Back to Home

Privacy Policy

Last updated: May 30, 2026

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy explains what information the DU Club Lacrosse Manager app collects about you, why we collect it, who can see it, and what control you have over it. Written in plain English. If anything is unclear, email us.

Who runs this App: Denver University Club Lacrosse, managed by Luke Mole. Contact: lukemole42@gmail.com · 720-402-6281

1. Who this applies to

The app is invite-only. Everyone using it is part of the lacrosse team: players, coaches, owners, or connected emergency contacts. There is no public sign-up.

The app is intended for users 18 and older. Sign-up requires you to confirm you are at least 13. If we ever open it to users under 18, we will update this policy and add parental-consent steps.

2. What we collect and why

We only collect what the team actually needs to run.

Account & identity

  • Username: So people can recognize you on the team.
  • Email address: To send your invite, let you log in, and send important notices.
  • Date of birth: To confirm age and for roster/eligibility records. Never shown publicly. Age displays as "X years, Y months."
  • Year in school: For roster organization and team planning.

Health & safety

  • Emergency contact name and phone: So a coach can reach someone if you're hurt.
  • Medical info (optional): Allergies or conditions you choose to share for emergency response. You decide whether to fill this in.

Team activity

  • Attendance records: Who's coming to practices, games, and events.
  • Game results and player stats: Scores and performance tracking.
  • Financial records: Budget line items, dues tracking, and fundraising amounts. The app does not process payments. No credit card or bank account numbers are ever collected.
  • Chat messages: Messages you send in team chats.

Technical info

  • Basic login/session data to keep you signed in securely. No third-party advertising or analytics trackers.

We use this information only to operate the team. We do not use it for advertising and do not sell it.

3. Who can see your data

Access depends on your role. Row-Level Security rules in the database enforce who can read or change each record.

  • You can always see and edit your own profile, emergency contact, and medical info.
  • Players can see team rosters (without others' birth dates), schedules, attendance, chat, and game results. Not financial or inventory data.
  • Coaches and owners can see roster details, emergency contacts, medical info, attendance, stats, financial records, and inventory.
  • Parents / emergency contacts are not given accounts. Their names and phone numbers are stored only so staff can reach them in an emergency.

Birth dates are treated as sensitive. They are excluded from the public roster and only visible to staff who need them.

4. How long we keep your data

We keep your information while you are an active team member. If you leave or ask us to delete your account, we'll remove your personal data within 30 days. Some records (like financial line items) may be kept for bookkeeping but disconnected from your identity where possible.

Chat messages may remain visible to other participants after you leave, the same way a group text doesn't disappear when one person exits.

5. Your rights

You can:

  • See your data: Ask for a copy of what we hold about you.
  • Correct it: Fix anything wrong in your profile settings, or ask us.
  • Delete it: Ask us to delete your account and personal data.
  • Withdraw optional info: Clear your medical info at any time in profile settings.

Email lukemole42@gmail.com to make any request. We'll verify your identity and respond within 30 days. No charge for reasonable requests.

6. What we will never do

  • We will never sell your personal information.
  • We will never share it with advertisers or data brokers.
  • We will never give it to anyone outside team staff without your consent, unless legally required or to protect someone's safety.

7. How we protect your data

  • Encryption in transit: All traffic is encrypted with HTTPS/TLS.
  • Encryption at rest: Data is stored in a managed PostgreSQL database (Supabase) with encryption at rest.
  • Access controls: Row-Level Security rules enforce role-based access at the database level, even if someone bypasses the app.
  • Hosting: Vercel (web) and Supabase (database), both established providers with their own security programs.
  • Backups: Automatic database backups so data can be restored if needed.
  • Least access: Only team administrators have direct database access, and only when needed.

No system is perfectly secure, but we take reasonable steps to protect your information.

8. Data breach notification

If your personal data is exposed or accessed without authorization, we will:

  1. Act fast to stop the breach and secure the system.
  2. Investigate what happened and what data was involved.
  3. Notify you by email: what happened, what was affected, what you can do.
  4. Notify authorities if required by law (e.g., Colorado's data-breach notification statute).

9. Children's privacy

The app is built for college students and adults. We do not knowingly collect information from anyone under 13. If you believe someone under 13 has an account, contact us and we'll remove it.

10. Changes to this policy

If we change this policy, we'll update the "Last updated" date. For significant changes, we'll notify you in the app or by email. Continuing to use the app after a change means you accept the updated policy.

11. Contact

Luke Mole - lukemole42@gmail.com - 720-402-6281