1. Who We Are and How to Contact Us

RecruitMyGame, LLC (“RecruitMyGame,” “we,” “us,” or “our”) is the data controller for personal information collected through recruitmygame.com and related services. For the JUCO Transfer Portal (“JUCO Portal”), please see the separate JUCO Portal Privacy Policy.

Privacy contact: privacy@recruitmygame.com

Data Protection Officer (GDPR): dpo@recruitmygame.com

CCPA / Consumer Rights requests: privacy@recruitmygame.com

2. Information We Collect

A. Information You Provide Directly

• Account information: Name, email address, password, and profile photo
• Athletic profile: Sport, position, height, weight, statistics, highlights, awards, and achievements
• Academic information: GPA, standardized test scores, graduation year, school name, and academic honors
• Media uploads: Photos, videos, and game film you upload to your profile
• Schedule and availability: Athletic event dates, practice schedules, and tournament calendars
• Contact information: Phone number, home location, and social media handles (optional)
• Parent/guardian information: Name and contact information if provided for minor users
• Communications: Messages sent via support, feedback forms, or in-platform communication

B. Information Collected Automatically

• Usage data: Pages visited, features used, button clicks, and time spent on the platform
• Device and browser data: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Log data: Server logs including access times, referring/exit pages, and error logs
• Cookies and tracking technologies: See Section 6 for full details
• Coach profile views: When coaches view your profile, we may log this interaction for your analytics

C. Information from Third-Party Integrations

• Google Sign-In: If you use Google to authenticate, we receive your name, email address, and profile picture from Google
• Google Calendar: If you connect your calendar, we access event titles, dates, times, and locations you authorize us to sync
• Payment processing (Stripe): Stripe shares transaction confirmation and billing details with us; we do not store full card numbers

D. Sensitive Personal Information

We collect certain categories of information that may be considered sensitive under applicable law, including academic records, athletic performance data, and (only if voluntarily provided) approximate physical characteristics such as height and weight. We do not collect Social Security numbers, government ID numbers, financial account numbers, precise geolocation, biometric data, health data, or race or ethnicity for profiling purposes.

Sensitive personal information is used solely to provide the recruiting profile services you request. You may contact us to limit our use of your sensitive information as described in Section 8.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and maintain your athlete profile and account
• To enable coaches, recruiters, and scouts to discover and view your profile
• To provide, operate, and improve the platform and its features
• To sync your schedule with connected calendar services
• To generate digital business cards, QR codes, and promotional materials
• To process payments and manage subscriptions
• To send transactional emails (account confirmations, receipts, security alerts)
• To send marketing emails about our services (only with your consent, which you may withdraw at any time)
• To provide in-app messaging and platform notifications (Customer.io)
• To monitor platform security, detect fraud, and prevent abuse
• To diagnose technical problems and errors (Sentry)
• To analyze usage patterns and improve platform performance (analytics, with your consent)
• To comply with legal obligations and enforce our Terms of Service
• To respond to your support requests and inquiries

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract: Processing necessary to create your account and provide the Service
• Legitimate interests: Fraud prevention, platform security, service improvement, and analytics (balanced against your privacy rights)
• Consent: Marketing emails, cookies for analytics and advertising, and calendar integration (you may withdraw consent at any time)
• Legal obligation: Compliance with applicable laws, including tax and financial regulations

5. Information Sharing and Third-Party Services

We do not sell your personal information to data brokers or third parties for their own independent marketing purposes. We share your information only as described below.

A. Profile Visibility

Your athlete profile, including name, sport, position, statistics, photos, and videos, is visible to coaches, recruiters, scouts, and the general public if your profile is set to public. You control your profile’s visibility in your account privacy settings at any time.

B. Service Providers (Data Processors)

We share data with the following service providers who process data on our behalf and are contractually bound to protect your information and use it only for the purposes we specify:

• Supabase: Database hosting and user authentication. Processes all platform data. Privacy Policy
• Vercel: Website hosting, CDN, and performance monitoring. Privacy Policy
• Stripe, Inc.: Payment processing. Stripe receives your payment card details directly and is a PCI-DSS certified processor. We receive only a transaction token, last four digits, and billing confirmation. Privacy Policy
• Sentry: Error tracking and diagnostics. Sentry may capture technical error data that could include contextual user information in error reports. We configure Sentry to minimize PII capture. Privacy Policy
• Resend: Transactional email delivery for account notifications and subscription confirmations.

