Privacy Policy

Your privacy matters. This Privacy Policy explains what information Tripoint collects, why we collect it, who we share it with, and how you can exercise your rights. We have written it to be readable — not just legally complete.

1. Information We Collect

We collect information you provide directly, information your organization provides on your behalf, and information generated automatically when you use the platform.

Account Information

When you create a Tripoint account, we collect your name, email address, and phone number. If you are an organization director, we also collect your organization’s name and configuration details. You may optionally add a profile photo.

Organization and Team Data

Directors and coaches enter information about their organization, programs, seasons, teams, and schedules. This includes facility locations, game times, rosters, and assignments. This data is owned and controlled by the organization.

Athlete Information (Including Minors)

Player registration records include name, date of birth, gender, and contact information. For minor athletes, this information must be entered by a parent, legal guardian, or authorized league official — not by the child directly. See Section 3 (Children’s Privacy) for details on how we handle data about minors.

Financial Information

All payment processing is handled by Stripe. Tripoint never stores full credit card numbers, bank account numbers, or other raw payment credentials. We store transaction metadata: amount, date, status, and Stripe transaction identifiers. See Section 6 (Payment Data) for details.

Digital Waivers

When a participant signs a waiver through Tripoint, we collect: the signer’s verified identity, an electronic signature, and the timestamp of signing. Organizations author the waiver content; Tripoint is not a party to the waiver itself. See Section 7 (Digital Waiver Data) for retention details.

Communication Data

Tripoint’s messaging features generate message content, timestamps, sender and recipient identifiers, and read receipts. This data is used to deliver messages and is accessible to authorized parties within the relevant organization or conversation.

Usage Data

We automatically collect certain technical information when you use the platform:

• Device type, operating system, and browser version
• IP address and approximate geographic location (city/region level)
• Pages visited, features used, and session duration
• Error reports and performance data (via Sentry)
• Anonymized page performance metrics (via Vercel Analytics)

This data is used to operate and improve the platform. It is not used for advertising.

Cookies

We use essential cookies only. See Section 12 (Cookies) for the complete list. We do not use advertising or cross-site tracking cookies.

2. How We Use Your Information

Service Operation

We use your information to provide the features you and your organization have signed up for: scheduling games, managing rosters, processing payments, collecting waivers, and making assignment decisions. Without this information, the platform cannot function.

Communication

We use contact information to send game updates, assignment notifications, registration confirmations, and other operational messages. You can manage your notification preferences in your account settings.

Safety and Compliance

Waiver records and roster data help organizations verify that participants have met participation requirements. We use audit logs and access controls to ensure that only authorized users can view sensitive data.

Platform Improvement

Aggregated, anonymized usage data helps us identify how features are used, find performance bottlenecks, and prioritize improvements. We do not use individual usage profiles for this purpose.

Legal Compliance

We retain certain financial and transaction records as required by law (see Section 8). We may use or disclose information to respond to valid legal process, enforce our Terms of Service, or protect the rights, property, or safety of Tripoint, our users, or others.

3. Children’s Privacy

Tripoint is designed for use by sports organizations, many of which include minor athletes. We take the privacy of children seriously and comply with the Children’s Online Privacy Protection Act (COPPA).

Tripoint does not knowingly collect personal information directly from children under 13. All player data for minors — including name, date of birth, and contact information — must be entered into the platform by a parent, legal guardian, or authorized league official on the child’s behalf. Children do not have standalone accounts on Tripoint.

Parental rights: If your child’s information is in Tripoint as part of a sports registration, you may:

• Review the information we hold about your child
• Correct inaccurate information through the organization’s director
• Request deletion of your child’s data by contacting info@tripointcollective.com

Data retention for minor athletes is limited to what is reasonably necessary for the organization’s legitimate operations. Waiver records for minors are retained until the applicable statute of limitations expires after the child reaches the age of majority (see Section 7).

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as promptly as possible. To report a concern, contact info@tripointcollective.com.

