Privacy Policy
Last updated: February 16, 2026
Peer10 (“we,” “our,” or “us”) is committed to protecting the privacy of our users, including youth athletes, parents, coaches, and organization administrators. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at peer10.com and our mobile applications (collectively, the “Service”).
We also maintain a dedicated Children's Privacy Notice with additional detail on how we handle data for users under 13.
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, and role within your organization (e.g., parent, coach, administrator). We also store authentication credentials managed by our identity provider.
Organization Data
Organization administrators provide league, season, team, and player information necessary to operate the platform, including player names, dates of birth, and division assignments.
Player Profiles
Player profiles (Identity Canvas) include names, jersey numbers, team assignments, skill assessments entered by coaches, and optional media (photos, game highlights). Player profiles are never publicly accessible and are visible only within the organization.
Media Content
Coaches may upload game film and photos. These are processed to generate coaching summaries and development insights. Media is stored securely and accessible only to authorized users within the organization.
Usage Data
We collect standard usage data including pages visited, features used, device type, browser type, IP address, and approximate location (city-level) to improve the platform experience. We do not use third-party advertising trackers.
Payment Information
Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers. Stripe's privacy policy governs the handling of payment data.
2. How We Use Your Information
- To provide, maintain, and improve the Peer10 platform
- To manage registrations, rosters, schedules, and communications
- To generate player profiles and development tracking
- To process game film and generate coaching insights
- To send notifications, reminders, and platform communications
- To provide customer support
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
3. AI and Data Processing
Peer10 uses AI to provide features such as roster balancing, game film analysis, smart message timing, and institutional memory. Key facts about our AI processing:
- AI processing is performed on data within your organization's scope — no cross-organization data access occurs
- No personally identifiable information (PII) is sent to third-party AI providers. We use entity IDs and anonymized data for AI analysis
- We do not use your organization's data to train general-purpose AI models
- AI-generated content is advisory only and requires human review before action
- AI providers (Anthropic for analysis/generation, OpenAI for embeddings) process data under strict data processing agreements with no training rights
4. Data Sharing and Sub-Processors
We do not sell your personal information to anyone, ever. We share data only as described below:
- Within your organization as necessary for platform functionality
- With service providers (sub-processors) who help us operate the platform, listed below
- When required by law or to protect the safety of children, our users, or the public
- In a business transfer such as a merger or acquisition, with notice to affected users
Sub-Processor List
The following third-party services process data on our behalf. Each operates under a data processing agreement:
| Provider | Purpose | Data Types | Location |
|---|---|---|---|
| Supabase | Authentication & identity | Email, auth tokens | US (AWS) |
| DigitalOcean | Application hosting & database | All application data | US |
| Stripe | Payment processing | Payment & billing data | US |
| SendGrid (Twilio) | Transactional email | Email addresses, message content | US |
| Anthropic | AI analysis & generation | Anonymized entity data (no PII) | US |
| OpenAI | Text embeddings | Anonymized text data (no PII) | US |
We will notify organizations at least 30 days before adding a new sub-processor that handles personal data.
5. Children's Privacy (COPPA)
Peer10 is designed for youth sports organizations and processes data about children under 13. We comply with the Children's Online Privacy Protection Act (COPPA), including the 2025 amendments effective April 22, 2026.
- No direct collection from children under 13. Player profiles for children are created and managed by their parent/guardian or an authorized organization administrator.
- Verifiable parental consent is required before collecting personal information about a child under 13. Accepted methods include: email verification with follow-up confirmation, signed consent form, government ID verification, and knowledge-based authentication — all in compliance with the 2025 COPPA amendments.
- Data minimization: We collect only what is necessary for the youth sports platform to function.
- No behavioral advertising is served to children. We do not use persistent identifiers to track children across services.
- No profiling of children for commercial purposes. AI features for children are limited to sports development insights visible only to parents and coaches.
- Third-party disclosure of children's data requires separate explicit parental consent and is never permitted for non-integral purposes.
Parental Rights
Parents and guardians of children under 13 have the right to:
- Review the personal information we hold about their child
- Request deletion of their child's data
- Revoke consent for further data collection
- Restrict the types of data collected about their child
Exercise these rights through the in-app Privacy Dashboard or by contacting [email protected].
