Legal
Short version: We collect the minimum data needed to run the app. We do not sell your personal information. You can request deletion of your account and data at any time.
Contents
This Privacy Policy describes how Eric Stablow, an individual sole proprietor doing business as "SoccerCoach Guru" ("we," "us," or "our") collects, uses, and shares information when you use SoccerCoach Guru (the "Service") at app.soccercoachguru.com.
By using the Service, you agree to the collection and use of information as described in this policy. This policy is incorporated into and forms part of our Terms of Service.
If you have questions or concerns about this policy, contact us.
| Data | Why we store it |
|---|---|
| Email address | Account creation, passwordless sign-in, account notifications |
| Primary position and skill level | To personalize session recommendations from the drill library |
| Promo code used at signup | To apply the correct trial period and feature set |
| Account status | Plan (trial / active), trial expiration, Ask Guru question count, billing-related fields |
| Training session log | For sessions you mark complete: focus area, planned and actual duration, drill count, optional 1–5 self-rating, timestamp, timezone offset. Powers your streaks, stats, and personalized recommendations. |
| Parent email (optional) | If you provided one, used to route billing receipts and account notifications. Required for under-13 accounts as part of verifiable parental consent. |
| Parental consent record (under-13 only) | Parent email, consent token, confirmation timestamps, IP at consent, consent method. Retained 6 years per federal law (COPPA). |
| Failed sign-in attempt log | To detect and fix problems that block sign-in or sign-up (for example, a rate limit or an invalid access code). For each failed attempt we store the reason, IP address, the access code entered (if any), a timestamp, and the email address. To protect children, the email is stored in readable form only when the attempt is confirmed to be from someone 13 or older; otherwise it is stored only as a one-way cryptographic hash. Retained up to 90 days, then automatically deleted. |
| Payment information | Processed directly by Stripe (paid accounts only). We do not store card numbers or full payment details on our servers. |
The following information is stored only in your browser's local storage and is never transmitted to our servers:
Information stored in browser local storage may be deleted if you clear your browser data, use private browsing mode, switch devices, or use browser settings or extensions that automatically remove local storage data.
Questions you send to Ask Guru, along with the conversation context needed to respond, are transmitted to Anthropic (the third-party AI provider that powers the assistant). Anthropic processes them in real time to generate a response and does not use them to train its models. We do not retain the message content on our servers after the response is delivered. Anthropic and any other third-party AI providers may temporarily process or retain certain request data for security, abuse prevention, reliability, or legal compliance purposes in accordance with their own policies. We do retain a per-account count of total questions asked, used to enforce trial limits.
Please do not submit sensitive personal information through Ask Guru, including medical information, government identification numbers, financial account information, or other highly sensitive data.
When you take certain actions in the Service (such as opening the app, starting or completing a session, opening Ask Guru, or sharing content), we record a server-side event log entry containing your account ID, the event name, a small payload describing the action, and a timestamp. This data stays on our servers (Cloudflare D1) and is used only to operate and improve the Service. We do not share it with third parties.
When you access the Service, Cloudflare (our infrastructure provider) automatically processes standard server log data, including your IP address, browser type, operating system, referring URL, and pages visited. This data is used for security, performance monitoring, and abuse prevention. We do not use it to build individual user profiles.
We use the information we collect to:
We do not use your data to serve advertising. We do not build advertising profiles. We do not sell your personal information.
Legal basis for processing: We process personal information where necessary to provide the Service, fulfill our contractual obligations, comply with legal obligations, protect legitimate business interests, or where consent has been provided.
We share your information only in the following circumstances:
We share information with the following providers strictly as necessary to operate the Service:
| Provider | What they receive | Purpose |
|---|---|---|
| Cloudflare | All traffic (IP, request data) | Hosting, CDN, security, DDoS protection |
| Anthropic | Your Ask Guru questions | AI response generation |
| Resend | Your email address | Transactional email delivery |
| Stripe | Your email, payment details | Subscription billing (paid accounts only) |
Each provider is bound by their own privacy policy and contractual data protection obligations. We do not authorize providers to use your data for their own marketing or purposes beyond the service they provide to us.
We may disclose your information if required to do so by law, court order, or lawful government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you by email before your information is transferred and becomes subject to a different privacy policy.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We are not a data broker and do not monetize personal information through advertising networks, cross-context behavioral advertising, or third-party data marketplaces.
We retain your account information for as long as your account is active or as needed to provide the Service. Specifically:
To request deletion of your account and data, email [email protected]. We will confirm deletion within 30 days.
Deletion requests apply to information under our direct control. Certain data may persist temporarily in encrypted backups, security systems, or third-party provider systems until overwritten or removed in accordance with standard retention cycles.
We implement reasonable technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
The Service is appropriate for soccer players of all ages, including children under 13. For users under 13, we comply with the Children's Online Privacy Protection Act ("COPPA") by obtaining verifiable parental consent before creating the account or collecting any personal information from the child.
We collect the following information from children under 13 with your consent: their email address (for sign-in only), primary soccer position and skill level (for personalization), and a log of training sessions they mark complete (focus area, duration, drill count, optional self-rating, timezone). The full list and purposes are in Section 2. We do not condition a child's participation on more information than is reasonably necessary. If a sign-in or sign-up attempt fails before we know a person's age, we store only a one-way hashed (non-readable) form of any email entered, specifically so that we do not collect readable contact information from a child without your consent.
We do not use information from children under 13 to serve advertising, build behavioral profiles, send marketing communications, or share with third parties for marketing purposes. We do not use it to track them across other websites.
When a child under 13 signs up, we ask them for a parent or guardian's email address (we do not create the account yet). We send the parent a consent request that describes exactly what data we will collect, how we will use it, who we share it with, and the parent's rights. The parent must click the unique consent link in that email to activate the account. After consent is recorded, we send the parent a separate confirmation email for their records. This single-click + confirmatory email method is one of the verifiable consent methods recognized by the Federal Trade Commission under COPPA.
As the parent or guardian of a child under 13 who has used the Service, you have the following rights:
You can exercise all of these rights at the parent portal: app.soccercoachguru.com/parent. Sign in with the same email address that received the consent request. You may also email [email protected] with the subject line "Parental Request" and we will assist you directly.
When you revoke consent or request deletion: the child's account, training session log, saved plans, and any cached authentication data are removed within 30 days (and in most cases within minutes). We retain only the parental consent record itself (parent email, consent timestamps, IP at consent) for 6 years as required by the FTC.
Users between 13 and 17 should have a parent or guardian review these Terms and this Privacy Policy before registering. Parents of users in this age range may contact us at any time to review, correct, or delete information associated with the account.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise any of these rights, email us at [email protected] with the subject line "California Privacy Request." We will verify your identity before processing any request and respond within 45 days as required by law.
Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
We use the following mechanisms to store data on your device:
We do not use third-party analytics services to track individual user behavior across websites or applications, and we do not use tracking cookies, advertising cookies, or third-party analytics cookies. Cloudflare may set cookies for security and performance purposes as part of its infrastructure services.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect and update the effective date at the top of this page.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
We aim to respond to all privacy-related inquiries within 5 business days.