Data Privacy & Security Policy

Effective March 2025 | Last Updated March 2026

LaceUp Soccer is committed to protecting the privacy and security of all users, especially the young athletes who use our platform. This policy explains what data we collect, how we use it, and how we protect it.

1. Who Owns the Data?

Your club owns your club's data. LaceUp stores and processes data on behalf of the club. Player evaluations, skill ratings, team structures, and coaching records belong to the club that created them. LaceUp does not sell, share, or use club data for any purpose other than providing the LaceUp service.

2. What Data Do We Collect?

  • Account information: Name, email address, and role (player, coach, or club admin). For players: birth date, position preference, and preferred foot.
  • Evaluation data: Skill ratings provided by coaches, evaluation dates, and optional coach notes.
  • Game results: Scores, opponents, and game dates entered by coaches or club admins.
  • Usage data: Login frequency and feature usage to improve the product. No browsing history or location tracking.

We do not collect: social security numbers, financial information, photos of minors, home addresses, school information, or medical records.

3. Data Isolation Between Clubs

Each club's data is completely isolated. Club A cannot see Club B's players, evaluations, or coaching data. This is enforced at the database level through Row Level Security (RLS) policies, not just application logic. Even LaceUp engineers access club data only for technical support purposes and only with club admin authorization.

4. Who Can See What?

  • Club directors/admins can see all teams, coaches, players, and evaluations within their club.
  • Coaches can see rosters and evaluations for teams they are assigned to.
  • Players can see only their own skill ratings, benchmarks, and training recommendations.
  • Parents (via shared read-only links) can see only their child's development data. They cannot see other players' ratings, team rankings, or coach engagement metrics.
  • No one outside the club can see any club data. There are no public leaderboards or cross-club comparisons.

5. Children's Privacy (COPPA Compliance)

LaceUp is designed to be used by youth soccer clubs with players under 13. We take children's privacy seriously. Player accounts for children under 13 should be created by a parent, guardian, or club administrator. We collect only the minimum data necessary to provide the service (name, birth date for age group assignment, and skill evaluations). We do not serve advertising, do not allow direct messaging between users, and do not collect location data.

6. Data Security

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest.
  • Authentication: Accounts are protected by password or Google OAuth with session management.
  • Infrastructure: Data is hosted on Supabase (built on AWS) with enterprise-grade security, automated backups, and monitoring.
  • Access control: Row Level Security ensures users can only access data they are authorized to see.

7. Data Deletion & Portability

  • A player or parent can request deletion of their child's account and all associated data by contacting their club admin or emailing info@laceupsoccer.com.
  • A club admin can request deletion of the entire club's data at any time.
  • A club admin can request a full export of their club's data in a standard format (CSV/JSON).
  • Upon account deletion, personal data is permanently removed within 30 days. Anonymized, aggregated data (no personally identifiable information) may be retained for product improvement.

8. AI-Generated Insights

LaceUp uses AI (powered by Anthropic Claude) to generate training recommendations and development insights. When AI insights are generated, only the requesting user's relevant skill data is sent to the AI service. No player names or personally identifiable information are sent to the AI. AI-generated content is clearly labeled in the app. AI recommendations are suggestions, not directives, and should be interpreted by qualified coaches.

9. Third-Party Services

LaceUp uses the following third-party services to operate:

  • Supabase (database and authentication) — SOC 2 Type II compliant
  • Vercel (hosting) — SOC 2 Type II compliant
  • Google OAuth (optional sign-in) — used only for authentication, no data shared with Google
  • YouTube (training videos) — embedded videos only, no user data shared with YouTube
  • Anthropic Claude (AI insights) — no PII transmitted, data not used for AI training

10. Changes to This Policy

We will notify club admins of any material changes to this policy via email at least 30 days before changes take effect. Continued use of LaceUp after changes constitutes acceptance of the updated policy.

11. Contact

For questions about data privacy, data deletion requests, or security concerns, contact us at info@laceupsoccer.com.

← Back to LaceUp Soccer