Privacy Policy

The Fieldhouse helps school and community sports teams run their season — schedules, RSVPs, and sponsor spotlights. We try to collect as little personal information as possible, and we do not collect any school records of any kind.

For the plain-English version with each promise tied to the actual feature that backs it, see our Privacy First page. The document below is the formal policy.

What we collect

From the adult who signs up

• Email address and a name you provide.
• A password, stored as a salted bcrypt hash. We never see the plaintext.
• Date of birth, used only to confirm you’re 18 or older.
• Standard server logs (IP, user-agent, request paths) for security and debugging.

From parents about their children

• Each child’s name and date of birth, supplied by the parent.
• The teams the child joins, plus the parent’s RSVPs on each event.
• A consent record per child, capturing the parent account, the policy version shown at consent time, and the IP and user-agent of the consent action. See our COPPA & consent page for more.

From organizations (clubs, schools)

• Organization name, type, and the team(s) created under it.
• Branding the team uploads (logo, colors, font choice).
• Locations the team adds (name, address, optional notes).
• For paid plans: a license key issued by our parent site Metahuman Network (metahuman.network). We never see card numbers — billing is handled by Metahuman Network, whose payment processor (Stripe) stores card data on their systems, not ours.
• For organizations that run fundraisers: a Stripe Connect Express account ID linking the organization to its own Stripe account. The fundraiser organizer completes onboarding directly with Stripe (legal name, address, bank account, tax info) — we receive only the resulting account reference and onboarding status, not the underlying identity documents.

From fundraiser checkout

When a buyer purchases a physical fundraiser item from a team:

• Buyer name and email, captured at checkout so the team can fulfill the order and contact the buyer about shipping.
• Line items, quantities, totals, and the platform fee on each order.
• A Stripe payment intent reference. Card data is collected, processed, and stored by Stripe — we never see or store card numbers, CVV, or banking details.
• Shipping address only when the team has opted to ship items.
• Refund records (amount, reason, who issued the refund) when a coach or organization admin issues a refund.

From team chat

• Message text, sent on a 90-day rolling retention window (see Terms § 5).
• Optional Giphy GIF URLs selected from the in-app picker. The GIF picker is a server-side proxy in front of Giphy’s API — your search terms are forwarded to Giphy, but Giphy never sees your account or device. We hot-link Giphy’s media URLs in chat messages; we don’t copy the GIF bytes onto our servers.
• Emoji reactions on individual messages (one row per user × message × emoji, from a fixed set of six). Reactions are visible to anyone with access to the team chat.

From parent friends + 1:1 friend chat

• Two parents who’ve mutually accepted a friend connection: an entry per friendship (canonical-ordered user pair + created-at timestamp), plus an audit row per friend request (sender, recipient, status, share code used, resolved-at).
• 1:1 friend chat messages: sender, recipient, body text, created-at, optional deleted-at (when the sender pulls a message back). Same 90-day rolling retention as team chat. No reactions, no media, no edits in the v1 surface.
• Same-venue heads-up surfaces (web dashboard + iPhone schedule tab) show friend display name, venue name, and event start time only. They do NOT include kid names, team names, event titles, or any details about the friend’s kid — only enough to let two parents coordinate when they’re both at the same field complex.

From share codes and QR codes

• A short alphanumeric alias (six characters) for shareable links — team public calendars, calendar feeds, fundraiser storefronts, family co-parent invites, coach invites, “Share Fieldhouse with a friend” app invites, and the like.
• Each code stores its creator, the URL it resolves to, and (where applicable) a TTL and remaining-use count. Codes for private invitations expire; codes for public surfaces (public team page, fundraiser storefront, calendar feed) do not, but can be rotated by the owner.

From “Send logs to support”

If you tap Send logs to supportfrom the iPhone app’s More → Get support screen, we open a draft email in your default mail client containing your device model, iOS version, app build, your user ID, and a truncated session token (first 6 and last 4 characters only — never the full bearer token). You review the draft and decide whether to send. Nothing is uploaded unless you tap Send.

What we do not collect

• Grades, GPA, transcripts, or any educational records.
• Class rosters or anything sourced from a school information system.
• Health records or medical information.
• Social-security numbers, government IDs, or financial account numbers.
• Children’s contact information beyond what a parent provides about their own child.

How we use what we collect

• To run the calendar, RSVPs, rosters, chat, and team pages you signed up for.
• To activate and heartbeat a license key issued by Metahuman Network for paid plans (no card data passes through Fieldhouse).
• To process fundraiser orders end-to-end: present items, accept payment through Stripe Connect, settle proceeds to the organization’s Stripe account, deduct a small platform fee, and let coaches issue refunds.
• To resolve short share codes and QR codes to the underlying URLs they represent.
• To send transactional email (sign-up confirmations, password resets, event reminders if you opt in, fundraiser order receipts).
• To detect and respond to abuse, fraud, and security incidents.
• To comply with legal obligations.

We do not sell personal information. We do not run advertising on The Fieldhouse and we do not allow third-party advertising trackers.

