Privacy Policy

Siren Footy is an independent product operated from Australia. If you have any questions about this policy or your data, contact us at privacy@sirenfooty.com.au.

We collect only what we need to run the app:

• Account information — your email address and display name. If you sign in with Google, we also receive the Google profile fields you approve (name, email, profile photo URL) but no access to Gmail, Drive, Contacts, or Calendar.
• Team and game data you create — team names, season settings, player names and jersey numbers you add to the squad, game fixtures, availability marks, rotations, scores, and game events.
• Device and usage data — basic request logs (timestamps, IP address, user-agent) retained by our hosting providers for security and debugging. We also use Google Analytics 4 to measure aggregate traffic (pageviews, referrers, approximate country). Google Analytics truncates IP addresses by default and we don’t use advertising features or cross-site tracking.

We do not collect payment information, location data, contacts, photos, or anything else you don’t type into the app yourself.

Siren is used by coaches and team managers to manage junior teams, so a squad typically includes the names and jersey numbers of children. We treat this data with care:

• Only authorised team members (admins, game managers) can view their team’s squad. Row-level security enforces this at the database layer.
• We never show player names publicly, sell player data, or use it for any purpose other than running the app for that team.
• Siren accounts are for adults. Children do not sign up themselves; their coach or team manager enters their name and jersey number as part of the squad.

If you are a parent and would like a player’s details removed from a team you don’t have access to, contact us at the email above and we will work with the team admin to remove them.

We use the data you provide to:

• Run the app — authenticate you, store your team data, show you games and rotations.
• Keep the service reliable — debug errors, investigate abuse, prevent fraud.
• Contact you about your account when necessary — e.g. security alerts or material changes to this policy.

We do not sell your data, rent it, or use it for advertising.

We use a small number of third-party processors to run the app. Each of them only sees the data required to do their job:

• Supabase — authentication, database, and file storage (region: Sydney). Supabase processes data on our behalf under its own privacy policy.
• Vercel — web hosting and content delivery. Vercel may log request metadata (IP, user-agent) for security and performance.
• Google (sign-in) — only when you choose to sign in with Google. Google authenticates you and returns your profile info to Siren. Siren does not read anything else from your Google account.
• Google Analytics 4 — aggregate website analytics (pageviews, referrers, approximate country). IP addresses are truncated by Google before storage. We don’t enable advertising features or Google Signals.

We do not share your data with advertisers, data brokers, or any other third party. If we are ever legally required to disclose data (e.g. a valid court order), we will only disclose what is strictly required and, where lawful, notify you first.

Your data is stored in Supabase’s Sydney region (Australia). When you sign in with Google, your authentication request is handled by Google’s global infrastructure, which may process data outside Australia.

• Account data — kept for as long as your account is active. If you delete your account, we delete your profile and any teams where you are the only admin.
• Team and game data — kept while the team exists. When a team is deleted, its squad, games, rotations, and events are deleted with it.
• Server logs — retained for up to 30 days by our hosting providers, then discarded.

Under Australian privacy law you have the right to:

• Ask for a copy of the personal information we hold about you.
• Ask us to correct information that is inaccurate or out of date.
• Ask us to delete your account and associated data.
• Make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe we’ve mishandled your information.

To exercise any of these rights, email privacy@sirenfooty.com.au. We will respond within 30 days.

Siren uses cookies and browser local storage for authentication and to remember your preferences (for example, which team you last viewed). Google Analytics sets its own cookies (typically_gaand_ga_*) to count visits and sessions in aggregate. We do not use advertising pixels or cross-site trackers, and we do not share data with advertising networks.

We use industry-standard practices to protect your data: HTTPS for every request, row-level security in the database, hashed passwords via Supabase Auth, and the principle of least privilege on service credentials. No system is perfectly secure, but we take reasonable steps to keep your data safe and will notify you promptly if a breach is likely to cause serious harm, as required by the Notifiable Data Breaches scheme.

If we change this policy in a way that affects how we handle your data, we’ll update the “Last updated” date at the top and, for significant changes, notify you by email or through the app.

Questions, requests, or complaints: privacy@sirenfooty.com.au.