For full details, see our dedicated Children's Privacy Notice.
6. Age-Tier Data Handling
We adjust data handling based on the athlete's age, enforced both in our platform logic and mobile applications:
| Age Tier | Data Governance | Consent Authority |
|---|---|---|
| Under 13 | Maximum restrictions. No behavioral tracking, no persistent identifiers, no profiling. Parent-controlled. | Parent/guardian only |
| 13–15 | Co-managed. Limited analytics. No sharing beyond organization without parental consent. | Parent/guardian with athlete awareness |
| 16–17 | Athlete-managed with parental visibility. Standard analytics with opt-out. | Athlete (parent may review) |
| 18+ | Full autonomy. Standard data processing with full consent controls. | Individual |
7. Cookies and Tracking Technologies
We use a limited set of cookies to operate the Service:
- Essential cookies: Authentication session, CSRF protection, cookie consent preference. These are required for the Service to function and cannot be disabled.
- Functional cookies: Role preference, locale setting, UI state. These improve your experience but are not strictly necessary.
- Analytics cookies: Anonymized usage patterns to help us improve the platform. No third-party advertising or tracking cookies.
We do not use third-party advertising cookies or cross-site tracking. For full details, see our Cookie Policy.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Organization data | Duration of active subscription + 30 days |
| Player profiles | Duration of organization membership or until parent requests deletion |
| Media content | Organization-configurable; deleted within 30 days of request |
| Audit logs | 7 years (compliance requirement) |
| Consent records | Indefinite (regulatory requirement to prove consent was obtained) |
| Usage/analytics data | 13 months (anonymized after 30 days) |
| AI-generated insights | Same as parent organization data |
9. Your Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:
All Users
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and associated data
- Export your organization's data in a machine-readable format
- Opt out of non-essential communications
European Economic Area, UK, and Switzerland (GDPR)
Where GDPR applies, our legal bases for processing are: (a) performance of a contract (providing the Service), (b) legitimate interests (security, fraud prevention, product improvement), (c) consent (where required, especially for children's data per Article 8), and (d) compliance with legal obligations. Additional GDPR rights include:
- Right to restriction — request that we limit processing of your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
- Right to lodge a complaint — with your local data protection authority
Data Controller / Processor: For player and organization data, the organization is the data controller and Peer10 is the data processor. For account data of individual users (admins, coaches, parents), Peer10 is the data controller. See our Data Processing Agreement for details.
International Data Transfers: Data is stored and processed in the United States. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.
Breach Notification: In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where the breach is likely to result in a high risk to their rights.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights:
- Right to know — what personal information we collect, use, disclose, and sell (we do not sell personal information)
- Right to delete — request deletion of personal information
- Right to opt out of sale — we do not sell personal information, so no opt-out is necessary
- Right to non-discrimination — we will not discriminate against you for exercising your rights
- Right to correct — request correction of inaccurate personal information
- Right to limit use of sensitive personal information — we only use sensitive personal information as necessary to provide the Service
Minors under 16 (CCPA): We do not sell or share personal information of users under 16 for cross-context behavioral advertising. If a minor under 16 declines consent for any data use, we will not re-ask for at least 12 months.
To exercise your California privacy rights, contact [email protected] or use the in-app Privacy Dashboard.
UK Children's Code (Age Appropriate Design Code)
For users in the United Kingdom, we comply with the ICO's Age Appropriate Design Code (Children's Code):
- High-privacy settings are the default for all users under 18
- Data collection is minimized to what is necessary for the youth sports platform
- No profiling of users under 18 without a compelling reason
- Geolocation is off by default for all users
- Nudge techniques are not used to encourage children to weaken their privacy settings
10. Data Security
We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, row-level security at the database layer, and regular security assessments. Player data is scoped to the organization level — no cross-organization data access is possible. For more detail, see our Security Overview.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. For changes affecting children's data, we will obtain new parental consent where required.
12. Data Protection Officer
Our Data Protection Officer can be reached at [email protected].
13. Contact Us
For privacy-related questions or to exercise your rights:
- Email: [email protected]
- Children's privacy: [email protected] (subject: “Children's Privacy”)
- Data Protection Officer: [email protected]
- Mail: Peer10, Attn: Privacy, 15214 Fishhawk Preserve Drive, Lithia, FL 33547, USA