Who we share data with

We use a small set of vendors to operate the service. Each is bound by their own data-protection terms.

• Self-hosted server — application hosting (US data center, Ubuntu 24.04).
• Postgres — primary database (running on the same server).
• Metahuman Network (metahuman.network, our parent company) — issues and validates license keys for paid plans and sponsor placements. Metahuman Network uses Stripe as its payment processor; Fieldhouse never receives or stores card data.
• Stripe — payment processing for fundraisers, via Stripe Connect Express. Organizations onboard their own Stripe account directly; buyers’ card data is collected by Stripe’s hosted payment forms (web Checkout or the iOS PaymentSheet SDK) and never reaches our servers. Stripe acts as our payments processor for the platform fee and the organization’s own processor for the remainder.
• Giphy — server-side proxy in front of Giphy’s search API powers the chat GIF picker. Your search terms are forwarded to Giphy; your account, IP, and device are not.
• Apple — Apple Push Notification service (APNs) and StoreKit (in-app subscriptions on iOS).
• Resend — transactional email delivery.

We may disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of users.

Where data is stored

Application data is stored in the United States. Logos are stored publicly readable so they can appear on team calendar pages.

Retention & deletion

• You can delete your account, your children’s profiles, your team, or your organization at any time from the app.
• When you delete a child, we delete their RSVPs and roster links. We retain the consent record (with name and email captured at consent time) for legal audit, separate from the live profile.
• Chat messages auto-purge on a rolling 90-day window. Reactions are deleted with their parent message.
• Fundraiser orders are retained for seven years to satisfy our tax and accounting obligations, even if the buyer or organization later deletes their account. Refund records are retained for the same window.
• Abandoned fundraiser carts (checkout sessions that were created but never paid) are swept after 30 minutes and their inventory holds released.
• Deleted-account backups are purged on our standard rolling backup schedule (within 30 days).

Your rights

Depending on where you live, you may have rights to access, correct, port, or delete your personal information. Email privacy@thefieldhouse.app and we’ll respond within 30 days. You can do most of this directly from the app today.

Security

Passwords are stored as bcrypt hashes. Sessions use Auth.js JWTs signed with a secret kept out of the codebase. Database connections use TLS. We restrict access to production data to a small number of engineers and review access regularly.

Internal access controls

We tie our own hands the same way we tie everyone else’s. The Fieldhouse support staff is split into two tiers with different access:

• Super-admins can read account records, run support utilities (resend verification email, force-mark email verified, clear stale push tokens), resolve photo reports, flip per-org feature kill switches (chat, fundraisers, photos), and dispatch operational broadcasts. Super-admin is granted to a small number of named operators and is reviewed periodically.
• Moderators have read-only access to the admin console for support triage and explicitly cannot view any uploaded photo (kid headshot, team gallery, sponsor banner), cannot delete users, cannot grant elevated roles, and cannot dispatch broadcasts. The file server returns 404 for photo URLs requested by a moderator session, so the carve-out is enforced at the storage layer, not just the UI.

Specific protections that apply regardless of admin tier:

• Under-13 name redaction.A child’s first name is rendered as “Player #<id>” everywhere a moderator can see (rosters, user detail, consent records, the consents CSV export). The parent’s name + email is the support contact for any kid-related question, regardless of the kid’s age.
• Photo report queue is text-only for moderators. Parents can report a team photo from the album lightbox. The report queue at /admin/photo-reportsshows super-admins the photo plus the reporter’s context; moderators see the metadata and reason text only, never the image itself.
• Admin search never matches a kid’s name. The global search in the admin shell searches user emails + names, organization names + slugs, and team names + slugs. It deliberately does not search children’s names — a super-admin who needs to find a kid drills in via the managing parent’s user page.
• No impersonate / view-as feature.The Fieldhouse does not let staff log in as a user to reproduce a bug, even with audit. The blast radius of an “impersonate” control on a platform with children’s data is too large; we’d rather ask a reporter for screenshots than risk a regulator complaint about an admin acting on someone else’s behalf without disclosure.
• Every support action is audited.Resend verification, force-mark verified, and clear push tokens each write a row to a support-actions audit table identifying the actor (which super-admin), the target (which user), and the timestamp. The audit history is visible to other super-admins on the user’s detail page.
• Two-key actions stay super-admin. Account deletion, role escalation (granting/revoking super-admin or moderator), force-mark-verified, and ops broadcast dispatch are super-admin only at the server- action layer. The moderator tier sees the buttons grayed out or hidden entirely, and the underlying actions 404 if a moderator tries to submit the form directly.

Children

Children under 13 do not create their own accounts on The Fieldhouse. Parents and legal guardians manage their children’s profiles and RSVPs. See our COPPA & consent page for the full picture.

Changes

When we make material changes to this policy we’ll bump the policy version (shown at the top of this page) and notify account owners by email. Previous consent records remain tied to the policy version that was active when they were captured.

Contact

The Fieldhouse is operated by Metahuman Network LLC, based in Oregon, USA. For privacy questions or data requests, email privacy@thefieldhouse.app.