Privacy Policy

We collect information in three ways:

Information you provide directly

• Account information: name, email address, and password when you create an account.
• Organisation information: organisation name, contact details, and billing information (processed by Paddle on our behalf).
• Athlete and parent data: names, dates of birth, contact details, jersey numbers, emergency contacts, and medical notes that organisations upload about athletes and their families.
• Evaluation and performance data: scores, observations, and assessments recorded during tryouts and events.
• Communications: messages you send through the platform.

Information collected automatically

• Log data (IP address, browser type, pages visited, timestamps).
• Device information (operating system, device identifiers).
• Cookies and similar tracking technologies (see Section 8).

Information from third parties

• Payment-related information from Paddle (e.g., subscription status). We do not store full payment card numbers.

We use the information we collect to:

• Provide, maintain, and improve the Services;
• Process payments and manage subscriptions;
• Send transactional communications (invoices, password resets, magic-link sign-ins);
• Send service announcements and product updates (you may opt out);
• Respond to support requests;
• Monitor for security threats and abuse;
• Comply with legal obligations.

We do not sell, rent, or share personal information with third parties for their own marketing purposes.

We share information only in the following circumstances:

• Service providers: We use third-party vendors (including Paddle for payments, cloud infrastructure providers, and email delivery services) who process data on our behalf under data processing agreements.
• Within your organisation: Administrators and evaluators in your organisation can view data relevant to their role as configured by the organisation administrator.
• Legal requirements: We may disclose information when required by law, court order, or to protect the rights, property, or safety of PlayerOps, our users, or others.
• Business transfers: If PlayerOps is acquired or merged, your information may be transferred as part of that transaction. We will notify you before information is subject to a different privacy policy.

We retain personal information for as long as necessary to provide the Services and meet legal obligations. When you close your account, we will delete or anonymise your data within 90 days, except where retention is required by law.

Organisations may export their data at any time using the data-export feature. After account deletion, exported copies remain your responsibility.

We use industry-standard security measures including encryption in transit (TLS), encrypted storage of credentials, access controls, and audit logging to protect your information.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we notify affected users of any breach as required by law.

Under PIPEDA and applicable provincial laws, you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Withdraw consent for uses beyond providing the Services (with the understanding that certain withdrawals may affect our ability to provide the Services);
• Request deletion of your personal information, subject to legal retention requirements.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Athlete and parent data held by organisations:If your information was added to the platform by a sports organisation, please contact that organisation directly to exercise your rights regarding their use of your data. PlayerOps processes that data as a service provider on the organisation’s behalf.

The Services are designed for use by sports organisations and may involve data about minors (athletes under 18). Organisations that collect and upload data about minors are responsible for obtaining appropriate parental or guardian consent as required by applicable law.

We do not knowingly create direct accounts for individuals under 13 years of age.

We use essential cookies required to provide the Services (session authentication) and analytics cookies to understand how the Services are used. You can control cookies through your browser settings; however, disabling essential cookies will prevent you from using the Services.

We do not use third-party advertising cookies or sell cookie data to advertisers.

Our servers are located in Canada. If you are located outside Canada, your information may be transferred to Canada, which may have different data protection laws than your jurisdiction. By using the Services, you consent to this transfer.

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Services at least 14 days before the changes take effect. Your continued use of the Services after that date constitutes your acceptance of the updated policy.

For privacy-related questions or to exercise your rights:

You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.