4. Data Sharing

We do not sell your personal information. We share it only in the following circumstances:

Service Providers

We work with trusted third-party providers who process data on our behalf, under confidentiality agreements and only to perform the services we have engaged them for:

• Stripe — payment processing (Stripe Privacy Policy)
• Resend — transactional email delivery
• Vercel — platform hosting and infrastructure
• Sentry — error monitoring and diagnostics
• Neon — database infrastructure (SSL-encrypted Postgres)

Within Your Organization

Roster data, schedules, and registration information are shared with authorized coaches, administrators, and parents within your specific organization on Tripoint. A director at one organization cannot see data belonging to another organization.

Officials and Referees

When an official or referee is assigned to a game, they can see the game details necessary to fulfill that assignment (date, time, location, teams). They cannot see player registration records, payment details, or other organizational data.

Legal Obligations

We may disclose information if required to do so by law or in response to valid legal process, such as a court order, subpoena, or government request. We will attempt to notify affected users when legally permitted to do so.

Corporate Transactions

In connection with a merger, acquisition, or sale of all or substantially all of our assets, user information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.

5. Cross-Organization Data Isolation

Tripoint supports users who belong to multiple organizations — for example, a coach who works with two leagues, or an official who is assigned through an assigner that serves several organizations. We isolate organizational data carefully:

• Each organization’s data — registrations, rosters, payments, schedules — is scoped to that organization. Directors cannot view other organizations’ data.
• Users with accounts in multiple organizations see each organization’s data separately. Your role and permissions in one organization do not carry over to another.
• Core identity information (name, email, phone number) is shared across the organizations you belong to, because these are properties of you as a person, not of any single organization’s relationship with you.
• Role-specific data (registrations, roster positions, payment records) is strictly scoped to the organization where that role exists.
• Assigners — third-party scheduling services — can see game data across the organizations that have contracted with them for scheduling purposes only. They cannot see registration, payment, or player data.

6. Payment Data

All payment processing on Tripoint is handled by Stripe. By using payment features, you also agree to Stripe’s Privacy Policy.

What Tripoint stores: Transaction metadata including payment amount, date, status, and Stripe-generated transaction identifiers.

What Tripoint does NOT store: Full credit card numbers, card verification codes (CVV/CVC), bank account numbers, or any other raw payment credentials. These are handled exclusively by Stripe and never pass through Tripoint’s servers in raw form.

Who can see payment data: Organization directors can see transaction amounts and statuses for transactions within their organization. Officials and referees can see their own payment amounts. No user can see another user’s full payment details across organizations.

7. Digital Waiver Data

Tripoint facilitates waiver collection on behalf of organizations. The organization authors and owns the waiver content; Tripoint is the technology provider and is not a party to the waiver agreement itself.

For each signed waiver, we collect and permanently store:

• The signer’s verified identity (linked to their Tripoint account)
• The date and time of signing
• The electronic signature
• A snapshot of the waiver content at the time of signing

Retention: Waiver records for adult participants are retained for as long as the organization’s account is active and for a reasonable period thereafter. Waiver records for minor participants are retained until the applicable statute of limitations has expired after the minor reaches the age of majority. This extended retention is necessary to protect both the participant and the organization in the event of a future legal dispute.

8. Data Retention

We retain data for as long as necessary to operate the platform and meet our legal obligations. The following schedules apply:

• Account data: Retained while your account is active. Soft-deleted (made invisible to the app but not permanently removed) when you close your account.
• Registration records: Retained for the duration of the organization’s subscription plus seven (7) years for tax and recordkeeping compliance.
• Payment records: Retained for seven (7) years, as required by IRS regulations.
• Waiver records: Retained for the applicable statute of limitations (extended for minors as described in Section 7).
• Messaging data: Retained while your account is active; may be retained longer if it is part of an organization’s operational record.
• Children’s data: Retained only as long as reasonably necessary for the purpose for which it was collected.

Tripoint uses soft deletion: records are flagged as deleted and become invisible to users, but the underlying data is preserved in our database for audit, compliance, and dispute resolution purposes. We do not perform automatic purges.

