DA
DAN AI SPORTSSIGN IN
LEGAL

PRIVACY POLICY

Last updated: 15 June 2026

This Privacy Policy explains how Dan AI Sports Ltd (“Dan AI Sports”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use our platform at danaidata.com and related services.

We are committed to protecting your privacy in compliance with the UK GDPR, the EU General Data Protection Regulation (GDPR) 2016/679, and the UK Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:

Dan AI Sports Ltd
Contact: privacy@danaisports.com

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, password (hashed), account type (Fan / Athlete / Brand), and company or agency name where applicable.
  • Profile data: For Athlete accounts — linked player profile, sponsorship history, social media handles, and DUPR ranking.
  • Usage data: Pages visited, debates read, search queries, and feature interactions — collected to improve the platform.
  • Communications: Messages sent via the platform, support requests, and email correspondence.
  • Technical data: IP address, browser type, device identifiers, and authentication tokens (stored in secure HTTP-only cookies).

We do not collect payment card data directly — payments are processed by third-party providers who handle PCI-DSS compliance independently.

3. How We Use Your Data

  • Providing the service: Authenticating your account, displaying your profile, matching you with brands or athletes, and delivering platform features.
  • AI features: Generating commercial scores, brand-fit analysis, and AI-drafted outreach based on your profile data.
  • Platform improvement: Analysing usage patterns to improve features, fix bugs, and prioritise development.
  • Legal compliance: Maintaining records required under applicable law and responding to regulatory or law enforcement requests.
  • Communications: Sending transactional emails (account setup, password reset, deal notifications). We do not send marketing emails without your explicit consent.

4. Lawful Basis for Processing

  • Contract: Processing necessary to provide the service you have signed up for (Art. 6(1)(b) GDPR).
  • Legitimate interests: Platform security, fraud prevention, and service analytics (Art. 6(1)(f) GDPR).
  • Consent: Where we rely on consent (e.g. optional marketing), you may withdraw it at any time.
  • Legal obligation: Where processing is required to comply with applicable law (Art. 6(1)(c) GDPR).

5. Data Retention

We retain your personal data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it longer by law (e.g. financial records for 7 years under UK tax law).

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Infrastructure providers: Cloud hosting and database providers under data processing agreements.
  • AI service providers: We use third-party AI APIs (including DeepSeek and OpenAI-compatible providers) to generate content. Data passed to these services is subject to their respective privacy policies. We do not pass identifiable personal data to AI providers — only anonymised content contexts.
  • Other users: Athlete commercial profiles are visible to Brand accounts as part of the core matching feature. You control what appears in your profile.
  • Law enforcement: Where required by a valid legal order.

7. Your GDPR Rights

Under the GDPR and UK GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”), subject to legal retention requirements.
  • Right to restriction (Art. 18): Ask us to limit how we process your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@danaisports.com. We will respond within 30 days.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookie Policy

We use the following cookies:

  • pi-access (HTTP-only, Secure): Your session access token. Required for authentication. Expires after 15 minutes of inactivity.
  • pi-refresh (HTTP-only, Secure): Your refresh token for seamless re-authentication. Expires after 30 days.
  • pi-2fa-pending (HTTP-only, Secure): Temporary token during two-factor authentication. Expires after 5 minutes.
  • pi-theme (localStorage): Your dark/light mode preference. Not transmitted to our servers.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify you individually. We use server-side aggregate analytics only.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Passwords hashed with bcrypt (cost factor 12)
  • Authentication tokens signed with HS256 JWT, stored in HTTP-only Secure cookies
  • Optional TOTP two-factor authentication for all accounts
  • TLS encryption in transit (HTTPS enforced)
  • Database access restricted to application layer only

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The “Last updated” date at the top of this page reflects the most recent revision.

Questions about this policy? Contact our privacy team at privacy@danaisports.com