Legal

Privacy Policy

Effective date: April 30, 2026

1. Overview

Derived Athletics, LLC ("we," "us," or "our") operates FencR. This Privacy Policy explains how we collect, use, store, and share information about you when you use our platform. By using FencR, you agree to the practices described here. If you are a parent or guardian creating or managing an account on behalf of a minor athlete, this policy applies to the information you provide on their behalf as well.

2. Information We Collect

Information you provide directly:

  • Account information: full name, email address, password.
  • Profile information: date of birth, profile photo, weapon specializations.
  • Payment information: billing details processed and stored by Stripe (we do not store raw card numbers or bank account numbers).
  • Club and organization data entered by administrators: schedules, member records, invoices, subscription plans, and club settings.
  • Parent–child relationship data when a parent links a minor athlete's account to their own.
  • Communications you send us (support requests, feedback).
  • Notification preferences set in your account settings.

Information collected automatically:

  • Log data: IP address, browser type, pages visited, timestamps.
  • Device information: operating system, device identifiers.
  • Usage data: features accessed, actions taken within the platform.
  • Session authentication tokens (stored in secure HTTP-only cookies).
  • Calendar sync tokens if you enable iCal or Google Calendar integration.

Information from third parties:

  • If you sign in with Google or Apple, we receive your name and email address from those providers.
  • Payment transaction data and payout information from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate you securely.
  • Provide the FencR platform and all its features, including scheduling, invoicing, payment processing, and analytics.
  • Route invoices and payment responsibility to the correct parent or guardian when a minor athlete is the subject of an invoice.
  • Send transactional emails and in-app notifications (invoice delivery, booking confirmations, payment receipts, account alerts).
  • Generate club-level analytics and reporting for administrators (aggregated and org-scoped).
  • Respond to support requests and communicate with you about your account.
  • Detect, investigate, and prevent fraud, abuse, or security incidents.
  • Comply with legal obligations, including financial record-keeping requirements.
  • Improve the platform based on aggregated usage patterns.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. How We Share Your Information

We may share your information with:

  • Your club or organization: Club administrators and coaches can view member profiles, booking history, invoice status, and payment records for members of their organization. Parents can view invoices and payment history for their linked minor athletes.
  • Service providers: Third-party vendors who help us operate the platform — Supabase (database and authentication), Stripe (payment processing), Vercel (hosting and edge infrastructure), and Resend (transactional email delivery). These providers access your data only to perform services on our behalf and are contractually prohibited from using it for other purposes.
  • Law enforcement or legal process: If required by law, court order, or to protect the rights, property, or safety of FencR, its users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, in which case user data may be transferred as a business asset. Affected users will be notified in advance.

5. Children's Privacy

FencR is designed to support clubs that manage minor athletes. Minor athlete accounts are created and supervised by a parent or legal guardian. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent.

Parents and guardians retain control over their minor's data within the platform, including the ability to update profile information or request deletion by contacting us. Invoices for minor athletes are routed to the linked parent or guardian's account, not to the minor's account.

If you believe we have inadvertently collected information from a child under 13 without proper consent, contact us at support@derivedathletics.com and we will delete it promptly.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or accounting purposes. Financial records (invoices, payment history) may be retained in de-identified form for up to 7 years to satisfy accounting and tax obligations. De-identified or aggregated analytics data may be retained indefinitely.

7. Cookies and Session Tokens

FencR uses secure HTTP-only cookies to maintain your authenticated session. These are strictly necessary for the platform to function and cannot be disabled. We do not use third-party advertising cookies or tracking pixels.

If you connect a calendar integration (iCal), we generate a unique feed token stored in your account. You can regenerate or revoke this token at any time from your settings, which will invalidate any existing calendar subscriptions.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, row-level security policies on our database (ensuring users can only access data within their authorized organizations), and strict access controls. API routes verify authentication and role authorization on every request. Service-role database access is restricted to server-side code only and never exposed to the client.

No method of transmission over the internet is 100% secure. Please notify us immediately at support@derivedathletics.com if you suspect unauthorized access to your account.

9. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information (via account settings).
  • Delete your account and associated personal data (via account settings → Danger Zone).
  • Portability — request a copy of your data in a structured format.
  • Opt out of non-essential email notifications (via account settings → Email Notifications toggle).
  • Withdraw consent where processing is based on consent.

To exercise these rights or make a data request, go to your account settings or contact us at support@derivedathletics.com. We will respond within 30 days.

10. International Transfers

FencR is operated in the United States. If you access the platform from outside the US, your data will be transferred to and processed in the United States. By using FencR, you consent to this transfer. For transfers from the European Economic Area, we rely on standard contractual clauses and other lawful mechanisms where applicable.

11. Third-Party Links

FencR may contain links to third-party websites or services (for example, Stripe's payment portal or your club's external website). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the effective date. We encourage you to review this page periodically. Continued use of FencR after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Derived Athletics, LLC

Email: support@derivedathletics.com