Skip to content
← Back to home

Privacy Policy

Last updated: 16 March 2026 · Version 1.0

1. Introduction

Diigr is a digital collectibles app for sports fans. It lets you collect digital tags tied to real football, basketball, and netball matches, top up a wallet, and buy tags. This policy explains what personal data we collect when you use the app, why we collect it, who we share it with, how long we keep it, and your rights.

Data controller: Diigr Ltd 16409723

Registered address: 4th Floor Office, 205 Regent Street, London, England, W1B 4HB

Privacy contact: support@diigr.app

If you have any questions about this policy or want to exercise your rights, email us at support@diigr.app. We will reply within five working days.

2. What We Collect

Account information

When you create an account we collect your email address and store a secure hash of your password. We also assign a unique identifier to your account. We use this to create and maintain your account and to authenticate you when you sign in. The legal basis is the performance of our contract with you.

Profile and preferences

During onboarding you can choose a display name, username, and profile photo, and tell us which sports and teams you follow. We also ask about your budget and rarity preferences to personalise tag recommendations. You can update any of these at any time in your settings. We process this on the basis of our contract with you.

Your collection and wallet

We store the tags you have collected, your wishlist, your wallet balance, and a record of every wallet top-up and tag purchase you make. Each transaction record includes the amount, the payment method, and a reference ID from the payment provider confirming the payment was successful. We never see or store your card number. We process this data to deliver the core service under our contract with you, and we retain transaction records for six years to comply with UK financial record-keeping law.

Usage data

We record which tags you view, how long you spend on them, and basic interaction types such as adding to a wishlist or marking a favourite. We use this to understand how the app is being used and to improve it. The legal basis is our legitimate interest in developing a better product. We retain usage data for thirteen months and then permanently delete or anonymise it.

Fan photo submissions

If you choose to submit a photo from a match event, we store that photo and a compressed thumbnail in cloud storage. We process this on the basis of your consent, which you can withdraw at any time by emailing support@diigr.app.

Crash reports and session recordings

We use a crash reporting service to collect error logs when something goes wrong in the app. It also records short session replays to help us diagnose bugs. These recordings are private by default: all on-screen text is masked, all images are blocked, and all user input is redacted before any data leaves your device. The recordings capture only interaction patterns such as taps, scrolls, and navigation, in anonymised form. We process this on the basis of our legitimate interest in maintaining a stable app. Crash logs and session recordings are deleted after ninety days.

Device permissions

The app may request access to your camera (to submit fan photos) and your location (to verify attendance at an event for check-in). Both permissions are optional and declining either does not affect your ability to collect, view, or purchase tags. Location data is used only to complete a check-in and is not stored afterwards. We process permission-based data on the basis of your consent, which you can withdraw at any time through your device settings.

Data stored on your device

The app stores your onboarding preferences and your authentication session locally on your device. This data is not shared with anyone and is cleared when you uninstall the app.

3. Third-Party Services

We work with a small number of carefully selected service providers to operate Diigr. Each is engaged under a data processing agreement and processes your data only on our instructions. We do not sell your data or share it with any party other than those described below.

Cloud infrastructure

We use cloud-based providers for database storage, user authentication, and file storage. These services hold your account credentials, profile, collection, transaction history, and any fan photos you submit. Data is processed in the United States under Standard Contractual Clauses with the UK International Data Transfer Addendum.

In-app purchase management

We use a third-party service to manage in-app purchases on iOS. When you buy a tag or top up your wallet through the App Store, this service processes the transaction and confirms it to our backend. It receives your account identifier and purchase receipt data but does not receive your name or email address. Data is processed in the United States under Standard Contractual Clauses with the UK International Data Transfer Addendum.

Crash reporting and monitoring

We use a third-party crash reporting service to receive the error logs and anonymised session recordings described in Section 2. If you have an active session, your account identifier and email address may be attached to an error report to help us diagnose account-specific issues. Data is processed in the United States under the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework).

