Atlas Lions

Your Data

Privacy Policy

Last updated: May 29, 2026

Atlas Lions (“we”, “us”, “our”) operates the website at atlaslions.com. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it. We aim to collect as little as possible and to be plain-spoken about what we do.

1. Who we are

Atlas Lions is an unofficial Morocco national-team fan site. We are not affiliated with, endorsed by, or connected to FIFA, the FRMF, or any official body. For privacy questions, contact us through the contact link in the footer.

2. What we collect

  • Email address — if you subscribe to the newsletter, along with the page you signed up from and the timestamp of your consent.
  • Order information — if you buy from our shop: name, shipping address, email, and the items ordered. Payment card details are processed by Stripe and never touch our servers.
  • Cookies and similar technologies — see our Cookie Policy for the full list, including the categories you can opt in or out of.
  • Server logs — IP address, user agent, request path, and timestamp. Retained for up to 30 days to investigate abuse and operational issues.
  • Analytics — aggregate, cookieless page-view counts via Vercel Web Analytics. No individual profiles are built.

3. Legal bases (GDPR)

  • Consent — newsletter signup, non-essential cookies (analytics, advertising, personalisation).
  • Contract — processing your order and delivering merchandise.
  • Legitimate interests — protecting the site from abuse, basic operational logging, and improving our service.
  • Legal obligation — keeping tax and order records as required by law.

4. How long we keep it

  • Newsletter email: until you unsubscribe.
  • Order records: 7 years (tax retention).
  • Server logs: 30 days.
  • Consent records: 24 months from the last update.

5. Who we share it with

We do not sell or rent personal information. We share data only with vendors that help us run the site:

  • Vercel — hosting and edge delivery.
  • Supabase — database hosting (EU, Frankfurt).
  • Resend — newsletter delivery.
  • Stripe — payment processing.
  • Printful / Gelato — print-on-demand merchandise fulfilment.
  • API-Football — fixtures and squad data (no personal data flows to them).
  • Google — Consent Mode v2 signalling and, where consented, AdSense.

Some vendors may transfer data outside the EU/UK. Where they do, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Your rights (GDPR / UK GDPR)

You have the right to access, correct, delete, restrict, or port your personal data, and to object to processing based on legitimate interests or direct marketing. You may withdraw consent at any time without affecting prior lawful processing. To exercise any of these rights, use the unsubscribe link in any email or contact us. You also have the right to complain to your local supervisory authority.

7. California residents (CCPA / CPRA)

We do not sell or “share” personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. California residents have the right to know, delete, correct, and limit the use of sensitive personal information. The cookie preferences control covers our Do Not Sell / Share signal.

8. Children

The site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it.

9. Security

We use TLS for all traffic, store data in encrypted databases, and limit access to production systems. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Changes

If we materially change this policy, we will update the “Last updated” date above and, where required, notify subscribers by email.