FTB policy
Privacy Policy
About this policy
Football Tactics Board (FTB) is a product of kindoapps, a sole proprietorship registered in the Netherlands (KVK 42058859).
This policy explains what personal data FTB processes, why, and what rights you have.
Last updated: 2026-05-15.
What data we collect and why
Usage analytics: limited product analytics events such as when a formation is started, saved, shared, or exported, plus aggregated Cloudflare Web Analytics.
Acquisition source: when you first visit, we record where the visit came from — a referring website hostname, a "ref" or "utm_source" query parameter on the URL, or "direct" — so we can understand which channels bring people to FTB.
Signed-in attribution: if you are signed in, a pseudonymous account identifier (a random UUID, not your email) is attached to acquisition and auth analytics events so we can recognise the same account across sessions and devices for product measurement.
Account and authentication: if you create an account, we process your email address to provide sign-in and account access through Supabase.
Cloud-saved data: if you sign in and cloud features are enabled for your plan, saved formations and custom player markers may be stored in our hosted database.
Shared content: when you create a share link, relevant shared data is stored temporarily so recipients can open it.
Local storage: if you use FTB without signing in, some data (including tactics and custom player marker designs) may be stored locally on your device using browser storage.
Payments and billing: where paid features are offered, Paddle may process purchase and payment-related information needed to handle orders, billing, taxes, refunds, fraud checks, and compliance.
What we do not do
We do not sell or rent personal data.
We do not use third-party advertising trackers.
We do not store full card numbers or full payment credentials ourselves.
We do not access locally stored guest data unless you actively share it with us for support.
We do not include your email address or name in product analytics events; only a random account identifier is used.
Service providers
Cloudflare: hosting, temporary share storage, and cookieless web analytics (no persistent identifiers, no cross-site tracking) measured under our legitimate interest in service quality.
Supabase: authentication and cloud data storage.
Paddle: checkout, billing, taxes, and refunds as merchant of record.
Data retention and lawful basis
Analytics data is retained only as needed for service measurement and improvement. Account and saved data is retained for as long as your account remains active, unless you request deletion or the data must be retained for legal reasons.
Our processing relies on contract performance to provide account, billing, and cloud-save features; on legitimate interests for product analytics, fraud checks, and security; and on legal obligations for the payment and tax records that Paddle retains on our behalf.
Your rights
Under the GDPR you have the following rights — contact privacy@kindoapps.com to exercise them:
Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Erasure: ask us to delete your account data.
Restriction: ask us to limit how we process your data.
Objection: object to processing based on legitimate interests.
Data portability: receive a portable copy of data you provided to us.
Lodging a complaint: file with the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with your local EU supervisory authority.