Privacy Policy

Effective Date: February 12, 2026 | Version: 1.0

Last Updated: February 12, 2026

This Privacy Policy describes how Team Captain (“we,” “us,” “our”) collects, uses, and protects personal information when you use our platform (the “Service”). This policy covers all users of the Service, including organizations, coaches, parents, and families.

For information about how we process participant and player data on behalf of organizations, see also Section 4 of our Terms of Service.

Contact: support@teamcaptain.ai

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Children’s Privacy
  5. Data Retention
  6. Data Security
  7. Your Rights
  8. State Privacy Rights
  9. Cookies and Tracking
  10. Third-Party Links and Services
  11. Data Transfers
  12. Changes to This Privacy Policy
  13. Contact Us

1. Information We Collect

We collect different types of information depending on how you interact with the Service.

A. Information You Provide

Organization administrators provide:

  • Organization name, contact information, and billing details
  • Administrator names, email addresses, and phone numbers
  • League, season, and team configuration data
  • Player enrollment data (imported from other platforms or entered manually), including participant names, dates of birth, gender, school names, and grade levels
  • Parent and guardian contact information (names, emails, phone numbers, addresses)
  • Coach evaluation data (skill assessments, ratings, notes)
  • Waiver and consent records

Coaches provide:

  • Name and email address (via invitation acceptance)
  • Player evaluations and skill assessments
  • Draft selections and team management decisions

Parents provide:

  • Name, email address, and phone number
  • Player information for their children (names, dates of birth, gender)
  • Registration selections and preferences
  • Payment information (processed by Stripe — we do not store credit card numbers)
  • Waiver acceptances
  • Communication preferences

B. Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information: Browser type, operating system, device type
  • Usage information: Pages visited, features used, timestamps
  • Log data: IP address, access times, referring URLs
  • Push notification tokens: If you enable push notifications on your device

We do not use tracking cookies for advertising. We do not track users across other websites.

C. Information from Other Sources

  • CSV imports: Organizations may import player and enrollment data from other platforms (such as Sports Connect). This data is provided by the Organization, not collected directly from participants.
  • Google OAuth: If you sign in with Google, we receive your name and email address from Google. We do not access your Google contacts, calendar, or other Google data.
  • Stripe: When payments are processed, Stripe provides us with transaction confirmations. We do not receive or store full credit card numbers.

2. How We Use Your Information

We use personal information only to provide and improve the Service. Specifically:

To operate the Service:

  • Create and manage user accounts
  • Process registrations and payments
  • Manage leagues, seasons, teams, and rosters
  • Run drafts and track team assignments
  • Store and display player evaluations and history
  • Manage player eligibility and league progression
  • Detect and manage duplicate player records

To communicate with you:

  • Send registration confirmations and payment receipts
  • Deliver team assignments, draft notifications, and season announcements
  • Send administrative messages from your Organization
  • Provide account security notices (password resets, login alerts)
  • Respond to support requests

To maintain and improve the Service:

  • Monitor system performance and fix bugs
  • Analyze aggregate usage patterns (not individual behavior) to improve features
  • Ensure security and prevent fraud

We do NOT use your information to:

  • Sell, rent, or share it with third parties for their marketing purposes
  • Display advertising or targeted ads
  • Build behavioral profiles for advertising
  • Track you across other websites or services
  • Contact you for our own marketing purposes (unless you explicitly opt in)

3. How We Share Your Information

We share personal information only in the following circumstances:

A. Within the Service

  • Organizations can view player data, parent contacts, evaluations, and registration information for players within their organization
  • Coaches can view player information and team data for teams they are assigned to within their organization
  • Parents can view their own children’s information, registration history, and team assignments

Each Organization’s data is isolated. Organizations cannot access another Organization’s data. See Section 4 of our Terms of Service for details on data isolation.

B. Service Providers

We share information with third-party service providers who help us operate the Service:

Provider Purpose Data Shared
HerokuApplication hostingAll Service data (encrypted at rest)
SupabaseDatabase hostingAll Service data (encrypted at rest)
Amazon Web Services (SES)Email deliveryRecipient email addresses, email content
Amazon Web Services (SNS)SMS deliveryRecipient phone numbers, message content
GoogleAuthentication (OAuth)Email address (for sign-in verification)
StripePayment processingPayer name, email, payment method, transaction amount

All service providers are contractually obligated to:

  • Use data only as necessary to provide their service to us
  • Protect data with industry-standard security measures
  • Not use data for their own marketing or advertising purposes
  • Delete data when no longer needed for the service

All service providers are located in the United States.

C. Legal Requirements

We may disclose personal information if required to:

  • Comply with a law, regulation, subpoena, or court order
  • Protect the rights, safety, or property of Team Captain, our users, or the public
  • Investigate or prevent fraud, security issues, or violations of our Terms
  • Respond to a government or regulatory request

If we receive a legal request for children’s data, we will notify the affected Organization before disclosure unless prohibited by law.

