Privacy Policy
Last updated: June 12, 2026 • Version 2.0
Plain-English summary (not a substitute for the full policy): Kids never have accounts here — adults
manage everything. A parent's registration checkboxes are real controls: a child's photo only appears on public pages if
the parent said yes, and public scoreboards show every kid as first name plus last initial only, at every age. Team chat
photos and videos live in private storage that only your team can open. We never sell personal information, and there are
no ad networks anywhere on the platform.
1. Overview
Sideline Command ("Sideline Command," "we," "us," or "our") is a youth flag football platform operated by Dymond Inc and available at sidelinecommand.com. The platform includes a coach app, a parent and athlete app with team chat and photo/video sharing, live scoreboards and game streaming, and a league management platform with player registration (together, the "Service").
This Privacy Policy explains what we collect, why, who can see it, and the controls you have. Because the Service is built around youth sports, the section on children's information is the heart of this policy — read it first if you are a parent.
By using the Service, you agree to the collection and use of information as described here. If you do not agree, please do not use the Service.
2. Information We Collect, and From Whom
Different information comes from different people. No information on the platform is collected directly from children (see Section 3).
2.1 Account Information (from adult account holders)
- Coaches: name, email address, phone number; team name, colors, logo, league affiliation, game format; play designs, playbooks, and game plans; notification preferences and subscription details.
- Parents and guardians: name, email address, phone number; address (when provided at registration); emergency contact names and phone numbers; which children are linked to your account.
- Referees: name, email address, phone number; a PIN stored only as a cryptographic hash; certifications, availability, and game assignments.
- League administrators: name, email address; league name, address, and contact details; league configuration such as divisions, schedules, and registration settings.
2.2 Roster Data (entered by teams, leagues, and parents about players)
- Identity: player name, jersey number, birth date, grade, shirt size
- Photo: optional player photo
- Health information (optional): allergies, medications, medical notes — collected solely for player safety at games and practices
- Athletic data: position assignments, skill assessments, game statistics
- Consent records: the waiver and photo/video consent choices made at registration, with a timestamp and the version of the consent language shown (see Section 3.3)
2.3 Content You Create or Share
- Messages sent in team chat
- Photos and videos shared in team chat (see Section 4 for how these are protected)
- Game footage, clips, and highlights generated or shared through the Service
- Plays, formations, and playbooks
2.4 Payment Information
When you pay for a subscription or a league registration fee, payment is handled by Stripe, our payment processor. We receive confirmation of payment and basic billing details; we never store your full card number.
2.5 Automatically Collected Information
- Device and usage data: browser type, operating system, pages visited, and session information, collected via Google Analytics on our public website, sign-in page, coach app, and public scoreboard pages, with IP anonymization enabled (city/region-level location at most; we do not collect precise GPS location). The parent/athlete app and team chat do not run third-party analytics.
- Error telemetry: JavaScript errors, stack traces, and browser context collected via Sentry so we can fix bugs. These reports are scrubbed before sending: raw email addresses are not included, and identifying URL parameters are removed.
- Push notification tokens: a device-specific token, only if you opt in to push notifications.
- Server logs: our hosting provider records standard request logs (IP address, request path) for security and reliability.
3. Children's Information
This is the most important section of this policy.
3.1 Children Do Not Have Accounts
Sideline Command is a general-audience service for the adults who run youth sports: coaches, league administrators, parents, guardians, and referees. Children under 13 are not permitted to create accounts, and we do not knowingly collect information directly from any child. Players exist on the platform only as roster records that adults create and manage.
3.2 How a Child's Information Gets Here
A child's information enters the Service in one of two ways:
- A parent or guardian registers the child through a league's registration form; or
- A coach or league administrator adds the child to a roster, having obtained the parent's consent to do so (this is a contractual obligation under our Terms of Service).
3.3 Parental Consent Is Collected at Registration — and Recorded
Our registration form presents consent choices as separate, individually presented checkboxes that are never pre-checked:
- A liability waiver consent (required to register), and
- A photo/video consent (optional — registration works without it).
We store what was agreed to, when it was agreed to, and which version of the consent language was shown, attached to the child's registration record. This means consent on our platform is an actual recorded event per child — not an assumption.
3.4 Per-Child Photo Consent Controls Public Display
The photo/video consent is enforced by the software, not just kept on file: a child's photo is shown on public surfaces (such as public scoreboard pages) only if that child's photo consent is on. Without consent, no photo appears publicly.
3.5 Name Masking on Public Surfaces — at All Ages
On public surfaces such as live scoreboards and public game pages, player names are displayed as first name plus last initial only (for example, "Marcus J."), for every player at every age. Full names are visible only inside the team's private, authenticated spaces.
3.6 What We Never Do With Children's Information
- We never sell children's information — or anyone's (see Section 8).
- We never share children's information with advertisers or data brokers.
- We never use identifiable photos or video of children in our marketing without separate written opt-in permission from a parent or guardian.
- We do not use facial recognition.
