Skip to content

Document

Privacy Policy

This policy describes what ScoutStyle collects, why, and who else touches it. The short version: we collect what we need to run the service for you, and we don’t sell or share it for marketing.

ScoutStyle is operated by ScoutStyle, LLC, a Delaware limited liability company.

1. What we collect

  • Account data: email address, hashed password (handled by Supabase), and the team profile fields you fill in (name, level, sport, etc.).
  • Billing data:we don’t store your card number. Stripe handles payment and shares us a customer ID and subscription status.
  • Your scouting content: training reports, opponent CSVs, and supporting PDFs/DOCX you upload, plus any style notes you save in settings.
  • Operational logs:request metadata (IP address, route, timing) and server-side error traces captured by our hosting provider (Vercel). IP is collected to enforce rate limits, prevent abuse, and debug failures — not for advertising.
  • Terms-acceptance record: when you sign up, we log the email, timestamp, terms version, IP, and user-agent of your acceptance, so we can prove which version of these documents you agreed to.
  • Session cookies:a Supabase-issued session cookie keeps you logged in. We don’t use third-party tracking cookies, ad cookies, or analytics cookies.

2. How we use it

  • To authenticate you and run the service for you.
  • To generate scouting drafts in your voice using your training reports.
  • To bill, prevent abuse, and respond to support requests.
  • To debug failures, monitor stability, and improve the product.
  • To send you account, billing, security, and service notices.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use your data, drafts, or uploads to train any general-purpose AI model.

3. Sub-processors

The service is built on a small set of vendors. Each one handles a specific slice of data, in the U.S. unless noted:

  • Supabase— authentication, session management, hashed-password storage. (privacy, DPA)
  • Neon— primary Postgres database for coach profiles, training reports, generated drafts, and the terms-acceptance log. (privacy, DPA)
  • Anthropic— large-language-model generation (Claude). Uploaded data is sent to Anthropic’s API only at the moment of generation. Per Anthropic’s commercial API terms, your inputs and outputs are not used to train their general-purpose models. (privacy, commercial terms)
  • Stripe— payment processor for subscriptions; receives card data directly from your browser. (privacy, DPA)
  • Vercel— application hosting and edge delivery. (privacy, DPA)
  • Google Fonts— serves the typefaces used on the public website. Per Google, no cookies are set and no authenticated requests are made; visitor IPs are processed only for font delivery. (privacy)

4. Schools and student-athlete data (FERPA)

ScoutStyle is designed to be used by coaches at schools subject to the Family Educational Rights and Privacy Act (FERPA) and similar state student-data privacy laws. Where you upload data covered by those laws as part of your work for your school, we process that data as a “school official” with a “legitimate educational interest” under your school’s direction, solely to provide the service back to you. We don’t redisclose student records to third parties except the sub-processors above, and only as required to operate the service.

You are responsible for complying with your school’s data-handling policies, including any parental-notice or parental-consent obligations. Education records remain the property of the school. Schools or districts who want a written student-data-privacy agreement can email howell@scoutstyle.com.

5. Children

ScoutStyle is for coaches, not athletes. We do not knowingly collect personal information directly from children under 13. If your uploads include information about minor athletes (which is common in high-school baseball/softball scouting), you represent that you have the authority to share it under applicable school and parental policies.

6. Cookies and similar technologies

We use a small number of cookies, all of them necessary:

  • Auth session cookie issued by Supabase to keep you logged in.
  • CSRF / state cookies used by the auth flow.

We don’t use advertising cookies, retargeting pixels, or third-party analytics (no Google Analytics, no Meta Pixel). We honor Global Privacy Control (GPC) signals where applicable.

7. Retention

  • Account data— until you request deletion.
  • Training reports and generated drafts— until you delete them or close your account, then up to 30 days in backups before final purge.
  • Opponent CSVs and supporting PDFs/DOCX— not persisted. They live in memory during a generation request and are discarded when the response completes.
  • Operational logs— up to 90 days.
  • Stripe billing records— retained as long as required for tax and audit purposes (typically 7 years).
  • Terms-acceptance log— retained for the life of the account, since it’s the proof of your contract with us.

8. Your rights

Wherever you are, you can email howell@scoutstyle.comto request a copy of your data, correct inaccurate fields, or delete your account. We’ll respond within 30 days. We may need to verify your identity before acting (usually by confirming you can receive email at the address on file).

California (CCPA/CPRA).You have the right to know what we collect (see Section 1), to access and delete it, to correct it, and to limit use of sensitive personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising, so there’s nothing to opt out of on that front. If you’re a California resident under 18, do not post personal information on any public surface; we’ll honor removal requests as required by California law.

Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, and similar state laws.Residents of these states have the rights to access, correct, delete, obtain a copy of, and (where applicable) opt out of targeted advertising, sale, or profiling for decisions with significant effects. Our baseline answer is the same: we don’t do those things, and you can email us to exercise the rights that do apply.

EU/UK (GDPR/UK GDPR). You have the rights of access, rectification, erasure, restriction, portability, and objection, and you can lodge a complaint with your local data protection authority. Our legal bases are: performance of a contract (running the service), legitimate interests (security, abuse prevention, improving the product), and consent where required.

You may also designate an authorized agent to make a request on your behalf; we’ll need written proof of authorization.

9. Security

We use industry-standard encryption in transit (HTTPS/TLS) and at rest (managed by our database and storage providers). Passwords are hashed by Supabase. Access to production data is limited to the founder. No system is perfectly secure; if a breach affects your personal data, we’ll notify you and any required regulator without undue delay, and within 72 hours of confirmation where GDPR applies.

10. International transfers

The service is hosted in the United States. Our sub-processors host your data in U.S. regions by default. If you access the service from outside the U.S., your data will be transferred to and processed in the U.S. For users in the EU/UK, transfers occur on the basis of the Standard Contractual Clauses flowed through to our sub-processors and the legitimate interests described above.

11. Changes

We may update this policy. Material changes will be announced via the email on file at least 14 days before they take effect.

12. Contact

Questions or concerns? Email howell@scoutstyle.com.

ScoutStyle, LLC — a Delaware limited liability company.

Last updated · May 8, 2026