D. Business Transfers

If Team Captain is acquired, merged, or sells substantially all of its assets, user data may be transferred as part of that transaction. We will notify all users by email at least 30 days before any transfer of personal information to a new entity. The new entity will be bound by the terms of this Privacy Policy until it is updated with user notice.

E. What We Never Share

We do not:

  • Sell personal information to anyone, for any reason
  • Share personal information with advertisers or ad networks
  • Share children’s personal information with any third party for marketing purposes
  • Provide data to data brokers
  • Share Organization data with other Organizations

4. Children’s Privacy

This section describes how we handle the personal information of children under 18, with particular attention to children under 13 as required by the Children’s Online Privacy Protection Act (COPPA).

This is important: most participants on Team Captain are children. We take their privacy seriously.

A. Our Approach

The Service is not directed toward children. Children do not create accounts, log in, or interact with the Service directly. All children’s personal information enters the Service through their parent or their sports organization — never from the child directly.

  • Children under 13 are not permitted to create accounts or access the Service
  • Children aged 13–17 may only access the Service with parental consent and through their Organization
  • Parents create accounts, provide their children’s information, and make registration decisions
  • Organizations import player data and manage league operations

B. What Children’s Information We Process

We process the following information about child participants:

  • Full name
  • Date of birth
  • Gender
  • Age (calculated from date of birth)
  • League, team, and season participation history
  • Draft history and team assignments
  • Coach evaluations and skill assessments
  • Registration records
  • Waiver acceptance records (accepted by the Parent, not the child)

We do not collect from children:

  • Email addresses (we store parent email addresses)
  • Phone numbers (we store parent phone numbers)
  • Photos, videos, or media content
  • Social media accounts
  • Geolocation data
  • Behavioral or browsing data

C. How Children’s Information Is Used

We use children’s personal information only to:

  • Maintain their player profile within their Organization
  • Track league eligibility and recommend appropriate league placement
  • Support draft management and team assignment
  • Store coach evaluations and skill assessments across seasons
  • Process registrations initiated by their Parent
  • Generate roster and team information for coaches

We do not use children’s information to:

  • Advertise or market any products or services
  • Build behavioral profiles
  • Share with third parties for any commercial purpose
  • Contact children directly (all communications go to Parents)
  • Make automated decisions that materially affect a child without parental involvement

D. COPPA Compliance

We process children’s data under the “support for internal operations” exception to COPPA (16 CFR § 312.5(c)(7)).

Consent responsibility: Organizations are the data controllers and are responsible for obtaining verifiable parental consent under COPPA before providing children’s data to the Service. When Parents register their children through the Service, their account creation and registration actions constitute consent for the processing described in this policy.

Our COPPA obligations:

  • We maintain a written data security program as required by COPPA
  • We conduct annual security reviews
  • We train our personnel on children’s data protection
  • We do not collect personal information directly from children under 13
  • We do not use children’s data for advertising or profiling
  • We store and process all children’s data within the United States

Unauthorized collection: If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information and any related records promptly. If you believe we have inadvertently collected such information, contact us at support@teamcaptain.ai.

E. Parental Rights

Parents have the following rights regarding their children’s personal information:

  • Access: View your children’s information, registration history, team assignments, and evaluation summaries through the Service
  • Right to know: Request disclosure of what personal information we hold about your children, the categories of information collected, the sources, and the purposes for which it is used
  • Correction: Request corrections to your children’s data through your Organization or by contacting us at support@teamcaptain.ai
  • Deletion: Request deletion of your children’s personal information
  • Data portability: Request an export of your children’s data in CSV format
  • Withdraw consent: Withdraw consent for processing your children’s data at any time

How to exercise these rights: Contact your Organization directly or email us at support@teamcaptain.ai. We will take reasonable steps to verify your identity as the child’s parent or legal guardian before disclosing or modifying any child’s personal information.

Response timeline: We will respond to verified requests within 5 business days. If we need additional time, we will notify you of the reason and expected timeline.

Denial and appeals: If we deny a request, we will provide the reason in writing. You may appeal within 30 days by emailing support@teamcaptain.ai. We will respond to appeals within 10 business days.

Effect of consent withdrawal: Upon consent withdrawal, we will work with your Organization to cease processing your child’s personal information and delete it within 30 days, except where retention is required by law or necessary to complete an in-progress transaction (such as a paid registration for a current season). Withdrawal of consent may affect your child’s ability to participate in the Organization’s programs.