C. Marketing and Analytics Partners (with Your Consent)

The following third-party services are activated only with your cookie consent for analytics and/or marketing categories:

• Google Analytics (Google LLC): Website usage analytics. When you consent to analytics cookies, anonymized usage data is sent to Google. Google may use this data in accordance with its own privacy policies. Privacy Policy
• Vercel Analytics: Anonymized page view and performance analytics collected through our hosting provider.
• Facebook Pixel (Meta Platforms, Inc.): When you consent to marketing cookies, we use the Facebook Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram and to show you relevant ads on Meta platforms. This constitutes “sharing” of your data for cross-context behavioral advertising under California law. You may opt out at any time by managing your cookie preferences or by visiting Meta’s Privacy Center. Meta Privacy Policy
• Customer.io: Marketing automation and in-app messaging. We use Customer.io to send you product updates, onboarding flows, and relevant communications. Customer.io processes your email address, name, and platform behavior data as directed by us. Privacy Policy

D. Legal and Safety Disclosures

We may disclose your information if required to do so by law, legal process, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a court order, subpoena, or law enforcement request.

E. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor entity. We will notify you via email and/or a prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

We use cookies, local storage, pixel tags, and similar technologies. You can manage your cookie preferences through our Cookie Settings banner or at any time by visiting our Cookie Policy.

• Essential cookies: Required for authentication, security, and core platform functionality. Cannot be disabled without breaking the Service.
• Analytics cookies: Collect anonymized usage data to help us understand how the platform is used and improve it. Activated only with your consent.
• Marketing cookies: Used by Facebook Pixel to measure ad performance and enable targeted advertising. Activated only with your consent. Use of marketing cookies constitutes “sharing” of your browsing behavior for cross-context behavioral advertising under CCPA/CPRA.
• Preference cookies: Remember your display and notification settings. Activated only with your consent.

Do Not Track: Our platform does not currently respond to browser “Do Not Track” signals. However, you can use our Cookie Settings to opt out of non-essential tracking.

Global Privacy Control (GPC): We honor the Global Privacy Control signal as an opt-out of the sale or sharing of personal information for California residents, in accordance with the CCPA/CPRA. If your browser sends a GPC signal, we will treat it as a valid opt-out request and disable marketing cookies accordingly.

7. Data Security and Retention

Security: We implement industry-standard security measures including TLS encryption for data in transit, encrypted database storage, role-based access controls, row-level security policies, and regular security reviews. However, no transmission or storage system is 100% secure.

Data Breach Notification: In the event of a data breach that affects your personal information and that creates a risk of harm, we will notify you and, where required, applicable regulatory authorities without undue delay and within the timeframes required by applicable law (e.g., within 72 hours for GDPR; promptly as required by applicable state laws in the US, including California Civil Code §1798.29 and §1798.82).

Data Retention:

• Active account data: Retained while your account is active and for up to 90 days after account closure to allow reactivation
• Deleted account data: Permanently deleted within 30 days of confirmed account deletion request, except as required by law
• Calendar sync data: Deleted within 30 days after you disconnect the integration
• Payment and billing records: Retained for 7 years for tax, accounting, and legal compliance
• Analytics data: Anonymized or deleted after 26 months
• Support communications: Retained for 2 years
• Legal hold: Data subject to legal proceedings, subpoenas, or regulatory inquiries will be retained until the matter is resolved

8. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”):

Right to Know

You have the right to request that we disclose: the categories of personal information we have collected about you; the categories of sources; the business purposes for collecting or selling it; the categories of third parties with whom we share it; and the specific pieces of personal information we hold about you. You may make this request up to twice per 12-month period, free of charge.

Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information needed to complete a transaction, detect security incidents, comply with legal obligations, or fulfill other permitted purposes).

Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing

We do not sell personal information in the traditional sense. However, our use of the Facebook Pixel for cross-context behavioral advertising constitutes “sharing” under CCPA/CPRA. You can opt out of this sharing at any time by:

• Clicking “Cookie Settings” in our footer and disabling marketing cookies
• Enabling a Global Privacy Control (GPC) signal in your browser
• Emailing us at privacy@recruitmygame.com with subject line “Do Not Sell or Share My Personal Information”

Right to Limit Use of Sensitive Personal Information

You have the right to direct us to use your sensitive personal information (academic records, physical characteristics) only for the limited purpose of providing you the recruiting profile service. Contact us to exercise this right.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

Children Under 16 — Opt-In for Sale/Sharing

We do not sell or share the personal information of users we know to be under 16 years of age without affirmative opt-in consent. For users between 13 and 15, a parent or guardian must provide this opt-in consent.

How to Submit a CCPA Request

Submit requests to Know, Delete, or Correct by:

• Email: privacy@recruitmygame.com with subject “CCPA Privacy Request”
• Through your account privacy settings (for data access and deletion)

We will respond to verified requests within 45 days. We may extend the response period by an additional 45 days when necessary, with notice to you.

Verification: We will verify your identity before processing requests to ensure we do not disclose or delete data belonging to another person. Verification may include confirming your email address or other account credentials.

9. Rights of EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under GDPR or applicable equivalent law:

• Right of access: Request a copy of personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (subject to legal retention obligations)
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your personal data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: We do not make solely automated decisions that produce significant legal or similar effects
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise GDPR rights, contact our Data Protection Officer at dpo@recruitmygame.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Other US State Privacy Rights

Several US states have enacted comprehensive consumer privacy laws, including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Florida (FDBR). Residents of these states may have rights similar to those described in our CCPA section above, including rights to access, delete, correct, and opt out of certain uses of personal data.

If you are a resident of a state with applicable privacy rights and wish to exercise them, please contact us at privacy@recruitmygame.com indicating your state of residence and the right(s) you wish to exercise.

11. Children’s Privacy (COPPA)

The Service is intended for users age 13 and older. We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent as required by the Children’s Online Privacy Protection Act (“COPPA”).

If we discover that we have inadvertently collected personal information from a child under 13 without required parental consent, we will promptly delete it. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@recruitmygame.com.

For users ages 13–17, we strongly encourage parental involvement. Parents and guardians may request access to, correction of, or deletion of their minor child’s account data by contacting us with proof of their parental relationship.

12. Student Educational Records (FERPA Notice)

RecruitMyGame is not an educational institution and is not subject to the Family Educational Rights and Privacy Act (“FERPA”) as a covered educational agency. However, we recognize that our platform handles data similar in nature to educational records (such as GPA and academic standing).

Any academic information you submit to your profile is provided voluntarily by you and is not sourced from your school’s records systems. You are responsible for ensuring that any academic data you provide is accurate and that you have the right to share it.

If you are a coach or school official and are concerned about the sharing of student educational records through the platform, please contact us at privacy@recruitmygame.com.

13. International Data Transfers

RecruitMyGame is based in the United States. Your personal information may be transferred to and processed in the United States and other countries where our service providers operate, which may have different data protection laws than your country of residence.

For transfers from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms. For more information or to obtain a copy of these clauses, contact dpo@recruitmygame.com.

14. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, services, or applicable legal requirements. When we make material changes, we will notify you at least 14 days before the change takes effect via:

• Email to the address associated with your account
• A prominent banner or notification within the platform

The updated policy will be effective as of the date indicated at the top of the page. Your continued use of the Service after the effective date constitutes acceptance of the revised policy. If you do not agree to the updated policy, you may close your account before the effective date.

15. Contact Us

To exercise your privacy rights, ask questions about this policy, or report a privacy concern, please contact us:

RecruitMyGame, LLC

General privacy inquiries: privacy@recruitmygame.com

GDPR / Data Protection Officer: dpo@recruitmygame.com

CCPA “Do Not Sell or Share” requests: privacy@recruitmygame.com

COPPA / Parent & Guardian concerns: privacy@recruitmygame.com