Transparency
GameDay Privacy Policy (United States)
Effective date: . [YOUR LEGAL ENTITY NAME — replace before production] (“GameDay,” “we,” “us”) describes how we handle personal information collected through GameDay products for U.S. organizers, collaborators, and guests. We will publish separate disclosures before marketing the Service in the EU/UK.
What this Policy covers
This Policy covers personal information we process when you create an account, join or manage teams, create or follow matches, accept legal notices in the product, invite or claim roster relationships, RSVP, upload or view photos, open share links (with or without signing in), purchase subscriptions, submit feedback on our interactive product demo, or contact support. It also covers cookies and similar technologies described in our Cookie Notice.
Categories of personal information
- Identifiers & account details. Email address, Supabase Auth identifiers, profile display names, team membership roles, staff invite codes you use to join a team, invitation tokens, per-match collaborator access levels, records of which Terms and Privacy versions you accepted (and when), and optional marketing preferences.
- Team & player data you choose to store. Team names, sports, seasons, roster fields (for example player names and jersey numbers), parent or guardian relationships, and consent choices recorded when claiming a player profile.
- Match operations. Scores, timeline events, lineup assignments, RSVP status and optional notes, share-link and QR usage, and related timestamps.
- Photos & media. Images you upload, metadata such as who uploaded a photo and when, storage paths in Supabase Storage, and access rules that may limit which photos appear to share-link visitors versus signed-in team members.
- Payment data.Subscription status, tier, and Stripe customer or subscription identifiers—we do not receive full payment card numbers because Stripe tokenizes them subject to Stripe's notices.
- Device & network data. IP address, browser user agent, timestamps, diagnostic logs, service worker caches, and cookies or local storage (for example session authentication and share-link context such as which organizer shared a match with you).
- Interactive demo feedback.If you try our product demo without signing in, we may store your reaction (for example love, maybe, or not for me), optional written suggestions, and an optional email if you ask for launch updates. To limit duplicate or abusive submissions, we also store your IP address and a random identifier saved in your browser's local storage on that device. We do not use demo data for advertising.
Sources
We collect personal information directly from you, automatically when you use authenticated or share-link experiences, from payment processors about completed transactions, and from communications you send us (for example support emails).
Purposes of processing
- Operate, secure, and improve the Service, including permission checks, team and match access controls, photo visibility rules, and database row-level security.
- Facilitate invitations, roster claims, staff join codes, share links, and collaborator access you configure.
- Process subscriptions, detect fraud, reconcile accounting, and comply with tax or financial recordkeeping rules.
- Send transactional notices (for example password resets, team or match invitations, and account-related messages) and—for users who opt in—product marketing.
- Demonstrate compliance with our Terms and this Policy, including retaining records of policy acceptance.
- Respond to legal requests and protect the safety, rights, or property of users, GameDay, or the public.
- Understand interest in the product, improve the demo experience, and prevent duplicate or abusive demo feedback submissions.
How photos and share links work
When you upload photos to a match, we associate them with your account. Organizers, staff, and team members with appropriate access can typically view the full match gallery. If someone opens a public or semi-public share link without full team access, we may show only photos uploaded by the person who shared that link, so families invited by different parents do not automatically see one another's uploads. Share-link context may be stored in a cookie or similar technology on your device to enforce those limits.
Disclosures to service providers
We engage vendors that process information on our behalf, including Supabase (hosted PostgreSQL, authentication, and object storage), Vercel (hosting and edge delivery), Stripe (payments), and transactional email providers configured for your project. Each vendor maintains its own privacy policy; we instruct them to handle data consistent with this Policy and applicable law.
Legal & safety disclosures
We may disclose information to courts, regulators, or law enforcement when required by law, subpoena, or similar process, or when we reasonably believe disclosure prevents harm, enforces our agreements, or investigates abuse.
Retention
We keep information for as long as your account is active, as needed to operate the Service, and as required by law. Legal consent records are retained in an append-only log to demonstrate which policy versions you accepted—we may retain consent metadata longer than other account data if instructed by counsel.
Security
We rely on industry-standard transport encryption, access controls managed through Supabase Row Level Security policies, least-privilege administrative accounts, and frequent dependency updates. No method of storage is perfect; report suspected incidents to [YOUR PRIVACY & LEGAL EMAIL — replace before production].
Children
GameDay is not designed for unsupervised use by children under 13. Adults who create profiles or upload content about minors represent that they obtained any legally required parental or guardian approvals.
Your choices
- Use in-app settings (where available) to update profile information or revoke optional marketing once controls ship; until then, email [YOUR PRIVACY & LEGAL EMAIL — replace before production].
- California residents may exercise access, deletion, or correction rights under the CCPA/CPRA by emailing [YOUR PRIVACY & LEGAL EMAIL — replace before production] with enough detail for us to verify the request.
- If you submitted demo feedback (with or without an email), you may ask us to delete that submission by emailing [YOUR PRIVACY & LEGAL EMAIL — replace before production].
- Nevada residents may request to opt out of certain sales (we do not presently sell personal information for money; this language future-proofs regulatory changes).
International processing
Our primary infrastructure is operated in the United States. If you later expand usage abroad, we may store or process data using cloud regions outside the U.S. pursuant to updated agreements and transfer tools.
Changes to this Policy
We revise this Policy when our practices or the law changes. Material updates will refresh the Effective Date and may include notices in product or email prior to enforcement.
Contact us
Privacy questions: [YOUR PRIVACY & LEGAL EMAIL — replace before production]
Postal address: [Optional: mailing address for legal notices]