We understand the importance of remaining transparent with our users. We have therefore provided this User Security Guide so you can understand the precautions we take, and how we recommend you remain safe as a user of our platform.

What user information do you store if I login to fix using my FPL email and password?

When you create a user account with fix, the user account is registered against the email address, and this email address is stored in plain text on our secure servers.

We do not however store your FPL password in plain text. You will be asked for your FPL password on every login attempt to the fix platform, unless you choose to store that password locally using cookies. You can find more information about this in our FAQ.

What user information do you store if I login to fix using my FPL ID?

When you login to fix via FPL ID, you will still need to provide an email address and password so we can create your user account. As above we will store your email address on a secure server, however, the password information will not be stored in plain text.

How do fix keep my data safe and protected?

We have stringent data security policies in place following best practice. Our current security policy has been in place and followed for a number of years, and includes the following practices:

• All user information is held on a secure server. Only one person within the business has admin rights to login to that server at Director level. Regular password changes and 2FA are implemented.
• All passwords used for supplier services are ‘strong passwords’ and are changed regularly in accordance with best practice.
• Where user data is exposed (ie - user email addresses), we only adopt suppliers who provide 2FA.
• All employees, contractors and freelancers have no access rights to any of the servers or databases.
• All employees, contractors and freelancers who are required to post content to our platform (ie - blogs) are required to do so through an external portal.
• We undertake very regular penetration testing and vulnerability scans across all parts of our infrastructure.
• We undertake regular third party cyber security audits with third party cyber security partners to constantly audit our infrastructure and highlight any potential weakness for improvement.
• We archive non-active user data into offline secure storage, to minimise the amount of user data held on our secure servers.

It should also be noted we are currently working towards our ISO 27001 accreditation. Further information on ISO 27001 Information Security Management can be found here.

Do fix sell any user data onto third parties or marketing agencies?

We do not sell or share any user data to any external third parties or marketing agencies.

For us, our user data is what allows us to build and keep growing the platform with new innovative features, and we would never compromise that relationship with our users.

In return we reciprocate that relationship with our users, as we have no adverts on our platform, and we do not promote any gambling or third party products to our users.

How can I ensure I stay safe online?

Whether it’s Fantasy Premier League, fix or any other online applications - we would always suggest you use a strong unique password.

You unique password should contain a random mix of numbers, letters and special characters.

We would also recommend only using websites which are trustworthy and have a robust security policy to prevent your details being shared without your consent. You can check if a website or your details have been involved in a previous data breach here https://haveibeenpwned.com