Legal
Privacy Policy
1. Who we are
Football Editor ("the Service", "we", "our") is operated by Dariusz Meissner, an individual based in Poland.
The Service consists of a marketing website at https://staging.footballeditor.com and a web-based editor application at https://app.staging.footballeditor.com.
For any privacy-related questions, contact: [email protected].
2. Summary
- You can use the editor without an account; signing up is optional and free.
- If you create an account, we collect your email, display name, and password (stored only as a hash). You may instead sign in with Google, in which case we receive your email, name, and avatar URL via the
openid email profilescope. - Once signed in, your training files and team/project metadata are stored on Cloudflare (database and object storage) so you can access them from any device and share them with collaborators.
- We use Google Analytics to understand aggregated usage. Inside the European Economic Area, the United Kingdom, and Switzerland we ask for your consent first; elsewhere analytics is enabled by default and you can opt out via "Cookie settings" in the footer.
- We plan to introduce Google AdSense advertising on parts of the Service. When it is enabled, ad-related processing will require your consent in the EEA, the UK, and Switzerland.
- We use a small amount of local storage (your language preference and your cookie-consent choice).
3. Data we process
3.1 Data you provide directly
You can use the editor anonymously. The following data is collected only when you choose to create an account or contact us:
- Account signup (email + password): email address (unique, lower-cased), display name, and a password. Your password is never stored in plaintext — only a bcrypt hash is kept.
- Account signup (Google): if you sign in with Google, we receive your
Google account identifier (
sub), email, display name, and avatar URL. Only theopenid email profilescope is requested — we do not access your Drive, contacts, or any other Google data. - Email contact: if you email us, the contents of your message and your email address are processed solely to reply to you.
We do not collect payment data — the Service is free of charge.
3.2 Data stored locally on your device
The editor stores the following in your browser only — this data is never sent to us:
- Language preference — stored in
localStorageunderi18nextLng, so the interface remembers your chosen language across visits. - Cookie consent — stored as two first-party cookies on the
.footballeditor.comdomain so the editor and landing site share your choice without prompting twice:cookie_consent_v1— our own record of your category choices (necessary, analytics, advertising) and the consent version.cc_state— set by the consent-management library (vanilla-cookieconsent) for its internal state.
- Project data (anonymous use) — if you are not signed in, exercises you draw exist only in your browser memory. Exports (JPG, video, project files) are generated on your device and downloaded directly to you. If you are signed in, your work is also synced to our cloud — see §3.7.
3.3 Data collected automatically (analytics)
We use Google Analytics 4 (GA4) to understand how the Service is used. GA4 is configured with IP anonymization and Google Consent Mode v2. The events we track include:
- Page views and navigation between pages.
- Editor interactions: tool selected, object added, step created, animation played, pitch changed.
- Export events: export started, export completed.
- Project lifecycle: project saved, project loaded.
- Language changes.
- Approximate geographic location (country/city level, derived from a truncated IP).
- Device and browser type, screen size, operating system.
- Referring URL.
- A randomly generated client identifier stored in cookies (
_ga,_ga_*).
To recognise the same visitor across our landing site (footballeditor.com) and the
editor (app.footballeditor.com), GA4 uses cross-domain linking: when you navigate
between the two sites, a short-lived _gl parameter is appended to the URL to
carry the client identifier. No additional cookies are set as a result.
If you decline analytics consent, no analytics cookies are set on your device and no analytics identifiers are transmitted to Google.
3.4 Consent regions
How consent is requested depends on where you are accessing the Service from:
- European Economic Area, United Kingdom, Switzerland — analytics and advertising are disabled by default. A consent banner is shown on your first visit and nothing non-essential runs until you choose. Declining is as easy as accepting.
- Rest of the world — analytics is enabled by default in line with local law. You can opt out at any time via the "Cookie settings" link in the footer, and your choice is remembered for six months.
3.5 Advertising (planned)
We plan to introduce Google AdSense on parts of the Service to help cover hosting costs. When AdSense is enabled, the following will apply:
- In the EEA, the UK, and Switzerland, ads will only be served after you grant advertising consent. If you decline, you may still see non-personalized (contextual) ads, or no ads at all, depending on configuration.
