Privacy Policy

1. Information We Collect

1.1 Information you provide directly

• Name, email address, phone number, and date of birth
• Athletic profile data: sport, position, height, weight, GPA, graduation year, highlight video links
• School name, city, state
• Recruiting preferences and target college lists
• Parent/guardian name and contact information (required for users under 18)
• Profile photos and uploaded highlight videos
• NIL deal information and payment details (processed by Stripe)

1.2 Information collected automatically

• IP address, browser type, operating system, device identifiers
• Pages visited, time on page, click patterns, navigation paths
• Coach profile view events (stored for notification delivery to athletes)
• Session data and authentication tokens (managed by Supabase)
• Cookies and similar tracking technologies (see Cookie Policy)

1.3 Information we do NOT collect

• Social Security Numbers or government ID numbers
• Full credit card numbers (Stripe tokenizes all payment data)
• Health or medical information
• Student education records beyond what athletes voluntarily provide
• Location data beyond city/state

2. COPPA & Children's Privacy

FanFeed's Platform is designed for users age 13 and older. Users under 13 are prohibited from creating accounts. For users ages 13–17 (and under 16 under COPPA 2.0 when enacted), FanFeed requires verifiable parental consent (VPC) before collecting, using, or disclosing their personal information.

2.1 Verifiable Parental Consent (VPC) Process

• During registration, athletes under 18 must provide a parent/guardian email address
• FanFeed sends a consent request to the parent/guardian email with a unique verification link
• The parent/guardian must click the link and complete the Parental Consent Form
• No personal data is stored or used until VPC is confirmed
• Parents/guardians may review, edit, or delete their child's data at any time by contacting support@fanfeed.me
• Parents/guardians may revoke consent at any time, which results in account deactivation

2.2 Data Minimization for Minors

FanFeed collects only the minimum information necessary to provide recruiting profile services to minor athletes. We do not use minor athletes' data for behavioral advertising. We do not sell minor athletes' data to third parties.

2.3 COPPA 2.0 Compliance

COPPA 2.0, passed by the U.S. Senate in March 2026, extends COPPA protections to users under 17. FanFeed is building its data architecture to comply with COPPA 2.0 from launch, including age-appropriate design, enhanced parental controls, prohibition on targeted advertising to users under 17, and data deletion rights.

3. How We Use Your Information

• Profile Display. To display your athlete profile to verified college coaches and other authorized users.
• Coach View Notifications. To deliver real-time notifications when coaches view your profile.
• NIL Marketplace. To host athlete storefronts where brands can browse and book services directly from athletes.
• Subscription Management. To process payments and manage subscription tiers.
• Platform Improvement. To analyze usage patterns and improve Platform functionality.
• Communications. Transactional emails, weekly recruiting digests (opt-in), and important notices.
• Safety & Security. To detect and prevent fraud, abuse, and unauthorized access.
• Legal Compliance. To comply with COPPA, FERPA, NCAA guidelines, and applicable law.

4. Information Sharing & Disclosure

FanFeed does NOT sell personal information. We share information only as described:

• Verified Coaches. Athlete profile data is visible to verified college coaches per athlete privacy settings.
• NIL Brands. Athlete name, sport, and school are visible to brands for NIL deal purposes, subject to athlete consent.
• Stripe, Inc. Payment data is shared with Stripe for transaction processing.
• Supabase. Database and authentication provider, processing user data under a data processing agreement.
• Anthropic. AI provider that processes prompts and platform-generated text (bios, scouting summaries, coach-email drafts) under a sub-processor agreement. Anthropic does not retain user data for model training.
• Resend. Email service provider for transactional communications.
• Vercel. Hosting platform that processes request logs.
• Upstash. Rate-limit and ephemeral cache provider.
• Legal Requirements. We may disclose data when required by law, subpoena, or to protect the safety of minors.
• Business Transfer. In a merger or acquisition, user data may be transferred to successor entities.

5. Data Retention & Deletion

We retain personal data as long as your account is active or as needed to provide services. You can delete your account in-app at any time from Settings → Delete Account. Upon deletion, we remove personal data within 30 days, except as required by law.

Coach view log data is retained for 2 years for platform integrity. NIL transaction records are retained for 7 years for tax and legal compliance.

For other data deletion or correction requests, contact support@fanfeed.me.

6. Security

FanFeed implements industry-standard security measures including: TLS/HTTPS encryption for all data in transit; Supabase Row Level Security (RLS) for database access control; bcrypt password hashing; JWT authentication token management; API rate limiting via Upstash; and regular security reviews. No system is 100% secure. In the event of a data breach affecting minor users, FanFeed will notify affected parents/guardians within 72 hours.

7. Your Rights (Colorado Privacy Act)

• Right to know what personal data we collect
• Right to access your personal data
• Right to correct inaccurate personal data
• Right to delete your personal data
• Right to opt out of sale of personal data (we do not sell data)
• Right to opt out of targeted advertising based on personal data
• Right to non-discrimination for exercising privacy rights

To exercise your rights, contact support@fanfeed.me.

8. Mobile App & Device Permissions

The FanFeed iOS app requests the following permissions, which you may grant or deny:

• Push notifications. To alert you when a coach views your profile, when you receive messages, and when someone follows you. We store an Apple Push Notification Service (APNs) device token tied to your account so we can deliver these alerts. You can disable push notifications at any time in iOS Settings.
• Camera and photo library. To upload highlight videos, profile photos, and post media. We only access camera/photos when you tap an upload button. We do not scan your photo library in the background.
• Sign in with Apple. If you choose Sign in with Apple, we receive the name and email you authorize Apple to share. If you select Apple's private relay email, we only receive the relay address.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address at least 14 days before the changes take effect, or through a prominent notice on the Platform. The "Last updated" date at the top reflects the most recent revision.

10. Contact

FanFeed Privacy Officer

FanFeed LLC
support@fanfeed.me
fanfeed.me/privacy