Privacy policy
Last updated: July 13, 2026 · DRAFT — this is a placeholder policy and must be reviewed by a lawyer before launch.
The short version
We collect only what a soccer league needs to run a season, we never sell or share your data, and you can get it back or have it deleted by asking. Most of our users are volunteers and parents — this policy is written for them, not for lawyers.
What we collect
PLACEHOLDER — enumerate: account details (name, email), player details entered by a parent or league (name, birth year, division, medical notes a league chooses to collect), payment records (via Stripe — we never see card numbers), signed waivers (with timestamp and IP for legal validity), and messages sent through the platform.
Children's information
PLACEHOLDER — most players are minors. Their information is entered and controlled by a parent/guardian or league administrator; children do not create accounts. Spell out the minimal-collection principle and the league's role as the data controller for its own roster.
Where your data lives
PLACEHOLDER — state hosting locations precisely once infrastructure is final (application servers and database region, file storage region, and subprocessors). BC leagues should note: we comply with PIPEDA and BC's Personal Information Protection Act (PIPA). If any data is stored or processed outside Canada (e.g. Stripe, email delivery), name it here explicitly.
Who we share it with
PLACEHOLDER — subprocessor list: Stripe (payments), Resend (email delivery), DigitalOcean (hosting), Cloudflare (site delivery and analytics — cookieless). No advertising, no data brokers, no exceptions.
Your rights
PLACEHOLDER — access, correction, export (leagues can self-serve CSV export at any time), and deletion. Deletion requests honored within 30 days. Contact route below.
Contact
Questions about privacy or your data: leaguemgmt@thinkxdesign.com. You'll get an answer from a human.