← Back

Privacy Policy

Last updated: April 15, 2026

OffPitchOS is built for youth soccer clubs, which means a lot of the people in our system are minors and their families. We take that seriously. This policy explains exactly what we collect, why, where it lives, and what we will never do with it.

The short version

  • We will never sell your data or your players’ data. Not to advertisers, not to data brokers, not to anyone.
  • We do not use club or player data to train AI models.
  • We only collect what the app needs to do its job.
  • You own your data. You can export or delete it at any time.

What we collect

  • Account info: name, email, role (DOC, coach, parent, player), and password hash.
  • Club data: teams, rosters, schedules, attendance, feedback notes, gear sizes, camp registrations.
  • Communications: messages, announcements, and notification preferences.
  • Payment data: processed by Stripe. We never see or store card numbers — only a transaction ID and status.
  • Device data: IP address and browser type for security; push notification tokens when you opt in.

Where it lives

Data is stored on Supabase (Postgres) in US-based data centers. All connections are encrypted with TLS. Passwords are hashed with bcrypt. Database backups are encrypted at rest.

Who we share it with

Only these service providers, and only what they need to do their job:

  • Supabase — database hosting and authentication.
  • Vercel — web hosting.
  • Stripe — payment processing for camp registrations.
  • Resend — transactional email delivery.
  • Anthropic (Claude) — AI features (triage, voice commands, Ask). Anthropic does not retain or train on your data per their API terms.
  • Google OAuth — optional sign-in.

We will disclose data to law enforcement only when legally required and will notify you unless prohibited.

Children’s privacy (COPPA)

OffPitchOS is designed for use by clubs whose players may be under 13. We do not create accounts directly for children under 13. Player profiles are created and managed by verified parents, coaches, or club directors. We collect only the information the club needs to run operations — name, age group, attendance, gear size, and feedback notes. Parents can review, export, or request deletion of their child’s data at any time by emailing us.

Your rights

You can at any time:

  • Export your data in a readable format.
  • Request correction of inaccurate data.
  • Request full deletion of your account and associated data within 30 days.
  • Opt out of non-essential notifications in Settings.

If you are in the EU, UK, or California, you have additional rights under GDPR / CCPA — including the right to know, the right to delete, and the right to non-discrimination. Email us to exercise any of these rights.

Data retention

We keep data for as long as your account is active. When you delete your account, personal data is removed within 30 days, except where we are legally required to retain it (e.g., payment records for tax purposes).

Cookies

We use a single essential session cookie for authentication. No third-party advertising or tracking cookies.

Changes to this policy

If we make material changes, we will notify account admins by email at least 14 days before the changes take effect.

Contact

Questions, data requests, or concerns: privacy@offpitchos.com

Terms of ServiceSign in