Privacy Policy

Last updated 2026. This policy explains how CricRelay handles your personal data under UK GDPR.

Who is the data controller

CricRelay is operated by the CricRelay team. For any privacy or data-protection request, contact us at support@cricrelay.co.uk.

What data we collect

• Account details: your name, email address, and a hashed password.
• Club membership & role: the club you belong to and whether you are an admin or member. A club can have several member logins; club admins can see the names, emails, and roles of members in their club, and remove them.
• Play-Cricket link: your club code or base URL, if you provide one (optional for app sign-up).
• OAuth tokens: encrypted YouTube and Twitch refresh tokens when you connect those platforms.
• Stream records: for each broadcast — the match label, platform, start/end time and duration, a link to the recording (VOD) held on YouTube/Twitch, viewer-count statistics (peak and average), the final score snapshot, and which member started the stream. These are visible to your club on the club dashboard.
• Sponsors: sponsor names, logos, and links your club chooses to record (business information, not personal data).
• Consent record: the date and time you agreed to this policy at registration.

Why we collect it

We process this data to provide the CricRelay streaming service — account authentication, live score overlays, YouTube/Twitch integration, stream management, and club & member statistics on your dashboard. Recordings are stored by YouTube/Twitch under their own terms; we keep only a link to them.

Where we store and protect it

Your data is stored on infrastructure hosted in the United Kingdom (London / eu-west-2). Passwords are hashed, OAuth tokens are encrypted at rest, traffic is served over HTTPS, and access is restricted. We take daily encrypted backups (held in the UK) so we can restore the service after an incident.

How long we keep it

We retain your account data and associated stream records until you (or your club admin) delete the account. When you request deletion, we erase your account, club membership, stream records, sponsors, and connected OAuth tokens from the live service. Copies may persist in our encrypted backups for up to 30 days before they are automatically overwritten; we do not use backups for any purpose other than disaster recovery.

Your rights

Under UK GDPR you have the right to:

• Access — view the personal data we hold about you.
• Erasure — delete your account and all associated data.
• Portability — export your data in a machine-readable format.
• Rectification — correct inaccurate data via your dashboard settings.
• Object — object to processing where applicable.

Signed-in users can export or delete their account from the dashboard or via the mobile app. API endpoints: GET /api/auth/account/export and DELETE /api/auth/account (Bearer token required).

Cookies

The web app uses session cookies for login. We do not use third-party advertising trackers on the core product.

CricRelay mobile app

The native Android and iOS apps may additionally collect:

• Crash diagnostics via Firebase Crashlytics to improve stability.
• Anonymous usage events via Firebase Analytics (sign-in, stream creation, go-live outcomes).
• Camera and microphone while broadcasting — sent only to the RTMP destination you configure.

Contact

For data subject requests or questions about this policy, email support@cricrelay.co.uk. We aim to respond within 30 days.