Privacy Policy
Unscouted Privacy Policy
Effective date: 2026-06-28 launch template.
This Privacy Policy explains how Unscouted collects, uses, stores, and shares information for the Unscouted mobile app and related launch services in the United States and Canada.
Scope
This policy covers the Unscouted mobile app, public account and legal request pages on https://unscouted.app, and the owner/admin web billing handoff on https://app.unscouted.app when it is live. It does not cover independent services that users open outside Unscouted, such as App Store, Google Play, or Stripe checkout and account-management pages.
Information We Collect
Unscouted collects information needed to run recreational sports leagues, accounts, subscriptions, support, safety, and required account/legal workflows.
- Account and contact information: email address, display name, handle, profile
- League and sports information: league names, roles, memberships, rosters,
- User content: league crest images uploaded by eligible admins, roster CSV
- Purchases and entitlement information: RevenueCat App User ID, product,
- Notifications and device identifiers: Expo push tokens, notification
- Safety and moderation information: directional blocks, reports, escalation
- Operational records: audit logs, queue/replay metadata for offline writes,
color, home club, bio, self-rated skill, authentication identifiers, profile identifiers, account recovery state, OAuth provider state, and account deletion or export request markers.
tracked-player placeholders, invites, join requests, match records, scores, point events, disputes, ratings, standings, deep-stat snapshots, tournaments, sessions, RSVPs, waitlists, check-ins, attendance metadata, and user-entered venue, court, address, or notes fields.
import files uploaded by eligible admins, match comments, reactions, presence or check-in signals, support-ticket text, report details, and optional Gift Legend messages or recipient details.
package, transaction, entitlement, purchase, restore, refund, reversal, and gift-correlation records for account Legend and Gift Legend. League Plus and Max billing records are planned for Stripe-backed web/admin billing and may include customer, subscription, invoice, receipt, tax, refund, credit-note, usage, and reconciliation identifiers. Unscouted does not collect payment card or bank account numbers in the app.
preferences, quiet-hour or pause settings, delivery rows, receipt status, and permission-primer status when push notifications are used.
metadata, review state, and audit rows for support or admin actions.
export job status, short-lived account export download references, and service-owned function logs needed to secure and operate the app.
Unscouted does not currently use device location permission, the Contacts API, microphone access, Bluetooth access, advertising SDKs, or third-party analytics or tracking SDKs in the mobile app configuration. Camera access is used for invite QR scanning. Photo-library access is used for optional league crest selection. File access is used for optional roster CSV import and account export download handling.
How We Use Information
We use information to:
- create and manage accounts, profiles, leagues, rosters, roles, invites, and
- record, edit, dispute, rate, rank, and display league matches and related
- enforce league membership, entitlement, privacy, block, report, and support
- provide account Legend, Gift Legend, and planned league Plus/Max access;
- deliver in-app notifications and optional push notifications;
- route support, provider billing, privacy, export, deletion, safety, and
- provide CSV account/legal exports through private storage and short-lived
- prevent fraud, abuse, unauthorized access, and policy violations;
- maintain audit, provider reconciliation, and operational records.
claims;
stats;
boundaries;
moderation requests;
signed download URLs;
Visibility And Sharing Inside Unscouted
Profiles are league-visible by default. Members who share a league can see league-scoped profile, roster, match, rating, standing, and stats information according to their role, entitlements, and the league's visibility settings.
Limited public basics may be exposed for discovery/search only when the profile and league context allow it. Public basics can include display name, avatar or profile color, rating/rank summary, and public/discoverable league associations. Non-shared public viewers do not receive private contact information, detailed match history, deep stats, comments, reactions, private-league membership, or support/safety records. Blocks and reports further limit profile views, challenges, comments, reactions, presence, and search interaction surfaces.
Service Providers
We use service providers to operate the app. They process information for app functionality, authentication, billing, support, notifications, storage, and security.