- Child names are masked to first name plus last initial before any data is sent to AI providers (see Section 6).
3.7 Parents Can Object and Remove
A parent or legal guardian can review, correct, or request removal of their child's information at any time:
- Through the team or league (usually fastest): ask the coach or league administrator who manages the roster. They are responsible for acting on these requests.
- Directly with us: email support@sidelinecommand.com. We will verify you are the child's parent or guardian and act on the request.
You can also withdraw photo consent at any time, which removes the child's photo from public surfaces. For full details, see our Children's Privacy Notice (COPPA).
Photos and videos shared in team chat are handled with more protection than ordinary web images:
- Private storage: chat media is stored in a private storage bucket, not at public web addresses. There is no public URL to a chat photo or video.
- Expiring access links: when a team member views chat media, the app requests a short-lived signed link (valid for about one hour) that is generated only after we confirm the requester is an authenticated participant of that team.
- Team participants only: only authenticated members of the team a photo or video was shared with can obtain those links.
One honest caveat, also stated in our Terms of Service: anyone on the team who can see a photo can save it to their device or screenshot it. Private storage controls access; it cannot control what teammates do after they have seen something. Share with your team accordingly.
5. Live Games, Scoreboards, Streaming, and Highlights
The Service includes live scoreboard pages and live game streaming, and users can generate and share clips and highlights. For these public-facing surfaces:
- Player names are masked to first name plus last initial, at all ages (Section 3.5).
- Player photos appear only with that child's photo consent on (Section 3.4).
- Live streams, scoreboard pages, and shared clips may be viewable by anyone with the link, and viewers may record or re-share them. The adult who operates a stream or shares a clip is responsible for doing so consistently with our Terms of Service.
6. AI Features and Automated Processing
Some features use artificial intelligence: play generation and analysis, the Coach Gridiron assistant, and AI game commentary. Here is exactly what that means for personal information:
- What is processed: play designs, formations, game situations, game events, and roster context (such as positions and skill notes) needed to make the feature useful.
- Child names are masked first: before anything is sent to an AI provider, player names are reduced to first name plus last initial. Full names, contact details, and health information are not sent to AI providers.
- No facial recognition: we do not use facial recognition technology anywhere in the Service.
- Who processes it: third-party AI model providers — large language model services for text generation and analysis, speech-to-text services for voice input, and text-to-speech services for AI commentary audio. These providers process the data to provide the feature and are not permitted to use it to advertise to you.
7. How We Use Information
- Running the Service: managing teams and rosters, playbooks, game day operations, scheduling, live scoreboards and streaming, and team communication
- Registration and payments: processing league registrations and payments (through Stripe)
- Communication: team invitations, game notifications, roster updates, and service announcements
- Email deliverability: we process delivery, bounce, and spam-complaint signals from our email providers to stop sending to invalid or unwilling addresses. We do not use email open-tracking or click-tracking pixels — we can see whether an email was delivered, not whether you opened or clicked it.
- AI features: as described in Section 6
- Improving the platform: understanding which features are used (via the analytics described in Section 2.5)
- Security: detecting abuse, enforcing rate limits, investigating incidents
- Legal compliance: responding to lawful requests and enforcing our terms
8. Who We Share Information With
We never sell personal information — anyone's, child or adult — and we never have. We do not share personal information for cross-context behavioral advertising, and there are no advertising networks or ad trackers anywhere on the platform, including the parent/athlete app, team chat, and scoreboard pages.
We share data only with service providers who process it on our behalf to operate the platform:
| Provider Category |
Purpose |
Data Involved |
| Database, authentication, and file storage (Supabase) |
Stores account and application data; hosts private media storage |
Account and application data, including roster data and chat media (US-hosted; encrypted at rest) |
| Web hosting (Vercel) |
Serves the website and application |
Standard server logs (IP address, request data) |
| Payment processing (Stripe) |
Subscription and league registration payments |
Name, email, payment method details (we never store full card numbers) |
| Usage analytics (Google Analytics) |
Understand feature usage on the public website, sign-in page, coach app, and public scoreboard pages |
Anonymized page views, sessions, device info, approximate location (IP anonymization enabled). Not present in the parent/athlete app or team chat. |
| Error monitoring (Sentry) |
Detect and fix bugs |
Error logs, stack traces, browser/device context — scrubbed of raw email addresses and identifying URL parameters before sending |
| Email delivery (transactional and league email providers) |
Invitations, notifications, league communications; bounce and complaint handling |
Recipient name, email address, message content, delivery status |
| Push notification delivery (web push services) |
Deliver opt-in notifications to your device |
Device push token, notification content |
| AI model providers (language models, speech-to-text, text-to-speech) |
Power AI features (Section 6) |
Play and game data with child names masked to first name plus last initial; no contact details or health information |
We may also disclose information if required by law, to protect the safety of a child or other users, or in connection with a merger, acquisition, or sale of assets (in which case this policy continues to apply to previously collected data until changed under Section 13).