-
With advertising consent granted, Google and its advertising partners may set
cookies such as
NID,IDE,__gads,__gpi, and_gcl_*, and may process device identifiers, IP address, browsing behaviour on the Service, and interactions with ads, in order to serve and measure ads. - Google's use of advertising data is governed by the Google Ads policies and described on the How Google uses information from sites that use our services page.
- We instruct Google not to serve personalized ads to users we have reason to believe are under 16, and the Service is not directed at children (see §9).
Until AdSense is actually deployed, no advertising cookies are set and no ad-related data is transmitted. This Privacy Policy will be updated and your consent will be re-requested where required before advertising is enabled.
3.6 Account data
When you create an account, we store the following in our user database (Cloudflare D1):
- Email address — used to identify your account and (if you opted in) to send service-related messages.
- Display name — shown to you and to collaborators in shared teams.
- Password hash — a bcrypt hash. We never store or log your plaintext password.
- Google account identifier — only if you signed in with Google, used to recognise you on future sign-ins.
- Avatar URL — only if provided by Google.
- Account creation timestamp.
3.7 Content you store in the cloud
When you save a training file while signed in, we store the file and related metadata on Cloudflare infrastructure so you can access it from any device:
- Database (Cloudflare D1) — tables for teams, team membership and roles, projects (folders), files (training sessions), share links, and ephemeral edit locks. We store names, timestamps, the user IDs that created or modified each row, and (for locks) which user currently holds an edit lock and when it expires (~60 seconds).
- Object storage (Cloudflare R2) — each training file's snapshot (a gzipped JSON of the editor document) and an optional board thumbnail (a JPG uploaded only when the visible content has changed). Snapshots are private and accessible only via short-lived (5-minute) signed URLs issued to authorised users.
We do not analyse the contents of your training files. They are stored solely to provide the Service to you and to the collaborators you invite.
3.8 Team collaboration data
If you invite other coaches to a team or create a share link, we additionally store:
- Team membership rows (who belongs to which team and in what role: owner, admin, editor, viewer).
- Pending invitations addressed by email.
- Share-link tokens with their scope (file or project), role granted, optional expiry, and creator.
- Edit-lock records (very short-lived) noting who currently holds the editor for a given file.
3.9 Authentication cookies
When you sign in we set two strictly necessary cookies on the editor domain so we can recognise your session on subsequent requests:
-
auth_access— a signed JSON Web Token, HttpOnly, Secure, SameSite=Lax, lifetime 15 minutes. Identifies your current session. -
auth_refresh— a signed JSON Web Token, HttpOnly, Secure, SameSite=Lax, lifetime 30 days. Used to issue a fresh access token without re-prompting you for your password.
These cookies are strictly necessary for the signed-in experience and cannot be disabled without signing out. Both are cleared from your browser when you sign out.
3.10 Server-side technical data
When you make a request to our API, Cloudflare forwards your IP address to our worker
via the CF-Connecting-IP request header. We use it only for rate-limiting
(to protect signup, login, and write endpoints from abuse). Rate-limit counters are
stored in Cloudflare Workers KV with a short time-to-live and automatically expire;
the IP address itself is never written to our user database.
4. Legal basis for processing (GDPR)
- Strictly necessary storage (language preference, consent cookie, authentication cookies) — our legitimate interest in providing a usable service (Art. 6(1)(f) GDPR) and the necessity of fulfilling your request (Art. 6(1)(b)).
- Account creation and cloud storage of your files — performance of the contract you enter into with us when you sign up (Art. 6(1)(b) GDPR).
- Analytics in the EEA, the UK, and Switzerland — your consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy Directive). Elsewhere — our legitimate interest in measuring and improving the Service (Art. 6(1)(f)), with a right to object via "Cookie settings".
- Advertising (once enabled) — your consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy Directive).
- Rate-limiting using IP addresses — our legitimate interest in protecting the Service from abuse (Art. 6(1)(f) GDPR).
- Replies to your emails — our legitimate interest in responding (Art. 6(1)(f)).
5. Third parties
The Service relies on the following processors and recipients. We do not sell your data to anyone.
- Cloudflare, Inc. — hosting, CDN, and backend infrastructure. We use Cloudflare Workers for our API, D1 for our database (user accounts, teams, projects, files, share links), R2 for object storage (your training-file snapshots and thumbnails), and KV for short-lived rate-limit counters. Cloudflare may process technical request data (IP address, user agent) to deliver content and protect against abuse. See Cloudflare Privacy Policy.
