GrassRoster ("GrassRoster," "we," "our," or "us") operates the GrassRoster soccer club management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
See also our Cookie Policy for how we use cookies and browser storage.
2. Information We Collect
2.1 Account Information
When you register, we collect:
Email address
Password (encrypted)
Display name
Phone number (optional)
Profile photo/avatar (optional)
2.2 Profile Information
You may optionally provide:
Date of birth
Gender
Physical address
Height and weight (for player development tracking)
Preferred foot (left, right, or both)
Language preference
Timezone
Emergency contact name and phone, and medical notes (where your club or team collects them on rosters)
2.3 Club and Team Data
When you participate in clubs and teams:
Club memberships and roles
Team rosters and assignments
Event participation and attendance
Player statistics and KPIs
Goals and injury records
Team chat messages and media uploads
Documents uploaded during club registration or team operations (e.g. club logos, legal documents, event media)
2.4 Parent-Player Relationships
Parents and guardians can link to their children's player profiles. We collect relationship data, guardian contact information on roster invites, and parent-controlled permissions for linked minor accounts to enable oversight and communication.
2.5 Enrollment and Registration
When a club offers program enrollments or registrations through the platform, we collect information submitted on enrollment forms (such as player details, guardian contact information, and custom fields configured by the club) and records of enrollment status.
2.6 Payment and Billing
When you or your club use payment features, we collect billing-related information such as:
Payment obligations, receipts, and installment schedules for club registrations and team fees
Stripe customer, Connect account, and payment-method identifiers
Card brand, last four digits, and expiration date (we do not store full card numbers — those are handled by Stripe)
Club subscription and platform billing status when SaaS plans are offered
2.7 Technical Information
Device tokens for push notifications (when enabled)
IP addresses (for security, abuse prevention, and rate limiting)
Browser type and version
Browser local storage (for authentication tokens, theme preferences, and UI state — see our Cookie Policy)
Calendar feed tokens (for external calendar integration via ICS subscriptions)
3. How We Use Your Information
Service Provision: To operate the GrassRoster platform and provide club management features
Communication: To send you emails about your account, teams, events, enrollments, and platform updates
Player Development: To track and analyze player progress, goals, and performance metrics
Scheduling: To manage team events, attendance, RSVPs, and calendar feeds
Payments: To process registration fees, team payments, and (when enabled) club platform subscriptions through our payment processor
Security: To protect against fraud, unauthorized access, abuse, and other security risks
Improvement: To understand how the Service is used and improve reliability and features (we do not use third-party advertising or analytics cookies — see our Cookie Policy)
Legal Compliance: To comply with applicable laws and regulations
4. Information Sharing and Disclosure
We do not sell your personal information. We may share data in the following circumstances:
Within Your Club: Club administrators, coaches, and team staff can access relevant member data for club operations
Team Members: Team rosters and basic contact information are visible to other team members as configured by your club
Parents/Guardians: Parents can access their linked children's profiles and data
Payment Processing: Stripe processes payments on our behalf; clubs receive funds for parent payments through Stripe Connect where enabled
Service Providers: Vendors who help us operate the platform (see Section 7)
Platform Operations: Authorized GrassRoster support and operations staff may access data when necessary to provide support, maintain security, or comply with law
Legal Requirements: When required by law, court order, or government request
Protection: To protect our rights, privacy, safety, or property
5. Data Retention
We retain your information for as long as your account is active or as needed to provide you services. When you request account deletion or removal of specific data:
We will remove or deactivate personal profile data from active systems within a reasonable period
Club and team data you contributed may be retained for operational continuity (anonymized where possible)
Payment and enrollment records may be retained as required for accounting, tax, or dispute resolution
Backup copies may exist for a limited time per our backup retention policy
6. Your Rights and Choices
Depending on your location, you may have the right to:
Access your personal information
Correct inaccurate or incomplete information
Request deletion of your account and associated data
Request a copy of your data in a portable format
Opt out of non-essential communications
Object to certain processing activities
Withdraw consent (where processing is consent-based)
You can update much of your profile information in account settings within the platform. To exercise other rights — including account deletion or data export — contact us at [email protected]. We will respond within a reasonable time.
7. Third-Party Services and Infrastructure
We use the following categories of providers to operate the platform:
Payment processing: Stripe (including Stripe Connect for club payouts). Stripe's privacy policy applies to payment data it processes: stripe.com/privacy
Email delivery: Transactional email providers (e.g. Mailtrap in development; production provider may vary)
File storage: Amazon Web Services (S3) for uploaded files and images
Address autocomplete: Google Places API (server-side)
Map geocoding: Photon (Komoot), an OpenStreetMap-based service used in the browser to display club and event locations
Push notifications: Firebase Cloud Messaging (FCM), when push is enabled for team chat
DNS and edge services: Cloudflare
Hosting infrastructure: Managed database and caching services used to run the application
These providers process data according to their own policies and our agreements with them.
8. Children's Privacy
GrassRoster is designed for youth soccer clubs and includes features for managing minor athletes. We comply with applicable laws regarding children's privacy, including the U.S. Children's Online Privacy Protection Act (COPPA) where it applies:
A minor may have a player profile on a roster without a login account; parents or guardians typically create and maintain that profile
A minor may create a user account only with parent/guardian consent (for example, through a parent-issued account invite)
Parents control optional self-service permissions for linked minor accounts (such as RSVP, chat, or photo visibility)
Parents can view, manage, and request deletion of their children's data
We do not knowingly collect more data than necessary from minors
We do not use children's data for advertising or profiling
9. Security
We implement appropriate technical and organizational measures to protect your data, including:
Encryption in transit (TLS/HTTPS)
Encrypted password storage
Role-based access controls
Audit logging for sensitive operations
10. International Data Transfers
Your data may be stored and processed in the United States and other countries where our service providers operate. If you access the Service from outside the United States, you consent to such transfer and processing. Where required by law, we use appropriate safeguards for cross-border transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. Your continued use after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
