Legal

Privacy Policy

Last updated: April 10, 2026

Overview

TheStatsAPI (“we”, “our”, “us”) operates the website at thestatsapi.com and provides a football data API service. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

We are committed to handling your data responsibly and in compliance with applicable data protection laws, including the UK GDPR and EU GDPR where applicable.

If you have questions about anything in this policy, please contact us.

Data we collect

Account data

When you sign up, we collect your email address and a hashed password. This is stored securely via Supabase, our authentication provider. Your API key is generated and associated with your account record.

API usage data

We log API requests including the endpoint called, timestamp, response status, and the API key used (not your email). This data is used to enforce rate limits, display your usage dashboard, and diagnose issues.

Payment data

Billing is processed by third-party payment providers. We do not store raw card numbers or bank account details on our servers. We retain billing history (amount, date, plan) for accounting and support purposes.

Communications

If you contact us via email or the live chat widget, we retain the content of those communications for support and quality purposes.

Website analytics

We use Google Analytics to understand how visitors use our site. This collects anonymised data about pages visited, session duration, referral sources, and general device/browser information. IP addresses are anonymised before storage.

How we use your data

  • Providing and operating the API service
  • Authenticating your account and issuing API keys
  • Enforcing rate limits and plan quotas
  • Sending transactional emails (account confirmation, password reset)
  • Responding to support requests
  • Improving our data coverage and API features
  • Sending occasional product updates (you can unsubscribe at any time)
  • Detecting and preventing abuse of the service

We do not sell your personal data to third parties. We do not use your data for automated decision-making that has a legal or similarly significant effect on you.

Third-party services

We use the following third-party services, each of which processes some of your data under their own privacy policies:

SupabasePrivacy policy

Authentication and database hosting. Stores your account email, hashed password, and API usage records.

Google AnalyticsPrivacy policy

Anonymised website traffic analysis. Collects page view and session data. No personally identifiable information is sent to Google.

CrispPrivacy policy

Live chat support widget. If you use the chat, Crisp stores the conversation and may set cookies to identify returning visitors.

EndorselyPrivacy policy

Affiliate tracking. If you arrive via an affiliate link, Endorsely records a cookie to attribute the referral.

Cookies

We use the following categories of cookies:

Essential

Required for authentication and session management. Cannot be disabled without breaking the service.

Analytics

Google Analytics cookies that help us understand site usage. You can opt out via browser settings or a GA opt-out extension.

Support chat

Crisp sets cookies to recognise returning visitors in the chat. Only active when you interact with the chat widget.

Affiliate

Endorsely sets a cookie if you arrive via an affiliate link. Expires after 30 days.

Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are legally required to retain certain records (e.g. billing history for tax purposes, which we retain for 7 years).

API request logs are retained for 90 days for debugging and abuse-prevention purposes, after which they are aggregated and anonymised.

Analytics data held by Google is subject to Google's own retention policies.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you
  • Rectification: ask us to correct inaccurate data
  • Erasure: request deletion of your account and associated data
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Restriction: ask us to limit how we process your data in certain circumstances

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Policy changes

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email. Continued use of the service after changes are published constitutes acceptance of the updated policy.

Contact us

For any privacy-related questions or to exercise your data rights, contact us at:

TheStatsAPI
[email protected]

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.