Stripe (card payments)

We use Stripe to process card payments when you top up your wallet on the Diigr web platform. All card details are entered directly into a Stripe-hosted form and we never receive or store your card number. We receive only a payment reference confirming a successful payment. Stripe also acts as an independent data controller for its own fraud prevention systems and may collect device identifiers and network data for that purpose. Stripe participates in the UK-US Data Bridge. Stripe's privacy policy is at stripe.com/privacy.

Apple (iOS in-app purchases)

All in-app purchases on iOS are processed by Apple directly through its App Store infrastructure. Apple acts as an independent data controller for these transactions and processes your Apple ID and purchase history under its own privacy policy at apple.com/legal/privacy.

4. How Long We Keep Your Data

We keep your account and profile data for as long as your account is active and for thirty days after deletion in case you want to recover it. Transaction records are kept for six years from the date of each transaction, as required by UK law. Usage analytics are kept for thirteen months and then permanently deleted or anonymised. Fan photos are kept for the duration of the relevant event season and then deleted unless you ask us to remove them earlier. Crash reports and session recordings are deleted after ninety days. Location data used for event check-ins is not retained after the check-in is completed.

When you delete your account through the app, we begin the deletion process within twenty-four hours. All personal data is removed within thirty days except for transaction records, which we are legally required to keep for six years.

5. Security

All data in transit between the app and our servers is encrypted using TLS. Your password is never stored in readable form. Access to our systems is restricted to authorised personnel. Payment card processing is handled entirely by Stripe, which is PCI DSS certified. Session recordings from our crash reporting service mask all on-screen content before transmission.

No system is completely secure. If you believe your account has been compromised, please contact us immediately at support@diigr.app.

6. Your Rights

Under UK GDPR you have the following rights. You can exercise any of them by emailing support@diigr.app and we will respond within one calendar month.

  • Access. You can request a copy of all personal data we hold about you.
  • Correction. You can ask us to correct inaccurate or incomplete data.
  • Erasure. You can ask us to delete your data. We will do so unless we are legally required to retain it.
  • Restriction. You can ask us to pause processing of your data in certain circumstances.
  • Portability. Where we process your data by automated means on the basis of contract or consent, you can request a machine-readable copy.
  • Objection. You can object to processing based on legitimate interest. We will stop unless we can show compelling grounds that override your rights.
  • Withdraw consent. Where processing is based on consent (location, camera, fan photo submissions), you can withdraw it at any time.

Deleting your account

You can delete your account at any time from the Settings screen in the app. This permanently removes your profile, collection, and preferences. Transaction records are retained for six years as required by law. There is no charge for account deletion.

Complaints

If you are unhappy with how we have handled your data, please contact us first at support@diigr.app. If you remain dissatisfied, you have the right to complain to the UK's data protection authority:

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113

ico.org.uk/make-a-complaint

7. Children and Young People

Diigr is for users aged 13 and over. We do not knowingly collect data from children under 13. If you are a parent or guardian and believe your child has created an account, please email support@diigr.app and we will delete the account and all associated data promptly.

We recognise that a sports app may be used by people under 18 and we comply with the ICO's Age Appropriate Design Code. Privacy settings are set to the highest level by default. Location access is off by default and only requested when you actively use the event check-in feature. We do not build marketing profiles of any users and we do not use nudge techniques designed to encourage unnecessary data sharing.

8. Cookies and Tracking

The Diigr iOS app does not use cookies or cross-app tracking. We do not use advertising networks, analytics SDKs, or tracking pixels of any kind.

If you use the Diigr web platform to top up your wallet by card, Stripe's payment form may place a cookie in your browser for fraud prevention purposes. This is governed by Stripe's own cookie policy.

9. Changes to This Policy

We will update this policy when our data practices change or when the law requires it. When we make a material change we will update the date at the top, send an in-app notification describing what has changed, and seek your consent where required. Previous versions are available on request by emailing support@diigr.app.

Diigr Ltd · support@diigr.app · diigr.app/privacy · Version 1.0, 16 March 2026