F. Changes to Children’s Data Practices

If we materially change how we collect, use, or share children’s personal information, we will:

  • Notify affected Organizations and Parents by email before implementing the change
  • Provide at least 30 days’ notice
  • Require affirmative consent before using children’s information in a materially different manner

5. Data Retention

  • Active accounts: We retain personal information as long as the account is active and the Service is in use
  • After Organization closure: We delete all organizational data (including all player records, evaluations, and registration history) within 30 days of account closure. Organizations may export their data before closing their account.
  • After Parent account closure: We delete Parent account data within 30 days. Player records within Organizations are retained until the Organization deletes them or closes their account.
  • Coach accounts: Coach access is managed by the Organization. When a coach’s access is revoked, their account data is retained but their access to organizational data is removed. Coaches may request deletion of their account data.
  • Payment records: Transaction records are retained for 7 years as required for tax and financial reporting compliance. These records include transaction amounts, dates, and payer identification — not credit card numbers (which are stored by Stripe, not by us).
  • Backups: Data is deleted from backups within 90 days of deletion from the primary system
  • Certification: We will provide written confirmation of data deletion upon request

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access controls: Organization-based data isolation, role-based access, secure authentication, automatic session timeouts
  • Authentication: Google OAuth 2.0 and passwordless magic link sign-in
  • Infrastructure: Secure cloud hosting on Heroku with Supabase (PostgreSQL) database, firewalls, automated backups
  • Monitoring: Activity logging, security alerts, regular security updates
  • Policies: Written information security program, designated security personnel, annual risk assessments
  • Payment security: Credit card data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor. We never see, store, or process credit card numbers.

Data breach notification: If we discover a security breach affecting your personal information, we will notify affected Organizations within 24 hours via email, including what happened, what data was affected, and what steps we are taking. Organizations are responsible for deciding whether and how to notify parents and participants — we will support that process.

7. Your Rights

A. All Users

Regardless of your role or location, you can:

  • Access your personal information through the Service
  • Request corrections to inaccurate information
  • Request deletion of your account and associated data
  • Export your data in CSV format
  • Update your communication preferences (email, SMS, push notifications)

B. Parents

See Section 4E above for detailed parental rights regarding children’s personal information.

C. Organizations

Organizations can:

  • Export all organizational data (players, evaluations, registrations, rosters) at any time
  • Correct, update, or delete any records within their organization
  • Manage coach and volunteer access
  • Close their account and request complete data deletion

8. State Privacy Rights

Residents of certain states have additional privacy rights. We do not sell personal information, and we do not use personal information for targeted advertising. This applies to all users, including children.

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have additional rights under your state’s consumer privacy laws, including:

  • Right to know: What personal information we collect, use, and share
  • Right to access: Obtain a copy of your personal information
  • Right to delete: Request deletion of your personal information
  • Right to correct: Request correction of inaccurate information
  • Right to opt out of sale: We do not sell personal information, so there is nothing to opt out of
  • Right to opt out of targeted advertising: We do not use personal information for targeted advertising
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise state-specific rights: Email us at support@teamcaptain.ai. We will verify your identity before processing your request and respond within the timeframe required by your state’s law (typically 45 days).

California residents: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the rights listed above. We do not sell or share personal information as defined by the CCPA/CPRA. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.

Authorized agents: If you are submitting a request on behalf of a California resident, you must provide proof of authorization. We may contact the individual to verify the request.

9. Cookies and Tracking

We do not use advertising or tracking cookies.

We use only essential cookies required to operate the Service:

Cookie Purpose Duration
Session cookieKeeps you logged in during your visitExpires when you close the browser or after inactivity timeout
Theme preferenceRemembers your light/dark mode settingPersistent (stored in localStorage)

We do not use:

  • Third-party advertising cookies
  • Cross-site tracking cookies
  • Analytics cookies that track individual behavior
  • Social media tracking pixels
  • Fingerprinting or other covert tracking technologies

10. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services (such as Stripe for payments and Google for authentication). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you interact with:

11. Data Transfers

All personal information is stored and processed in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States.

We do not transfer personal information to countries outside the United States.

12. Changes to This Privacy Policy

Material changes (how we collect, use, or share personal information):

  • We will email affected users at least 30 days in advance
  • For changes affecting children’s data, we will require affirmative consent (not just continued use)
  • If you do not accept the changes, you may export your data and close your account

Non-material changes (clarifications, formatting, updated provider information):

  • We will update the “Last Updated” date above
  • We will notify you via email or in-app notice
  • Continued use means you accept the changes

You can always review the current Privacy Policy at this page.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise any of your privacy rights:

Team Captain
Atlanta, Georgia
Email: support@teamcaptain.ai

For children’s privacy concerns: If you have questions or concerns specifically about how we handle children’s personal information, or if you believe we have collected information from a child without proper consent, please contact us immediately at support@teamcaptain.ai. We treat all children’s privacy inquiries as high priority and will respond within 2 business days.