Privacy Policy

Draft — pending legal review. Effective date: [EFFECTIVE DATE] · Version: v0.1-draft.

This Privacy Policy explains what information Huddl collects, how we use and share it, and the choices you have. It applies to the Huddl progressive web app, the website at teamhuddl.com, and related services (together, the “Service”), operated by [LEGAL ENTITY NAME] (“Huddl”, “we”, “us”, or “our”). It is a companion to our Terms & Conditions and Community Guidelines; defined terms have the meanings given there. By using the Service you agree to the collection and use of information as described here. If you do not agree, do not use the Service.

1. Adults only (18+)

The Service is intended solely for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it.

2. Information we collect

Information you provide:

  • Account identifiers — your email address (used for passwordless one-time-code login); later, optionally a phone number.
  • Profile information — your name, position/role text, and an avatar photo if you upload one.
  • Team membership — the Team you join via an invite link and the type you pick (Player or Staff).
  • Account-recovery information — a backup email you optionally add and verify (we store a verification code hash, not your raw code).
  • Content you create — clips, photos, plays, comments, reactions, Vibe Check responses, goals, Comment Box feedback, mentions, and messages.
  • Acceptance records — the date and version of the Terms you accepted.

Information collected automatically: if you enable notifications, the push subscription your browser/device generates; and basic technical and usage data needed to operate and secure the Service (e.g. device/browser type, IP address, timestamps, and error logs).

What we do not do: we do not use third-party advertising trackers or sell access to your activity to advertisers.

3. How we use information

  • Provide the Service — maintain your Account, show your Content to the right audience, and run Teams, surveys, goals, and feedback features.
  • Authenticate you — send and verify one-time login codes and support account recovery via your verified backup email.
  • Send communications — deliver push notifications and transactional emails (e.g. login and verification codes).
  • Keep the Service safe — moderate reported Content, enforce the Terms and Community Guidelines, and address security.
  • Maintain, improve, and comply — debug, monitor reliability, develop features, and meet legal obligations.

4. How information is shared

With your Team (according to visibility). Your name and avatar are visible to teammates and Coaches/Admins; Content you post is shared with the audience for the channel you posted it to; Coaches/Team Admins can see Member information needed to administer the Team and must keep it confidential.

Anonymity and the players-only channel. Some features are designed around controlled visibility, enforced at the database access-control layer (Row-Level Security), not merely hidden in the interface:

  • Vibe Check responses are shown to Coaches only in aggregate and are never attributed to an individual.
  • Comment Box feedback can be submitted anonymously; anonymous messages do not carry your name to the Coach.
  • Players-only channels (including a future players-only video channel) are designed so Coaches, Staff, and Team leadership cannot see that Content.

Not end-to-end encrypted. These protections are role-based access controls, not end-to-end encryption. The Platform Operator can technically access this Content — for example to operate the Service, respond to escalated reports, comply with law, or address security. We handle it consistent with this Policy, but you should not treat it as hidden from us.

With service providers. We use providers that process information on our behalf, only to run the Service: Supabase (database, authentication, file storage, logs); Vercel (application hosting); Apple/Google push services (notification delivery); Resend (transactional emails); Cloudflare Stream (storing/delivering uploaded photos and videos); and Inngest (background jobs such as timed board release and notifications).

Legal, safety, and business transfers. We may disclose information where we believe in good faith it is necessary to comply with law, enforce our Terms, prevent fraud or abuse, or protect rights and safety; and information may transfer as part of a merger, acquisition, or sale of assets, with continued protection consistent with this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

5. Push notifications and emails

If you enable push notifications, we use your push subscription to deliver them; you can turn push off any time in Settings → Notifications or in your device settings. Some communications — such as one-time login codes and backup-email verification codes — are transactional and necessary to use the Service; they cannot be turned off while you have an Account.

6. Cookies, local storage, and the service worker

As an installable progressive web app, Huddl uses essential session storage/cookies to keep you signed in and refresh your session securely, and a service worker and local cache so the app loads reliably and can receive push notifications. We do not use advertising or cross-site tracking cookies.

7. Data retention

We keep your information for as long as your Account is active and as needed to provide the Service. After deletion, copies may persist for a limited, ordinary period in backups and where required to comply with law, resolve disputes, or enforce our agreements. Aggregated or de-identified information (e.g. anonymized Vibe Check trends) may be retained.

8. Your choices and rights

  • Access and update. View and edit your name, position, and avatar from your profile, and manage your backup email and push notifications in Settings.
  • Account deletion. To request deletion of your Account and associated personal information, contact us at [SUPPORT/PRIVACY CONTACT]. Some information may be retained as described in §7, and Content others already received may persist in their copies.
  • Privacy rights. Depending on where you live, you may have rights to access, correct, delete, port, or object to certain processing, and to withdraw consent. To exercise them, contact us at [SUPPORT/PRIVACY CONTACT]; we will not discriminate against you for doing so.

9. Security

We protect information with measures including server-side authorization via Postgres Row-Level Security, passwordless one-time-code authentication, hashing of backup-email verification codes, and encryption in transit. No method of transmission or storage is completely secure, and — as stated in §4 — the Service is not end-to-end encrypted, so we cannot guarantee absolute security.

10. International data transfers

The Service is operated using providers that may store and process information in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.

11. Third-party links

The Service may contain links to third-party sites or services we do not control (for example a shared invite link opened in a browser). This Policy does not apply to those third parties; review their privacy policies.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the version string and effective date above. For material changes, we will provide reasonable notice through the Service or to your verified identifier. Continued use after a non-material update constitutes acceptance.

13. Contact

Questions or requests about this Policy or your information: [SUPPORT/PRIVACY CONTACT — e.g. privacy@teamhuddl.com]. [LEGAL ENTITY NAME], [MAILING ADDRESS].