Privacy Policy

SyncedSport (operating as Synced Sport) ("SyncedSport," "we," "our," "us") operates this marketing website and the sports-management platform available at app.syncedsport.com. We are headquartered in Alberta, Canada. This policy describes how we handle personal information collected through this website and the product.

This policy is drafted to comply with applicable Canadian and U.S. privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta's Personal Information Protection Act (PIPA), Quebec's Law 25, and Canada's Anti-Spam Legislation (CASL); the California Consumer Privacy Act as amended by the CPRA, and the state privacy laws of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA), along with other U.S. state privacy regulations as they take effect; the federal Children's Online Privacy Protection Act (COPPA) where youth-program data is involved; and the General Data Protection Regulation (GDPR) and UK GDPR for users in those regions. Residents of those jurisdictions have additional rights called out below.

Information you give us

• Waitlist and contact forms. Name, email address, organization, role, and anything else you choose to put in a free-text field.
• Account data (product only). If you create a SyncedSport account, we collect your name, email, password hash, organization membership, and the game, schedule, and assignment records you enter. Those are covered by the product Terms and a separate Data Processing Addendum when applicable.

Information collected automatically

• Device and usage. Browser type, operating system, referrer, pages viewed, clicks, and approximate location derived from IP. IP addresses sent to Google Analytics are anonymized.
• Cookies and similar technologies. See the Cookies policy for the full list and categorization.

Children's information

We collect information from individuals 13 and older directly. For individuals under 13, we collect information only with verifiable parental or guardian consent, in accordance with the Children's Online Privacy Protection Act (COPPA) and equivalent provisions under PIPEDA and applicable provincial law.

We collect only what's needed to operate youth-program features — for example, a player's name, team, division, and game schedule. We do not require children to provide more information than is reasonably necessary to participate.

Parents and guardians can review the information we hold about their child, request changes or deletion, and withdraw consent at any time by emailing privacy@syncedsport.com. If you believe a child under 13 provided information without parental consent, contact us and we will delete it promptly.

• Responding to your waitlist sign-up or contact request.
• Operating, maintaining, and improving the website and product.
• Understanding how visitors use the site so we can prioritize what to build next (via Google Analytics 4, only when you've granted analytics consent).
• Detecting and preventing fraud, abuse, or security incidents.
• Complying with our legal and regulatory obligations.

Under GDPR our lawful bases are: consent (cookies and analytics), legitimate interests (security, fraud prevention, product improvement), contract (responding to your requests, operating the product), and legal obligation (tax, record retention).

We do not sell personal information. We share it only with the following categories of recipients:

• Service providers acting on our instructions — Google (Analytics), Resend (transactional email), Netlify (hosting), and similar infrastructure vendors.
• Professional advisors — accountants, auditors, and lawyers under confidentiality obligations.
• Authorities when required by law, court order, or to protect rights and safety.
• Successors if SyncedSport is acquired, merged, or reorganized. We'll notify you if that happens.

When a recipient is located outside Canada we rely on the Standard Contractual Clauses or an equivalent transfer mechanism.

• Waitlist and contact-form data: until you ask us to delete it, or 24 months after the last interaction, whichever comes first.
• Google Analytics events: 14 months (GA4 default data-retention setting).
• Server logs: 30 days, unless needed longer for security investigations.
• Consent preferences: stored in a first-party cookie for about 13 months so you're not asked again on every visit.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your information ("right to be forgotten").
• Object to or restrict processing, including opting out of analytics at any time via the "Cookie preferences" link in the footer.
• Portability — receive your data in a machine-readable form.
• Withdraw consent you've given. Withdrawal does not affect processing that already happened.

To exercise any of these rights, email privacy@syncedsport.com. We'll respond within 30 days. Residents of the EEA/UK may also lodge a complaint with their data-protection authority. California residents may use an authorized agent and are entitled to non-discrimination for exercising their rights.

We use TLS in transit, encryption at rest for sensitive fields, access controls, and routine patching. No internet service is perfectly secure — if we ever experience a breach affecting your information, we'll notify you as required by law.

We'll update this policy as our practices evolve. The "effective date" at the top reflects the latest version. Material changes get surfaced via an in-product notice or an email to waitlist subscribers before they take effect.

Questions, requests, or complaints about privacy: privacy@syncedsport.com. General support: support@syncedsport.com.