Privacy Policy
Last updated: March 6, 2026
1. Overview
Arenalinq operates a platform connecting college athletic programs with prospective student-athletes. This Privacy Policy describes how we collect, use, and protect information across the recruiting portal (coaches and staff), player portal (athletes and parents), and public player card pages.
2. Information We Collect
2.1 Information Athletes and Parents Provide Directly
- Account information (name, email, date of birth)
- Profile information (sport, position, physical attributes, athletic experience, education, video highlights, bio)
- Optional contact information (phone, hometown)
- Optional social links
- Billing information (collected by Stripe — we do not store credit card numbers)
2.2 Information Customers and Authorized Users Provide
Recruiting records, evaluations, notes, pipeline assignments (workspace-scoped, owned by Customer).
2.3 Information Collected Automatically
IP address, browser type, device information, usage patterns. Cookies used only for authentication and session management.
3. How We Use Information
To provide and maintain the Service; enable athlete profile creation and scout discovery; process subscriptions and payments; send transactional emails (verification, billing, notifications); enforce age-based access restrictions; comply with legal obligations.
We do not sell personal information. We do not use athlete data for advertising.
4. How We Share Information
With Customers (scout visibility): When athlete profile is visible and subscription is active, excluding private contact details.
With service providers:
- Supabase: Database and authentication
- Stripe: Payment processing
- Postmark: Transactional email
- Vercel: Hosting
- GeoDB via RapidAPI: Location data
- API Ninjas: School data
As required by law.
5. Athlete Profile Visibility
5.1 Default private. Athletes control visibility through settings.
5.2 Scout visibility requires active subscription. Email, phone, and date of birth excluded from scout view.
5.3 Share token provides private link access independent of scout visibility.
5.4 Age-based restrictions: under-13 managed by parent only; 13–14 limited visibility, contact restricted; 15–17 most fields visible when public, age only (never full DOB); 18+ full access, age displayed (never full DOB).
5.5 Athlete phone and email never accessible through any coach-facing feature, per NCAA regulations.
6. Data Retention and Deletion
6.1 Athlete data retained while account exists. Athletes or parents may delete at any time. Deletion is immediate and permanent.
6.2 Customer recruiting records retained per workspace settings, unaffected by athlete deletion.
6.3 Minimal deletion log (user ID, timestamp, method) maintained for compliance. Contains no profile data.
7. Children’s Privacy (COPPA)
7.1 Children under 13 may not create their own accounts. Parent or guardian must create and manage the account.
7.2 Verifiable parental consent required before collecting data for a child under 13. Consent is obtained through the parent account creation process, which requires email verification via one-time passcode before any child data is collected. Only the parent enters information on behalf of the child.
7.3 Parents may at any time:
- Review their child’s information
- Request deletion
- Refuse further collection
- Manage all settings and visibility
7.4 For children under 13, only information necessary to maintain the profile as directed by the parent is collected.
7.5 No behavioral advertising served to any users.
7.6 Children under 13 cannot manage their own notification preferences.
To exercise parental rights: use player portal settings or contact hello@arenalinq.com.
8. Your Privacy Rights
8.1 All users: Access, correct, delete data, and opt out of non-essential notifications through the Service.
8.2 California Residents (CCPA/CPRA)
Right to know, right to delete, right to opt out of sale. We do not sell personal information. Contact: hello@arenalinq.com.
8.3 European Residents (GDPR)
Lawful basis: contract performance, legitimate interests, legal obligations. Rights to access, rectification, erasure (Article 17 — self-service via player portal), restrict processing, data portability, object, lodge complaint with DPA. Children’s consent (Article 8) satisfied through parent account system.
Contact: hello@arenalinq.com.
8.4 International Transfers
US-based. Standard Contractual Clauses for EEA/UK/Switzerland transfers.
9. Security
- Row-level security on all database tables
- Server-side enforcement of access controls and age restrictions
- Encryption in transit (TLS)
- OTP authentication (no stored passwords)
- Separation of athlete identity data from workspace recruiting data
10. Changes
We may update this policy. Material changes notified via email.
11. Contact
Questions? Contact us at hello@arenalinq.com.