9. Security

We apply industry-standard security measures to protect your information:

• Encrypted sessions: All session tokens are cryptographically signed. Sessions are invalidated on logout.
• HTTPS everywhere: All data in transit is encrypted via TLS.
• Secure database storage: All data is stored in an SSL-encrypted Neon Postgres database with strict access controls.
• Role-based access controls: Users can only access data their role authorizes. Cross-organization isolation is enforced at the data layer, not just the UI layer.
• Audit logging: Sensitive operations are logged for accountability and incident response.
• Least privilege: Tripoint staff access to production data is limited to what is required for support and operations.

No method of transmission over the internet or electronic storage is perfectly secure. While we strive to protect your information, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to info@tripointcollective.com.

10. Your Rights and Choices

Access and Correction

You can view and update your name, email, and phone number from your account dashboard at any time. If you believe information in your organization’s records about you is inaccurate, contact your organization’s director or reach out to us at info@tripointcollective.com.

Notification Preferences

You can manage which notifications you receive — and how you receive them — from the Notifications section of your account settings. Some operational messages (such as payment receipts) may not be fully opt-out-able while your account is active.

Data Deletion

You may request deletion of your personal data by contacting info@tripointcollective.com. We will honor deletion requests to the extent possible, but note that some data — such as payment records, waiver records, and registration history — is retained for legal and financial compliance purposes and cannot be deleted on request.

Cookie Management

You can control cookies through your browser settings. Because Tripoint uses only essential authentication cookies, disabling cookies will prevent you from signing in to the platform.

11. State Privacy Rights

California (CCPA / CPRA)

California residents have the right to: know what personal information we collect and how it is used; request deletion of their personal information; correct inaccurate personal information; and opt out of the “sale” or “sharing” of personal information. Tripoint does not sell or share personal information as those terms are defined by the CCPA/CPRA.

California residents may also request to know whether we use automated decision-making that produces legal or similarly significant effects, and to opt out of such processing. Tripoint does not use such automated decision-making.

Colorado, Connecticut, Virginia, and Other States

Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Texas, Montana, and others enacted after this policy’s effective date) have similar rights to access, correct, delete, and port their personal data, as well as the right to opt out of the sale of personal data. Because we do not sell personal data, the opt-out right is satisfied automatically.

To exercise any of these rights, contact us at info@tripointcollective.com with “Privacy Rights Request” in the subject line. We will respond within the timeframes required by applicable law (generally 45–90 days). We will not discriminate against you for exercising your privacy rights.

12. Cookies

Tripoint uses essential cookies only. We do not use advertising cookies, tracking pixels, or cross-site behavioral targeting of any kind.

The cookies we set:

• tripoint_session — Your authentication session. Required to keep you signed in. Expires when you sign out or after a period of inactivity.
• tripoint_context — Your active organization context when you have accounts in multiple organizations. Allows the app to remember which organization you were last working in.
• tripoint_device_trust — Marks a device as trusted after verification, reducing the frequency of step-up authentication prompts.

Third-party services we use that may set their own cookies or collect data:

• Sentry — Error monitoring. Sentry may set a session identifier to correlate error reports. No personally identifiable information is intentionally sent to Sentry beyond error context.
• Vercel Analytics — Page performance monitoring. Data is anonymized and aggregated. Vercel does not receive individually identifiable user data through this integration.

You can manage or delete cookies through your browser settings. Removing essential cookies will sign you out of the platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — changes that meaningfully affect your rights or how we use your information — we will notify you via email to the address on your account or via an in-app notification before the changes take effect.

The effective date at the top of this page reflects when the current version took effect. Continued use of the platform after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.

For non-material changes (such as clarifications or corrections to existing statements), we will update this page without separate notification.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to report a concern, please contact us:

For requests related to children’s privacy or COPPA concerns, please use the email above and include “COPPA Request” in the subject line.

For California and other state privacy rights requests, include “Privacy Rights Request” in the subject line.