Privacy Policy
Last updated: 13 July 2026
Rugby Through The Leagues Ltd ("Rugby TTL", "we", "us") respects your privacy. This policy explains what personal data we collect, why, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
Who we are
Rugby TTL is operated by Rugby Through The Leagues Ltd, a company registered in England and Wales.
- Company number: 15640265
- Registered office: 24 Picton House, Hussar Court, Waterlooville, Hampshire, PO7 7SQ, United Kingdom
- Contact: hello@rugbyttl.com
We are the data controller for personal data collected via rugbyttl.com and rugbyttl.app (our "services").
What we collect and why
When you sign up as a Member (free)
We collect your email address and, optionally, your name so we can create an account, send you a sign-in code, and let you save content across devices. Legal basis: contract. Storage: Supabase (EU) and Ghost. Retention: for as long as your account is active. If you delete your account, we remove your personal data within 30 days except where we are legally required to retain it.
When you save content
If you tap Save or Watch Later on a video, article or podcast, we store a link to that item alongside your account. Legal basis: contract. Storage: Supabase (EU).
When you enable push notifications
If you opt in to notifications, your browser gives us a push subscription token so we can deliver alerts about new content. You can turn this off at any time from your browser settings or the app's Notifs tab. Legal basis: consent.
Analytics
We use Vercel Analytics and Vercel Speed Insights to understand how our services are used. These are cookieless — they don't identify you and don't set tracking cookies. We collect aggregated data like page URLs, referrer, country, browser and device type. Legal basis: legitimate interests.
Cookies
We use a small number of essential cookies (sign-in, consent preferences). We do not use marketing or advertising cookies. YouTube embeds use youtube-nocookie.com so no YouTube cookies are set until you press play. See our Cookie Policy.
Email newsletters
If you subscribe to our mailing list, we store your email in Ghost and send you news, updates and match content. Every email includes an unsubscribe link. Legal basis: consent.
Support and contact
If you email hello@rugbyttl.com we'll process your message to reply. We keep support emails for up to 2 years, then delete them. Legal basis: legitimate interests.
Third parties we share data with
We only share data with providers who help us run the service. Each is a data processor acting on our instructions:
| Provider | Purpose | Location |
|---|---|---|
| Ghost(Pro) | Website hosting, Members | UK / EU |
| Supabase | Authentication + database | EU |
| Vercel | App hosting + analytics | Global (EU + US) |
| Cloudflare | DNS + edge network | Global |
| Resend | Transactional email | EU / US |
| Google (YouTube) | Video hosting + embeds | Global |
We do not sell your personal data. Ever.
International transfers
Some providers process data outside the UK/EEA (mainly the US). Where they do, they are covered by the UK International Data Transfer Agreement (IDTA), the EU–US Data Privacy Framework, or Standard Contractual Clauses.
Your rights
Under UK GDPR you have the right to:
- Access — ask for a copy of the data we hold about you.
- Correct — ask us to fix inaccurate data.
- Delete — ask us to remove your data ("right to be forgotten").
- Restrict — ask us to pause processing.
- Object — object to processing based on legitimate interests.
- Portability — get your data in a machine-readable format.
- Withdraw consent at any time.
To exercise any of these rights, email hello@rugbyttl.com. We'll respond within 30 days. If you're not happy with our response, you can complain to the UK Information Commissioner's Office at ico.org.uk or 0303 123 1113.
Children
Our services are not directed at children under 13, and we don't knowingly collect personal data from anyone under 13. If you believe a child has provided us with data, contact hello@rugbyttl.com and we'll delete it.
Security
We use HTTPS everywhere, encrypted storage at the database level, row-level security on user data, and access controls on our admin tools. No system is perfectly secure — if we ever have a breach that risks your rights and freedoms, we'll notify you and the ICO within 72 hours.
Changes to this policy
If we make significant changes, we'll notify you by email (if you're a Member) and update the "Last updated" date at the top of this page.
