Important — minors' data
FanFeed collects personal data from minors (athletes under 18). This Privacy Policy is designed to comply with the Children's Online Privacy Protection Act (COPPA), the COPPA 2.0 amendments passed by the U.S. Senate in March 2026, FERPA, the Colorado Privacy Act (CRS § 6-1-1301 et seq.), and the FTC's April 2025 COPPA Rule amendments. Fines for COPPA violations reach $53,088 per violation. Parents and guardians: please read this policy carefully.
1. Information We Collect
1.1 Information you provide directly
- Name, email address, phone number, and date of birth
- Athletic profile data: sport, position, height, weight, GPA, graduation year, highlight video links
- School name, city, state
- Recruiting preferences and target college lists
- Parent/guardian name and contact information (collected for athletes under 18; required before a college coach can contact a minor through FanFeed)
- Profile photos and uploaded highlight videos
- NIL deal information and payment details (processed by Stripe)
1.2 Information collected automatically
- IP address, browser type, operating system, device identifiers
- Pages visited, time on page, click patterns, navigation paths
- Coach profile view events (stored for notification delivery to athletes)
- Session data and authentication tokens (managed by Supabase)
- Cookies and similar tracking technologies (see Cookie Policy)
1.3 Information we do NOT collect
- Social Security Numbers or government ID numbers
- Full credit card numbers (Stripe tokenizes all payment data)
- Health or medical information
- Student education records beyond what athletes voluntarily provide
- Location data beyond city/state
2. Minors & Children's Privacy
FanFeed is designed for users age 13 and older. Users under 13 are prohibited from creating an account or claiming a profile— date of birth is verified at sign-up and an under-13 entry is a hard stop. A profile a coach pre-builds for an athlete stays unpublished and non-indexed until that athlete (13+) verifies their date of birth and claims it.
Athletes ages 13–17 may create and publish a recruiting profile — identity, athletic information, and highlight film — in the same way they would on Hudl, MaxPreps, or a public team roster. This profile information is public-facing by design, because the purpose of the Platform is to be seen by college coaches.
2.1 Parental Consent & Controls
The one channel FanFeed gates behind verifiable parental consent (VPC) is a college coach contacting a minor. Before any coach can message or initiate contact with an athlete under 18 through FanFeed, a parent/guardian must be on file and grant that permission.
- Athletes under 18 are asked to add a parent/guardian email so the guardian can be looped in to the recruiting process
- Coach-to-minor messaging stays locked until a parent/guardian grants the contact (“outreach”) permission
- Parents/guardians may review, edit, or delete their child's data at any time by contacting support@fanfeed.me
- Parents/guardians may unpublish the profile or revoke consent at any time, which removes the profile from public view
- We do not use a minor athlete's data for behavioral advertising and we do not sell it to third parties
2.2 Data Minimization for Minors
FanFeed collects only the minimum information necessary to provide recruiting profile services to minor athletes. We do not use minor athletes' data for behavioral advertising. We do not sell minor athletes' data to third parties.
2.3 Evolving Law (COPPA 2.0)
COPPA 2.0, passed by the U.S. Senate in March 2026, would extend certain protections to users under 17. FanFeed monitors this legislation and will adapt its consent model — including, if required, extending verifiable parental consent to additional age bands — as the final rules take effect. We already prohibit targeted advertising to minors and honor data-deletion requests today.
3. How We Use Your Information
- Profile Display. To display your athlete profile to verified college coaches and other authorized users.
- Coach View Notifications. To deliver real-time notifications when coaches view your profile.
- NIL Marketplace. To host athlete storefronts where brands can browse and book services directly from athletes.
- Subscription Management. To process payments and manage subscription tiers.
- Platform Improvement. To analyze usage patterns and improve Platform functionality.
- Communications. Transactional emails, weekly recruiting digests (opt-in), and important notices.
- Safety & Security. To detect and prevent fraud, abuse, and unauthorized access.
- Legal Compliance. To comply with COPPA, FERPA, NCAA guidelines, and applicable law.
4. Information Sharing & Disclosure
FanFeed does NOT sell personal information. We share information only as described:
- Verified Coaches. Athlete profile data is visible to verified college coaches per athlete privacy settings.
- NIL Brands. Athlete name, sport, and school are visible to brands for NIL deal purposes, subject to athlete consent.
- Stripe, Inc. Payment data is shared with Stripe for transaction processing.
- Supabase. Database and authentication provider, processing user data under a data processing agreement.
- Anthropic. AI provider that processes prompts and platform-generated text (bios, scouting summaries, coach-email drafts) under a sub-processor agreement. Anthropic does not retain user data for model training.
- Resend. Email service provider for transactional communications.
- Vercel. Hosting platform that processes request logs.
- Upstash. Rate-limit and ephemeral cache provider.
- Legal Requirements. We may disclose data when required by law, subpoena, or to protect the safety of minors.
- Business Transfer. In a merger or acquisition, user data may be transferred to successor entities.
5. Data Retention & Deletion
We retain personal data as long as your account is active or as needed to provide services. You can delete your account in-app at any time from Settings → Delete Account. Upon deletion, we remove personal data within 30 days, except as required by law.
Coach view log data is retained for 2 years for platform integrity. NIL transaction records are retained for 7 years for tax and legal compliance.
For other data deletion or correction requests, contact support@fanfeed.me.
6. Security
FanFeed implements industry-standard security measures including: TLS/HTTPS encryption for all data in transit; Supabase Row Level Security (RLS) for database access control; bcrypt password hashing; JWT authentication token management; API rate limiting via Upstash; and regular security reviews. No system is 100% secure. In the event of a data breach affecting minor users, FanFeed will notify affected parents/guardians within 72 hours.
7. Your Rights (Colorado Privacy Act)
- Right to know what personal data we collect
- Right to access your personal data
- Right to correct inaccurate personal data
- Right to delete your personal data
- Right to opt out of sale of personal data (we do not sell data)
- Right to opt out of targeted advertising based on personal data
- Right to non-discrimination for exercising privacy rights
To exercise your rights, contact support@fanfeed.me.
8. Mobile App & Device Permissions
The FanFeed iOS app requests the following permissions, which you may grant or deny:
- Push notifications. To alert you when a coach views your profile, when you receive messages, and when someone follows you. We store an Apple Push Notification Service (APNs) device token tied to your account so we can deliver these alerts. You can disable push notifications at any time in iOS Settings.
- Camera and photo library. To upload highlight videos, profile photos, and post media. We only access camera/photos when you tap an upload button. We do not scan your photo library in the background.
- Sign in with Apple. If you choose Sign in with Apple, we receive the name and email you authorize Apple to share. If you select Apple's private relay email, we only receive the relay address.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address at least 14 days before the changes take effect, or through a prominent notice on the Platform. The "Last updated" date at the top reflects the most recent revision.
10. Contact
FanFeed Privacy Officer
FanFeed LLC
support@fanfeed.me
fanfeed.me/privacy