Finally, information is shared with the people you would expect inside the product itself: your team's coaches and members see team content, leagues see the registrations and rosters they administer, and public surfaces show the masked, consent-gated information described in Section 5.
9. Cookies, Local Storage, and Push Notifications
9.1 Cookies
- Authentication: session cookies/tokens keep you logged in.
- Analytics: Google Analytics sets cookies on the pages where it runs (Section 2.5).
9.2 Local Storage and Offline Data
We use browser local storage and IndexedDB so the apps work at the field without an internet connection: play data, rosters, and team data are cached on your device, along with your preferences and session tokens. You can clear this at any time through your browser settings (Clear Site Data); you will need to log in again afterward.
9.3 Push Notifications
Push notifications are opt-in only. If you enable them, we store a device-specific push token to deliver them. You can turn them off at any time in the app's notification preferences or in your browser or device settings, and we delete the token when you unsubscribe.
10. Data Retention and Deletion
- Active accounts: data is retained while your account is active.
- Soft deletion: when records (players, plays, teams) are deleted in the app, they are first soft-deleted — hidden from use but briefly recoverable in case the deletion was accidental.
- Backups: automated nightly backups are retained for approximately 30 days, then permanently deleted. Deleted data may persist in backups during that window.
- Account deletion: email support@sidelinecommand.com with the subject "Account Deletion Request." After identity verification, data associated with your account is permanently deleted within 30 days. This is irreversible.
- League-managed records: roster entries, game results, and statistics that a league or team manages as its own records may persist under that organization's responsibility after a related individual account is deleted. However, we commit to honoring removal requests from a verified parent or guardian for content depicting or identifying their minor child, regardless of who manages the record — see Section 3.7 and our Terms of Service.
11. Data Security
- Encryption: all connections use TLS/HTTPS, and data is encrypted at rest by our database and storage provider.
- Row-Level Security (RLS): database access policies ensure each user can only reach the data their role authorizes — coaches see their teams, parents see their children, leagues see their leagues.
- Private media with signed access: chat photos and videos are in private storage, reachable only through short-lived signed links issued to authenticated team participants (Section 4).
- Authentication: token-based (JWT) authentication on all API requests; referee PINs are stored only as cryptographic hashes, with lockout after repeated failed attempts.
- Rate limiting: API endpoints are rate-limited to prevent abuse.
No system is perfectly secure. We use commercially reasonable measures, and if a breach affecting your personal information occurs, we will notify you as required by applicable law.
12. Your Rights and Choices
12.1 Everyone
- Access: view the personal information in your account through the app, or request a summary from us
- Correction: update inaccurate information in the app or by contacting us
- Deletion: request account and data deletion (Section 10)
- Export: request a copy of your data in a portable format
- Parents: the review, correction, and removal rights for your child's information described in Section 3.7
- Notifications: change email and push notification preferences in the app's settings at any time
12.2 California Residents (CCPA/CPRA)
California residents have additional rights:
- Right to know the categories and specific pieces of personal information we have collected
- Right to delete personal information
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing: we do not sell personal information or share it for cross-context behavioral advertising, so there is nothing to opt out of
- Right to limit use of sensitive personal information: we use sensitive information (such as a child's optional health notes) only for the safety purposes described in this policy
- Right to non-discrimination for exercising any of these rights
To exercise these rights, email support@sidelinecommand.com with the subject "CCPA Request." We will verify your identity and respond within 45 days.
12.3 Removal Rights for Minors (California and Everywhere)
California residents under 18 have a statutory right to request removal of content they themselves posted (Business & Professions Code Section 22581). Because minors do not hold accounts on the Service, this situation should not arise — but if it does, the minor or their parent or guardian can email support@sidelinecommand.com and we will remove or anonymize the content as the statute requires.
Separately from any statute, and for residents of every state: a verified parent or legal guardian can request removal of content depicting or identifying their minor child, and we will honor it (Section 3.7).
12.4 Other State Privacy Laws
Residents of other states with comprehensive privacy laws (such as Colorado, Connecticut, Texas, and Virginia) have similar rights of access, correction, deletion, and portability, and the same answer on sale and targeted advertising: we do not sell personal information or process it for targeted advertising. Use the same contact route as Section 12.2; if we decline a request, you may appeal by replying to our response, and we will have it reviewed again.
13. Changes to This Policy
We may update this Privacy Policy. When we make material changes, we will:
- Update the "Last updated" date and version number at the top of this page
- Notify registered users by email or in-app notification
- Provide at least 30 days' notice before material changes take effect
Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
Questions about this policy, or want to exercise any right described here?
Dymond Inc
Email: support@sidelinecommand.com
Website: sidelinecommand.com
NFL, the NFL shield design, and team names, logos, and uniform designs are registered trademarks of the National Football League and its member teams. NCAA, college team names, and logos are trademarks of their respective institutions. Sideline Command is not affiliated with, endorsed by, or sponsored by the NFL, NCAA, or any of their member organizations.