CoachMate Privacy Policy
Version: 2026-03-24
Effective Date: April 24, 2026
1. Introduction
CoachMate LLC ("CoachMate," "we," "us") provides cloud-based sports management software. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our platform.
This policy applies to:
- Organization administrators, coaches, and staff ("Organization Users");
- Parents, guardians, and adult participants ("End Users"); and
- Visitors to our website.
2. Our Role: Controller vs. Processor
When we are a Processor/Service Provider: For participant data, parent data, registration data, and other information submitted by organizations through the platform, CoachMate acts as a data processor/service provider on behalf of the organization. The organization is the data controller/business and determines the purposes of processing.
When we are a Controller/Business: For organization account data, billing data, platform usage data, and data collected directly from website visitors, CoachMate acts as the data controller/business.
3. Categories of Personal Information We Collect
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email, phone number, mailing address, IP address | Directly from you or your organization |
| Account Data | Username, password (hashed), organization name, role | Account creation |
| Participant Data | Player name, date of birth, age group, gender, jersey size, emergency contacts, medical information (via waivers) | Organization registration forms |
| Payment Data | Transaction amounts, billing history, Stripe customer ID (we do NOT store credit card numbers — Stripe handles card data) | Payment processing via Stripe |
| Electronic Signature Data | Signature image, signer name, timestamp, IP address, user-agent, consent selections | Registration/waiver flows |
| Communication Data | Email addresses, notification preferences, email open tracking | Platform communications |
| Device/Technical Data | Browser type, operating system, IP address, user-agent, cookies, local storage tokens | Automatic collection |
| Photos | Player photos, organization logos, team images | Uploaded by organization users |
| Geolocation | Address data for address validation | Provided by user, validated via Geoapify |
4. Children's Privacy (COPPA Notice)
CoachMate does not knowingly collect personal information directly from children under 13.
Organizations using CoachMate may submit information about children under 13 as part of sports registration. In this case:
- The organization is responsible for obtaining verifiable parental consent as required by COPPA before submitting a child's data to CoachMate;
- CoachMate processes children's data solely as a service provider on the organization's behalf;
- Parents may contact the organization directly to review, delete, or refuse further collection of their child's information;
- Parents may also contact CoachMate at support@coachmatesports.com to request deletion of their child's data.
We do not use children's data for marketing, advertising, or profiling. We do not disclose children's data to third parties except as necessary to operate the platform (see Section 6).
5. How We Use Personal Information
We use personal information for the following purposes:
- Providing the Service — account management, registration processing, scheduling, communication, payment processing, waiver management;
- Payment Processing — facilitating transactions between organizations and participants via Stripe;
- Communications — sending transactional emails (confirmations, receipts, reminders, notifications) and, with consent, promotional communications;
- Security — fraud prevention, abuse detection, rate limiting, bot protection (via Cloudflare Turnstile);
- Legal Compliance — maintaining audit trails for electronic signatures, waivers, and legal acceptances as required by ESIGN Act and UETA;
- Platform Improvement — analyzing aggregated, de-identified usage patterns to improve the service;
- Support — responding to inquiries and troubleshooting.
We do NOT:
- Sell personal information;
- Use personal information for targeted advertising;
- Share personal information for cross-context behavioral advertising;
- Build marketing profiles about participants or minors.
6. How We Share Personal Information
We share personal information only as follows:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment amounts, transaction metadata |
| Supabase | Database hosting, authentication, file storage | All platform data (encrypted at rest and in transit) |
| SendGrid | Email delivery | Recipient email, name, email content |
| Netlify | Website hosting, serverless functions | Request data, IP addresses |
| Cloudflare | Bot protection (Turnstile) | IP address, browser fingerprint |
| Geoapify | Address validation | Address fields |
| Organization | The organization you registered with | Your registration data, participant data, payment status |
We may also disclose information to comply with legal obligations, court orders, or government requests; to protect CoachMate's rights, safety, or property; or in connection with a merger, acquisition, or sale of assets (with notice).
We do not sell or share personal information for cross-context behavioral advertising.
7. Email Tracking
We use email open tracking (tracking pixels) in transactional and organizational emails to measure delivery and engagement. This tracking collects: whether an email was opened, the time of opening, and general device information. You can disable image loading in your email client to prevent this tracking.
8. Cookies and Local Storage
See our Cookie Policy for details. In summary:
- Essential Cookies/Storage: Authentication tokens, session data, security tokens — required for platform operation;
- Functional Storage: User preferences (e.g., active sport selection) — improves user experience.
We do not use third-party advertising trackers.
9. Data Retention
- Organization Account Data: Retained while the account is active and for 12 months after termination for data export purposes, then deleted;
- Registration/Participant Data: Retained while the organization account is active. After account termination, retained for up to 12 months unless earlier deletion is requested;
- Electronic Signature Records: Retained for a minimum of 7 years for legal enforceability, consistent with statute of limitations requirements;
- Payment Records: Retained as required by tax and financial regulations (generally 7 years);
- Server Logs: Retained for up to 90 days;
- Soft-Deleted Records: Marked as inactive but retained for audit and reporting purposes. Permanently deleted upon account termination per the schedule above.
10. Your Privacy Rights
For All Users:
- Access: Request a copy of your personal information;
- Correction: Request correction of inaccurate information;
- Deletion: Request deletion of your personal information (subject to legal retention requirements);
- Portability: Request your data in a structured, commonly used format.
Additional Rights for California Residents (CCPA/CPRA):
- Right to Know: What personal information we collect, use, and disclose;
- Right to Delete: Request deletion of personal information;
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information, but you may submit an opt-out request;
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights;
- Right to Limit Use of Sensitive Personal Information: We only use sensitive PI (e.g., children's data, health info in waivers) to provide the Service.
For Participant/Parent Data:
Because CoachMate processes participant data on behalf of organizations, please direct your initial request to the organization you registered with. If the organization is unresponsive, contact us directly and we will assist.
How to Exercise Your Rights:
- Email: support@coachmatesports.com
- Include your name, email, organization name, and the specific right you wish to exercise.
- We will respond within 45 days (may be extended by 45 days for complex requests with notice).
- We will verify your identity before processing requests.
11. Data Security
We implement reasonable technical and organizational security measures, including:
- Encryption in transit (TLS/HTTPS) and at rest;
- Row-level security policies for multi-tenant data isolation;
- Role-based access controls;
- Rate limiting and bot protection;
- Regular security testing;
- Encrypted storage of sensitive API keys.
No system is 100% secure. We cannot guarantee absolute security of your information.
12. Data Breach Notification
In the event of a confirmed data breach affecting personal information, we will:
- Notify affected organizations within 72 hours of confirmation;
- Notify affected individuals as required by applicable law;
- Provide details on the nature of the breach, data affected, and remediation steps;
- Cooperate with organizations in fulfilling their notification obligations.
13. International Data
CoachMate is based in the United States and processes data in the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.
14. Do Not Track
Some browsers transmit "Do Not Track" signals. We do not currently respond to Do Not Track signals because there is no industry-standard method for doing so. We do not engage in cross-site tracking.
15. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated via email or in-platform notice at least 30 days before taking effect. The "Version" date at the top indicates the latest revision.
16. Contact
For privacy inquiries, data requests, or complaints:
CoachMate LLC
Email: support@coachmatesports.com