Privacy Policy
Last updated: February 16, 2026
Privacy Policy • Terms of Service • Acceptable Use Policy • Children's Privacy (COPPA)
1. Overview
Sideline Command ("GC," "we," "us," or "our") is a youth flag football management platform operated by Dymond Inc, based in California. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website at sidelinecommand.com and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
We collect different information depending on your role within the platform.
2.1 Coaches
- Account information: full name, email address, phone number
- Team information: team name, team colors, logo, league affiliation, game format (5v5, 6v6, 7v7)
- Play designs: offensive and defensive plays, formations, scripts, playbook organization
- Game data: scores, play calls, game notes, game outcomes
- Preferences: display settings, notification preferences, subscription tier
2.2 Parents / Guardians
- Account information: full name, email address, phone number
- Address: street address, city, state, ZIP code
- Emergency contacts: name and phone number of emergency contact persons
- Family relationships: parent-child associations linking to player profiles
2.3 Players (Minors)
Player data is entered by coaches and parents, not by the players themselves. See our Children's Privacy Notice for detailed information.
- Identity: full name, jersey number
- Demographics: birth date, photo (optional)
- Health information (optional): allergies, medications, medical notes
- Athletic data: position assignments, skills assessments, game statistics
2.4 Referees
- Account information: full name, email address, phone number
- Authentication: PIN (stored as a cryptographic hash, never in plaintext)
- Professional data: certifications, availability, game assignments
2.5 League Administrators
- Account information: full name, email address
- Organization information: league name, address, contact details
2.6 Automatically Collected Information
- Device information: browser type, operating system, screen resolution (collected via analytics)
- Usage data: pages visited, session duration, feature usage patterns (collected via Google Analytics)
- Approximate location: derived from IP address by Google Analytics (city/region level only; we do not collect precise GPS location)
- Error data: JavaScript errors, stack traces, browser context (collected via Sentry for debugging)
- Push notification tokens: device-specific tokens if you opt in to push notifications
3. How We Use Your Information
- Service delivery: manage teams, create playbooks, run game day operations, facilitate parent-coach communication
- Communication: send team invitations, game notifications, roster updates, and service announcements
- Analytics: understand how features are used to improve the platform
- AI features: power play analysis and recommendations (no personally identifiable information is sent to AI providers; only anonymized play design data)
- Payments: process subscription billing through Stripe
- Security: detect abuse, enforce rate limits, investigate incidents
- Legal compliance: respond to legal requests, enforce our terms
4. Third-Party Service Providers
We never sell your personal information. We share data only with service providers who process it on our behalf to operate the platform.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All account and application data (hosted in US West region) |
| Vercel | Web hosting, serverless functions | Server logs (IP addresses, request data) |
| Stripe | Payment processing | Name, email, payment method details (we never store full card numbers) |
| Google Analytics | Usage analytics | Anonymized page views, sessions, device info, approximate location |
| GoHighLevel | Email invitations and marketing | Name, email address |
| OpenAI | AI play analysis | Anonymized play design data only (no names, emails, or PII) |
| Sentry | Error monitoring | Error logs, stack traces, browser/device context |
Each provider is bound by their own privacy policies and data processing agreements. We encourage you to review their policies.
5. Data Retention
- Active accounts: data is retained for as long as your account is active
- Soft-deleted data: when you delete records (players, plays, teams), they are soft-deleted (marked as deleted but retained in the database). This allows recovery if deletion was accidental.
- Database backups: automated daily backups are retained for 30 days, then permanently deleted
- Account deletion: upon request, we permanently delete all data associated with your account. See Section 8 for how to request deletion.
- Analytics data: Google Analytics data is retained per Google's standard retention settings
6. Data Security
We implement multiple layers of security to protect your data:
- Encryption in transit: all connections use TLS/HTTPS
- Row-Level Security (RLS): database policies ensure users can only access data they are authorized to see
- JWT authentication: secure token-based authentication for all API requests
- Hashed credentials: referee PINs are cryptographically hashed before storage
- Rate limiting: API endpoints are rate-limited to prevent abuse
- PIN lockout: referee PIN authentication locks after 5 failed attempts for 15 minutes
- Role-based access: coaches, parents, referees, and admins each have scoped access to only the data relevant to their role
No system is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.
7. Cookies, Local Storage & Offline Data
7.1 Cookies
- Authentication cookies: Supabase sets session cookies to keep you logged in
- Analytics cookies: Google Analytics uses cookies to track anonymous usage patterns
7.2 Local Storage & IndexedDB
We use browser local storage and IndexedDB for offline functionality and performance:
- Offline cache: play data, formations, and team data are cached locally so the app works without an internet connection
- User preferences: display mode, theme, and UI state
- Session data: authentication tokens
You can clear this data at any time through your browser settings (Clear Site Data). Clearing local storage will require you to log in again and may temporarily reduce performance until data is re-cached.
7.3 Push Notifications
Push notifications are opt-in only. If you enable them, we store a device-specific push subscription token to deliver notifications. You can disable push notifications at any time through your browser or device settings, or within the app's notification preferences.
8. Your Rights
8.1 All Users
Regardless of where you live, you can:
- Access your data: view all personal information we hold about you through your account settings
- Correct your data: update inaccurate information through the app or by contacting us
- Delete your data: request complete account and data deletion by emailing support@sidelinecommand.com
- Export your data: request a copy of your data in a portable format
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know: request details about the categories and specific pieces of personal information we have collected
- Right to delete: request deletion of your personal information
- Right to correct: request correction of inaccurate personal information
- Right to opt-out of sale: we do not sell personal information to third parties. No opt-out is necessary.
- Right to limit use of sensitive personal information: we use sensitive information (such as children's health data) only for the purposes described in this policy
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
To exercise these rights, email support@sidelinecommand.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.
8.3 CCPA Data Category Disclosure
| Category (per CCPA) | Collected? | Sold? |
|---|---|---|
| Identifiers (name, email, phone) | Yes | No |
| Customer records (address, payment info) | Yes | No |
| Protected classifications (age/birth date) | Yes (players) | No |
| Commercial information (subscriptions) | Yes | No |
| Internet/electronic activity (analytics) | Yes | No |
| Geolocation (approximate, via IP) | Yes | No |
| Sensory data (photos) | Yes (optional) | No |
| Professional information (referee certs) | Yes | No |
| Education information | No | No |
| Sensitive personal info (health data) | Yes (optional, players only) | No |
9. Children's Privacy
Sideline Command is a youth sports management platform. Player profiles for children under 13 are created by coaches and parents—children do not create accounts or directly interact with the Service.
We comply with the Children's Online Privacy Protection Act (COPPA). For complete details about how we handle children's data, please read our Children's Privacy Notice (COPPA).
Key points:
- Children's data is entered and managed by coaches and parents only
- Health information (allergies, medications, medical notes) is optional and collected solely for player safety
- Children's data is never shared with advertisers or data brokers
- Parents can review, correct, or delete their child's data at any time
10. Do Not Sell My Personal Information
Sideline Command does not sell personal information to third parties, and we have never done so. We do not share personal information for cross-context behavioral advertising. No opt-out mechanism is required because no sale occurs.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users via email or in-app notification for significant changes
- Provide at least 30 days' notice before changes take effect for material modifications
Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
Dymond Inc
Email: support@sidelinecommand.com
Website: sidelinecommand.com
NFL, the NFL shield design, and team names, logos, and uniform designs are registered trademarks of the National Football League and its member teams. NCAA, college team names, and logos are trademarks of their respective institutions. Sideline Command is not affiliated with, endorsed by, or sponsored by the NFL, NCAA, or any of their member organizations.