DRAFT — pending legal review, not legally binding
This document is an internal working draft. It has not been reviewed or approved by qualified legal counsel and must not be relied upon as a binding agreement.
Privacy Policy
Last updated: June 9, 2026
1. Who we are
Referee.Observer (“we”, “our”, or “the service”) is a global football referee tracking and analytics platform available at referee.observer, operated by OK Factory. This Privacy Policy explains how we collect, use, share, and protect personal data relating to referees, federation staff, and other users of the service.
For data we process on behalf of a federation customer, that federation acts as the data controller and we act as a data processor. See Section 4 and our Data Processing Agreement for the allocation of responsibilities.
2. Information we collect
We collect information in the following ways:
- Account data — when you register or sign in with Google, we store your email address, name, and a Google account identifier.
- Referee profile data — official profile information such as city, license category and number, federation affiliation, age, and physical measurements (height, weight, body metrics).
- Appointment and performance data — match assignments, results, ratings, and analytics derived from your refereeing activity.
- Wearable and health data — if you connect a device, activity summaries, heart-rate, heart-rate variability (HRV), sleep, recovery, and other physiological metrics from Garmin, Polar, or Strava (see Section 5).
- AI coaching data — inputs you submit to the AI coach and the corresponding context (training, fitness, and performance data) used to generate guidance (see Section 6).
- Usage data — pages visited, features used, and interaction logs for analytics and performance monitoring.
Publicly available sources. The referee and match-official information published on the platform — including official names, appointments, match crews, and aggregate statistics — is compiled from publicly available sources, such as official federation announcements, competition records, and published match reports. We do not present such public data as private or confidential, and any official may contact us to review or correct information published about them.
3. Lawful basis for processing (GDPR)
Where the GDPR applies, we rely on the following lawful bases under Article 6:
- Contract — to provide the referee portal and its features to you.
- Legitimate interests — for security, fraud prevention, and improving the platform.
- Consent — for optional integrations such as wearable health data and the AI coach.
- Legal obligation — where we must retain or disclose data to comply with law.
Health and physiological data (including HRV and sleep) are treated as special-category data under Article 9. We process such data only with your explicit consent, which you may withdraw at any time.
4. Federations as controllers
Federations and refereeing bodies use Referee.Observer to manage their officials. When a federation uploads or manages referee data through the platform, the federation is the data controller and determines the purposes of processing. We process that data as a processor on the federation’s documented instructions, governed by our Data Processing Agreement. Referees should direct certain data-subject requests to their federation; we will assist the federation in responding.
5. Wearable and health data
With your explicit consent, we connect to Garmin, Polar, and Strava via their official APIs to import fitness and physiological data, including activity, heart-rate, HRV, sleep, and recovery metrics. This data is used to display your readiness, training load, and trends, and to power the AI coach where enabled.
- We request the minimum scopes necessary and never write data back to your device account.
- You can disconnect any wearable integration at any time from Account Settings.
- On disconnection, we stop importing new data and delete or anonymise imported health data per our retention schedule.
- We do not use wearable health data for advertising and do not sell it.
6. AI coach data usage
The optional AI coach generates training and performance guidance using third-party AI providers, currently DeepSeek and Google Gemini. When you use the AI coach, relevant context (such as fitness, training, and performance data) is sent to these providers solely to generate your response.
- We instruct providers not to use your data to train their models, where such controls are available.
- We minimise and, where feasible, pseudonymise data sent to AI providers.
- AI guidance is informational only and is not medical advice.
- You can decline to use the AI coach without losing access to other features.
7. International transfers
Some processors (including AI providers) may process data outside the European Economic Area. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, adequacy decisions, together with supplementary measures.
8. Data retention
We retain account and profile data for as long as your account is active. Appointment and performance records are retained for historical and statistical purposes. Wearable health data is retained only while the integration is connected and for a limited period afterward. AI coach interaction logs are retained for a short period for quality and security. We delete or anonymise personal data when it is no longer needed or upon a valid deletion request.
9. Minors and parental consent
Referees under the age of 18 (“minor referees”) may use the service only with the verifiable consent of a parent or legal guardian, and where required by their federation. For minor referees, processing of health and wearable data requires explicit parental consent. A parent or guardian may review, correct, or request deletion of a minor’s data, and may withdraw consent at any time by contacting us.
10. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request erasure of your account and associated data.
- Restrict or object to certain processing.
- Receive your data in a portable format (data portability).
- Withdraw consent for optional processing (e.g. wearables, AI coach).
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at privacy@referee.observer. Where the federation is the controller, we will route your request accordingly.
11. Data storage and security
Data is stored in a secure PostgreSQL database hosted in the EU. Passwords are hashed, session tokens are signed, and all data in transit is encrypted via HTTPS. We apply access controls and the principle of least privilege to limit who can access personal data.
12. Cookies
We use strictly necessary cookies for authentication and security (CSRF protection for OAuth flows). We do not use advertising or third-party tracking cookies.
13. Third-party services
- Vercel — hosting and edge functions
- Neon — database hosting (EU region)
- Google — authentication (Sign in with Google)
- Garmin, Polar, Strava — optional wearable and fitness integrations
- DeepSeek, Google Gemini — AI coach processing
14. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.
15. Contact
For any privacy-related questions, contact us at privacy@referee.observer.