XI FirstXI Privacy Policy
POL ENG
Back to homepage
FIRSTXI APP

Privacy Policy

FirstXI App respects user privacy and is committed to processing personal data in a lawful, secure, and transparent manner.

Effective date: March 22, 2026
Last updated: March 22, 2026

1. Data Controller

The controller of personal data processed through the App is:

Jakub Kacper Mrozik, conducting business under the trade name FirstXI App
registered office: Svatopluka Čecha 881/32, 735 06, Karviná - Nové Město, Czech Republic
registered number: 21877335
contact email: app@firstxi.pl

For any privacy or personal data matters, users may contact us at: app@firstxi.pl.

2. Who this Policy applies to

This Privacy Policy applies to people using the FirstXI App, including in particular:

  • athletes,
  • coaches,
  • visitors of the FirstXI website, to the extent the website collects personal data.

3. Nature of the App

FirstXI is a sports app designed for football players and coaches. The App supports daily check-ins, training planning, readiness monitoring, workload analysis, and coach-athlete communication.

FirstXI is not a medical device and does not provide medical services. The App does not replace a doctor, physiotherapist, or professional diagnosis. Any indicators, alerts, analyses, plans, and recommendations displayed in the App are for informational, training, and organizational purposes only.

4. What data we may collect

Depending on how the App is used, we may collect and process the following categories of data:

  • Account and identity data: email address, login password handled by the authentication provider, first name, last name, nickname, profile photo, user role, and account identifiers related to Google or Apple sign-in.
  • Profile and sports-related data: city, date of birth, club, field position, training goals, access to gym, field or home equipment, weekly training frequency, daily training minutes, training days, preferred app language.
  • Wellness, workload, and activity data: check-in data such as sleep, readiness, pain, mental fatigue, other wellbeing or workload information, training history, check-in history, form analysis, and return-to-play related data.
  • Communication data: coach-athlete messages and support-related communications.
  • Technical data: push tokens, basic device and operating system information, app version, error logs and security events.
  • Subscription and billing-related data: trial activation, subscription status, plan type, billing period, renewals, cancellation or expiry, and data received from Apple App Store or Google Play as necessary to manage access to paid features.

As a rule, we do not store full payment card data where purchases are processed by Apple App Store or Google Play.

5. Data of minors

The App may also be used by individuals who are at least 12 years old. If a user is under 18 years of age, registration and use of the App means that the user confirms that they have obtained consent from a parent, legal guardian, or another authorized person, if such consent is required under applicable law.

A parent or guardian who believes that a minor is using the App without the required consent may contact us at: app@firstxi.pl.

6. Purposes and legal bases of processing

  • Creating and maintaining a user account – account registration, login, email confirmation, password reset and account maintenance. Legal basis: performance of a contract or steps taken prior to entering into a contract.
  • Providing the App’s core features – onboarding, user profile, daily check-in, daily plan, training completion, history, team views, dashboards, alerts and coach-athlete communication. Legal basis: performance of the contract for electronic services.
  • Processing wellness, workload, and potentially health-related data – to operate the check-in, adjust the training plan, analyze readiness and workload, display alerts and support planning and recovery. Legal basis: explicit consent.
  • Subscription and trial management – trial activation, premium access, subscription verification, renewals and expiry. Legal basis: performance of a contract and legal obligations where applicable.
  • Transactional and technical communication – account confirmation, password reset, account security and important service notices. Legal basis: performance of a contract and our legitimate interest.
  • Security and abuse prevention – protecting the App, detecting unauthorized access and maintaining security. Legal basis: legitimate interest.
  • Support and analytics – handling support requests, improving the App and analyzing stability and quality. Legal basis: legitimate interest and, where required by law, consent.

7. Whether coaches can see athlete data

If an athlete is connected with a coach or team through the App, the coach may access the athlete’s data available in the system, including profile data, check-in data, pain, readiness, sleep, fatigue and workload data, training plans, training completion data, activity history, alerts, and communication content exchanged through coach-athlete collaboration features.

Under the current functional model, a coach can view the full scope of athlete data made available within the coach-athlete relationship in the App.

8. Sources of data

  • directly from users during registration, onboarding and use of the App,
  • from external sign-in systems such as Google or Apple,
  • from Apple App Store or Google Play to the extent necessary to manage subscriptions,
  • from the user’s activity within the App.

9. Whether providing data is mandatory

Providing some data is voluntary, but necessary to create an account and use the App’s features. Failure to provide certain data may make it impossible to use the App or may limit access to selected features.

10. Data recipients

User data may be disclosed to entities supporting us in providing services, in particular:

  • infrastructure and hosting providers,
  • authentication and database providers,
  • transactional email providers,
  • push notification providers,
  • analytics providers,
  • customer support tool providers,
  • app store operators such as Apple and Google in matters related to subscriptions and app distribution,
  • legal, accounting, technical, or security service providers where necessary.

Within team-related features, the athlete’s data may also be disclosed to the coach assigned to that athlete in the App.

11. Transfers outside the EEA

At this stage, we assume that user data is not intentionally transferred outside the European Economic Area unless such transfer results from the use of specific technology providers. If data is transferred outside the EEA in the future, we will apply appropriate legal safeguards as required by applicable data protection laws.

12. Data retention

We retain personal data for as long as necessary for the purposes for which it was collected. If a user deletes their account, their data will generally be deleted within 1 month from the start of the deletion process, unless a longer retention period is necessary to comply with legal obligations, establish, exercise, or defend legal claims, or for technical reasons related to security and system integrity for a limited necessary period.

13. User rights

  • access to their data,
  • rectification of data,
  • erasure of data,
  • restriction of processing,
  • data portability,
  • objection to processing based on legitimate interest,
  • withdrawal of consent at any time where processing is based on consent,
  • lodging a complaint with the competent data protection supervisory authority, in particular in the Czech Republic.

To exercise these rights, users may contact us at: app@firstxi.pl.

14. Data security

We apply appropriate technical and organizational measures to protect personal data, including measures designed for access control, authentication, securing data transmission, limiting access to authorized persons only, protecting systems against abuse, backups and data integrity.

15. FirstXI website

As of the last update of this Privacy Policy, the FirstXI website primarily serves as a landing page and does not use analytics tools or marketing trackers, unless this is expressly indicated separately in the future.

16. Account deletion

Users may delete their account through the App or by another method made available by FirstXI. Deleting an account starts the data deletion process in accordance with this Privacy Policy.

Deleting the account in the App does not automatically cancel a subscription purchased through Apple App Store or Google Play. The subscription must be managed and cancelled separately in the settings of the relevant store.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, in particular in the event of changes to App features, technology providers, law, or the ways we process data. The current version of the Privacy Policy will be made available in the App or on the FirstXI website together with the date of the latest update.

18. Contact

For privacy, personal data, or Policy-related matters, please contact us at: app@firstxi.pl

FirstXI App • Privacy page • English version