- Supabase: authentication, database, storage, Edge Functions, account/legal
- RevenueCat, App Store, StoreKit, Google Play Billing, and Google Play: account
- Stripe: planned league Plus/Max web/admin billing, hosted Checkout, Customer
- Expo Push API, Apple Push Notification service, and Firebase Cloud Messaging:
- Resend: planned production Email OTP, transactional email, and fallback
- Apple and Google OAuth: optional sign-in provider flows through Supabase.
export storage, and server-side authorization.
Legend and Gift Legend purchase, restore, refund/reversal, entitlement, and store-subscription management.
Portal, invoices, receipts, tax, metered usage, refunds, credits, and billing reconciliation.
optional push notification delivery.
support/legal/account email delivery.
We do not sell personal information and do not use the current launch app for third-party advertising or cross-app tracking. If a future SDK or provider setup changes this, the policy and store disclosures must be updated before release.
Payments
Account Legend purchases and Gift Legend purchases are handled through the mobile stores and RevenueCat. League Plus and Max billing is planned as Stripe-backed web/admin billing scoped to a specific league. Payment card, bank-account, and store-account details are handled by the relevant payment provider. Unscouted receives purchase, entitlement, invoice, receipt, refund, credit, and reconciliation records needed to provide access and support.
Legend cancellations, refunds, and payment-method changes route through App Store or Google Play purchase management. League Plus/Max billing issues route through the Stripe-backed web/admin billing path and managed billing support. Unscouted does not provide self-serve league refunds or credits and does not issue app-side cash refunds for mobile Legend subscriptions.
Account Export
Account/legal export is available outside the paid feature matrix. In Supabase mode, authenticated users can request a requester-scoped CSV export through the app. The export is stored in private account-exports storage and returned as a short-lived signed download URL, currently valid for 1 hour. When production Resend delivery is configured, users can also request email delivery of that signed link to their verified account email. Personal calendar/history exports and league-wide data/stats exports are deferred for launch unless reopened.
Account Deletion
Authenticated users can request account deletion through the privacy/support workflow. A deletion request creates a legal/account support ticket and sets a 30-day review marker on the account profile. Deletion is not immediate. After the review date, a platform admin may run the service-owned deletion execution workflow. That workflow removes live account access, deletes or expires live access artifacts such as push tokens, notification preferences, presence, and account export links, detaches and deletes the Supabase Auth account where it exists, and anonymizes the profile that remains attached to league history. Some records are retained where required for security, fraud prevention, accounting, billing, provider reconciliation, dispute handling, legal compliance, or audit integrity.
Retention
We retain account, league, match, billing, support, safety, audit, and provider records for as long as needed to provide the service, preserve league history, support users, satisfy accounting or legal obligations, prevent abuse, and reconcile provider events. Short-lived export links are temporary. Export files, support tickets, audit records, billing records, and safety records may be kept longer when needed for account/legal, compliance, security, dispute, provider, or operational reasons.
Local queued mutation rows may remain on the device until they sync or fail; synced queue rows are pruned by the app. Push tokens can be deleted when the push provider reports that a device is no longer registered.
Security
Unscouted uses HTTPS/TLS for app and provider traffic, Supabase Row Level Security, server-owned Edge Functions for privileged writes, private storage for account exports, and server-side secrets for service-role, provider, webhook, notification, invite, and billing operations. Do not place provider secrets, service-role keys, database passwords, OAuth secrets, webhook secrets, or admin credentials in Expo public environment variables or client code.
Children
Unscouted is not directed to children under 13 or to users under the equivalent minimum age required by local law. League operators are responsible for using the app consistently with any youth, school, club, or parental-consent rules that apply to their league.
Contact And Requests
Use the in-app Support and Privacy screens for support, export, deletion, and privacy requests when signed in. Public account request pages should be published at:
https://unscouted.app/account/deletehttps://unscouted.app/account/exporthttps://unscouted.app/support
Support email is a fallback for signed-out, deliverability, provider, legal/account, and required transactional workflows. The planned root reply-to alias is support@unscouted.app.
Changes
We may update this policy as features, providers, store disclosures, or legal requirements change. Store privacy labels and Google Play Data Safety answers must stay aligned with the current app binary, provider setup, and this policy.