Last revised on: 4 July 2019
FAIR INFORMATION PRACTICE PRINCIPLES
In general, Athlete Foundry, Inc. (herein “Athlete Foundry,” “Company,” “we,” “our,” or “us”) adheres to the following principles, based on the Fair Information Practice Principles (FIPPs), to guide all decisions in the treatment of Personally Identifiable Information (PII):
- Individual Participation:
We seek customer consent for the collection, use, dissemination, and maintenance of PII. In addition, we provide mechanisms for appropriate access, correction, deletion, and redress regarding the use of PII.
- Purpose Specification:
We specifically articulate the authority that permits the collection of PII, as part of customer subscription service onboarding (and any terms & condition and/ or private policy updates thereafter), and articulate the purpose or purposes for which the PII is intended to be used.
- Data Minimization:
- Use Limitation:
- Data Quality and Integrity:
To the extent practicable, we ensure that PII is accurate, relevant, timely, and complete.
We protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
- Accountability and Auditing:
We are accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing, in accordance with company internal policies and procedures, the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements.
STUDENT DATA PRINCIPLES
Although not a signatory to it, Athlete Foundry believes in ― and therefore ― voluntarily adheres to the following “Student Data Principles” (ref: http://studentdataprinciples.org/the-principles/) (NOTE: These elements only apply to providers who are contracted to school systems, which Athlete Foundry is not):
Student data should be used to further and support student learning and success.
- Student data are most powerful when used for continuous improvement and personalizing student learning.
- Student data should be used as a tool for informing, engaging, and empowering students, families, teachers, and school system leaders.
- Students, families, and educators should have timely access to information collected about the student.
- Student data should be used to inform and not replace the professional judgment of educators.
- Students’ personal information should only be shared, under terms or agreement, with service providers for legitimate educational purposes; otherwise the consent to share must be given by a parent, guardian, or a student, if that student is over 18. School systems should have policies for overseeing this process, which include support and guidance for teachers.
- Educational institutions, and their contracted service providers with access to student data, including researchers, should have clear, publicly available rules and guidelines for how they collect, use, safeguard, and destroy those data.
- Educators and their contracted service providers should only have access to the minimum student data required to support student success.
- Everyone who has access to students’ personal information should be trained and know how to effectively and ethically use, protect, and secure it.
- Any educational institution with the authority to collect and maintain student personal information should:
- Have a system of governance that designates rules, procedures, and the individual or group responsible for decision making regarding data collection, use, access, sharing, and security, and use of online educational programs;
- Have a policy for notification of any misuse or breach of information and available remedies;
- Maintain a security process that follows widely accepted industry best practices;
- Provide a designated place or contact where students and families can go to learn of their rights and have their questions about student data collection, use, and security answered.
STUDENT PRIVACY PLEDGE
Although not a signatory to it, Athlete Foundry believes in ― and therefore ― voluntarily makes the “Student Privacy Pledge,” (ref: https://studentprivacypledge.org/privacy-pledge/) (NOTE: These elements only apply to providers who are contracted to school systems, which Athlete Foundry is not):
- Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
- Not sell student personal information.
- Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
- Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
- Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
- Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
- Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
- Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
- Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
- Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
- Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
- Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
PERSONAL INFORMATION WE COLLECT
When you visit athletefoundry.com or any Athlete Foundry subdomain, we automatically collect certain information about your device, including information about the device type, your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse, we collect information about the individual web pages or products that you view, what websites or search terms referred you, and information about how you interact with the web pages or products. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on web pages or products, and collect data including your IP address, browser type, Internet Service Provider, referring/exit pages, user flow information, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse (i.e., user flow).
Additionally if you are an end user of the Athlete Foundry Platform (the “Platform”), we collect certain information from you. We refer to this information as “Customer Information,” and it includes the following:
Other data as it relates to a student athlete’s parent’s journey (e.g., hobbies, interests, parent priorities, etc.)
In order to provide service through the Platform, we collect additional information about the Student Athlete. We refer to the this information as “Student Athlete Information,” and it includes the following:
- Full name
- Primary sport(s) and position(s)
- Other sport(s) and position(s) played
- Athletic data for skills, game play, etc.
- Academic data
- Other data as it relates to the student athlete journey (e.g., hobbies, interests, awards, etc.)
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Device Information that we collect to do the following:
- Help us screen for potential risk and fraud (in particular, your IP address).
- Improve and optimize our web pages or products (e.g., by generating analytics about how our customers browse and interact with the web pages or products, and to assess the success of our marketing and advertising campaigns).
We use the Customer and Student Athlete Information that we collect to fulfill services offered by the Company. Additionally, we use this Personal Information to do the following:
- Communicate with you.
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services
We also use de-identified data for purposes of analytics and improvement of the platform and may choose to aggregate and monetize this de-identified information at some point.
Any data shared with third party partners will NEVER be attributable back to the customer without clear consent from and /or notice to the customer. If we share any data with a third party partner, it will ALWAYS be de-identified and with the intent to fulfill our Company purpose and vision.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with specific third parties strictly and ONLY to help us use your Personal Information to improve our service, as described above. For example, we use Google Analytics and Matomo Analytics to help us understand how you use our website pages and products, and 3rd party social media platform pixels to our website ONLY in order to correlate ad campaigns.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
DO NOT TRACK
Please note that we do not alter our web pages or product data collection and use practices when we see a Do Not Track signal from your browser.
You have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European Union (EU) Citizen, please note that we are processing your information in order to fulfill contracts we might have with you (for example, if you are a user of the Platform), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including but not limited to, Canada and the United States.
When you are a paying customer of the Platform, we will maintain your Customer Information for our records unless and until you ask us to delete this information. For the improvement of our services, we reserve the right to retain de-identified information until we determine it is no longer needed.
If you do not subscribe as a paying customer at the end of any/ all free trial or free promotional period, or you cancel service after any paid period, Athlete Foundry will disable your account for 30 days. If after 30 days, no action is taken by the end user or customer, Athlete Foundry reserves the right to de-identify account data but retain until we determine it is no longer needed, delete uniquely identifiable data files that practically cannot be de-identified (e.g., customer uploaded videos, pictures, documents), and delete the account.
Our platform is intentionally designed with safety in mind. We consider the Parent the “account holder.” With exception of student athlete chat and journal features, the Parent has full platform access and has sole approval authority for all student athlete “connection” requests and collegiate coach “follow” requests. While the Parent and student athlete will simultaneously get notified of such “connection” and “follow” requests, the Parent is the only person who can approve.
Student athlete chat and journal feasures are kept strictly private and confidential, only viewable by the student athlete. The chat feature is intra-family (between parents and their student athlete(s)) and inter-student athletes (between non-family student athlete(s) across the Athlete Foundry platform). Currently, we do NOT permit in-app text messages, or any form of 2-way communications, between a Parent or student athlete and collegiate coach.
We fully comply with the U.S. Congressionally enacted Children’s Online Privacy Protection Act (COPPA) of 1998, and amended in 2012.
For additional details concerning COPPA, see the FTC’s Complying with COPPA: Frequently Asked Questions here: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
For more information about our privacy practices, if you have questions about data collection, use, and security, or if you would like to make a complaint, please contact us by email at email@example.com.
CEO & Founder