates, product news, or marketing where you have provided consent
  • To analyse usage patterns and improve Platform performance and features
  • To detect, investigate, and prevent fraud, abuse, and security threats
  • To comply with our legal obligations

We do not use your data for fully automated decision-making that produces legal or similarly significant effects on you without human oversight.

4.

Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Performance of a contract (Article 6(1)(b))

Processing necessary to provide the Platform and fulfil our obligations to you, such as creating your account, hosting your content, and enabling social interactions.

Legitimate interests (Article 6(1)(f))

Processing necessary for our legitimate interests in improving, securing, and promoting the Platform, where those interests are not overridden by your rights. This includes analytics, fraud prevention, and service optimisation.

Consent (Article 6(1)(a))

Where required — for example, marketing communications, non-essential cookies, or processing of special category data. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal obligation (Article 6(1)(c))

Where we are required to process your data to comply with applicable law.

5.

Sharing Your Data

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

We may share your data with the following categories of trusted third-party processors, each bound by data processing agreements and appropriate safeguards:

Supabase (Database, Auth & Storage)

Stores account data, user content, and Platform data. Servers located in the EU (AWS Frankfurt). Privacy Policy

Vercel (Hosting & CDN)

Hosts the Platform website and handles global content delivery. Privacy Policy

Resend (Transactional Email)

Sends account and service emails on our behalf. Your email address is shared for this purpose only. Privacy Policy

We may also share data:

  • With law enforcement or regulatory bodies where required by law or to protect rights and safety
  • In the event of a business sale, merger, or acquisition, where your data may be transferred as a business asset (with notice provided)
  • With your consent, where you have explicitly agreed to sharing
6.

International Transfers

Some of our third-party processors may process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure adequate protection is in place through one or more of the following mechanisms:

  • UK adequacy regulations (for countries deemed adequate by the UK Secretary of State)
  • Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission
  • The processor's binding corporate rules or equivalent certification

You may request details of the specific safeguards in place for any international transfer by contacting us at legal@athlion.co.uk.

7.

Data Storage & Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Hashed and salted password storage — we never store passwords in plain text
  • Role-based access controls limiting staff access to personal data
  • Regular security reviews and vulnerability assessments
  • Row-level security policies on our database

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK ICO within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where required.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8.

Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this Policy. Our general retention periods are:

Account data

Retained for the lifetime of your account, plus up to 30 days following deletion to allow account recovery. Permanently deleted thereafter.

User Content (videos, images)

Removed from public access immediately upon deletion. Residual copies purged from backups within 90 days.

Usage & analytics data

Retained in anonymised or aggregated form for up to 2 years for product improvement purposes.

Legal & compliance records

Retained for up to 7 years where required by law (e.g. financial records, legal disputes).

You may request deletion of your account and associated data at any time. See Section 9 for how to exercise this right.

9.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to rectification

Request correction of inaccurate or incomplete personal data.

Right to erasure

Request deletion of your personal data ('right to be forgotten'), subject to legal retention obligations.

Right to restrict processing

Request that we limit how we use your data in certain circumstances.

Right to object

Object to processing based on legitimate interests or for direct marketing purposes.

Right to data portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to withdraw consent

Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at legal@athlion.co.uk. We will respond within one calendar month (extendable by two further months for complex requests, with notice).

We may need to verify your identity before processing certain requests.

10.

Cookies & Tracking

We use cookies and similar technologies on our website. These fall into the following categories:

Essential cookies

Necessary for the Platform to function (e.g. authentication sessions). These cannot be disabled.

Analytics cookies

Help us understand how users interact with the Platform so we can improve it. These are only set with your consent.

Preference cookies

Remember your settings and preferences for a better experience.

You can manage your cookie preferences through your browser settings or our cookie consent tool. Withdrawing consent for non-essential cookies will not affect your ability to use the Platform.

11.

Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

Users aged 13–17 may use the Platform only with the permission of a parent or legal guardian, as outlined in our Terms of Service.

If you believe we have inadvertently collected personal data from a child under 13 without appropriate consent, please contact us immediately at legal@athlion.co.uk and we will take prompt steps to delete that data.

12.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. The "Last updated" date at the top of this page will always reflect the most recent revision.

Where changes are material, we will provide prominent notice — for example, by email to registered users or a notice on the Platform. Your continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy.

13.

Contact & Complaints

For any questions, concerns, or requests relating to this Privacy Policy or your personal data:

Email: legal@athlion.co.uk

Company: Athlion LTD, registered in England and Wales

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk · Helpline: 0303 123 1113

← Back to AthlionTerms of Service →