- Google LLC (Google Sign-In) — only if you choose to sign in with
Google. We request the
openid email profilescope and receive your Google account identifier, email, name, and avatar URL. See Google Privacy Policy. - Google Ireland Ltd. — Google Analytics 4. See Google Privacy Policy.
- Google Ireland Ltd. (Google AdSense) — once advertising is enabled, Google AdSense will serve ads and may share data with Google's advertising partners for ad serving and measurement. See How Google uses advertising cookies.
6. International transfers
Google and Cloudflare may process data outside the European Economic Area, including in the United States. Such transfers rely on the EU–US Data Privacy Framework where applicable, and on Standard Contractual Clauses approved by the European Commission.
7. Retention
- Account data: kept until you delete your account. To delete your account and all associated files, email us — see §8.
- Files and projects you save in the cloud: kept until you delete them. Deleted items remain in the Trash and can be restored for 30 days, after which they are permanently purged by a scheduled daily job (typically at 03:15 UTC). Permanently purging removes both the database rows and the underlying object-storage blobs (snapshots and thumbnails).
- Share-link tokens: kept until they expire or you revoke them.
- Edit locks: a few minutes maximum — each lock expires automatically about 60 seconds after the last activity from the holding session.
- Authentication cookies: 15 minutes (access token) and 30 days (refresh token). Cleared when you sign out.
- Rate-limit counters: a few seconds to a few minutes, depending on the window; auto-expire from Cloudflare KV.
- Google Analytics: user-level and event-level data is retained for 14 months, then automatically deleted.
- Google AdSense cookies (once enabled): most expire after 13 months for users in the EEA, the UK, and Switzerland, and up to 24 months elsewhere, in line with Google's defaults.
- Local storage on your device: persists until you clear your browser data.
- Consent cookie: 6 months, after which you will be asked again.
- Emails you send us: retained for as long as needed to handle the conversation, then deleted.
8. Your rights
Under the GDPR you have the right to:
- Access the personal data we process about you.
- Request rectification or erasure.
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time — opening the "Cookie settings" link in the footer lets you change or revoke your consent choice.
- Lodge a complaint with a supervisory authority. In Poland this is the President of the Personal Data Protection Office (UODO).
To exercise any of these rights, email [email protected].
To delete your account and all associated files, email us from the address registered on the account. Deletion is performed manually within 30 days; the underlying database rows and object-storage blobs are then permanently removed. You may also export your work via JPG, video, or local-file save from inside the editor before requesting deletion.
9. Children
The Service is not directed at children under 16. We do not knowingly process data from children under 16 without a parent's or guardian's consent. If you believe a child has provided us with data, contact us and we will delete it.
Where advertising is enabled, we instruct Google not to serve personalized ads to users we have reason to believe are under 16, in line with Google's policies for minors.
10. Opting out of advertising
In addition to using the "Cookie settings" link in our footer to withdraw advertising consent, you can manage how ads are personalized to you across Google services and partner sites:
- Google Ads Settings — manage personalization on Google services.
- Your Online Choices (EEA / UK) — opt out of personalized ads from participating networks.
- YourAdChoices (US / Canada) — opt out of personalized ads from participating networks.
11. Security
The Service is delivered over HTTPS. We use the following safeguards:
- Password storage: bcrypt-hashed only. Plaintext passwords are never written to disk or logs.
- Session cookies: HttpOnly, Secure, SameSite=Lax. They cannot be read by JavaScript and are not sent on cross-site requests.
- CSRF protection: state-changing API endpoints require an
X-Requested-Withheader in addition to the cookie. - Object-storage access: training-file snapshots are private; access is granted only via short-lived (5-minute) signed URLs issued to authorised users.
- Input validation: all API inputs are validated against strict schemas before being processed.
- Rate limiting: auth, file-creation, and share-link endpoints are rate-limited per IP and per user.
- No payment data: the Service is free; we never collect, transmit, or store card or banking information.
No system is perfectly secure. If you believe you have found a vulnerability, please contact us at [email protected].
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced on the website and, where relevant, you will be asked to renew your consent.
13. Contact
Dariusz Meissner
Email: [email protected]