⚠️ DRAFT — this policy has not yet been reviewed by a lawyer. Operators should obtain legal review before relying on it, especially regarding children's data (COPPA/GDPR-K).
Last updated: July 2026
Account details (name, email, password hash), league data you or your league enter (rosters, schedules, RSVPs, messages, payment records), and basic technical logs (IP address, browser type) used for security and reliability.
LeagueRelay is designed for use by adults — league administrators, coaches, and parents or guardians. Player rosters may include children's names and ages, entered and controlled by the league. Accounts are for users 16 or older; children do not create accounts. Leagues are responsible for obtaining any consent required from families before entering player information. Parents/guardians can ask their league admin to correct or remove their child's data at any time, or contact us directly.
Only to run the service: showing schedules to your league, sending the notifications you opt into, processing fee payments, and keeping the platform secure. We do not sell personal data. Sponsor messages, where a league enables them, are placements chosen by the platform owner — no personal data is shared with sponsors.
Card payments are processed by Stripe. Card numbers never touch our servers. Leagues that connect a Stripe account are the merchant of record for their fees.
Data is stored in the EU (Hetzner, Finland) with encrypted daily off-site backups. Passwords are hashed (bcrypt); league email credentials are encrypted at rest; access is role-based.
You can export or delete your data by contacting your league admin or the platform operator. Deleting a league removes its rosters, schedules, messages and related records.
Questions or requests: darewaweru@gmail.com.