UN
SCT

Privacy Policy

Unscouted Privacy Policy

Effective date: 2026-06-28 launch template.

This Privacy Policy explains how Unscouted collects, uses, stores, and shares information for the Unscouted mobile app and related launch services in the United States and Canada.

Scope

This policy covers the Unscouted mobile app, public account and legal request pages on https://unscouted.app, and the owner/admin web billing handoff on https://app.unscouted.app when it is live. It does not cover independent services that users open outside Unscouted, such as App Store, Google Play, or Stripe checkout and account-management pages.

Information We Collect

Unscouted collects information needed to run recreational sports leagues, accounts, subscriptions, support, safety, and required account/legal workflows.

Unscouted does not currently use device location permission, the Contacts API, microphone access, Bluetooth access, advertising SDKs, or third-party analytics or tracking SDKs in the mobile app configuration. Camera access is used for invite QR scanning. Photo-library access is used for optional league crest selection. File access is used for optional roster CSV import and account export download handling.

How We Use Information

We use information to:

Visibility And Sharing Inside Unscouted

Profiles are league-visible by default. Members who share a league can see league-scoped profile, roster, match, rating, standing, and stats information according to their role, entitlements, and the league's visibility settings.

Limited public basics may be exposed for discovery/search only when the profile and league context allow it. Public basics can include display name, avatar or profile color, rating/rank summary, and public/discoverable league associations. Non-shared public viewers do not receive private contact information, detailed match history, deep stats, comments, reactions, private-league membership, or support/safety records. Blocks and reports further limit profile views, challenges, comments, reactions, presence, and search interaction surfaces.

Service Providers

We use service providers to operate the app. They process information for app functionality, authentication, billing, support, notifications, storage, and security.

We do not sell personal information and do not use the current launch app for third-party advertising or cross-app tracking. If a future SDK or provider setup changes this, the policy and store disclosures must be updated before release.

Payments

Account Legend purchases and Gift Legend purchases are handled through the mobile stores and RevenueCat. League Plus and Max billing is planned as Stripe-backed web/admin billing scoped to a specific league. Payment card, bank-account, and store-account details are handled by the relevant payment provider. Unscouted receives purchase, entitlement, invoice, receipt, refund, credit, and reconciliation records needed to provide access and support.

Legend cancellations, refunds, and payment-method changes route through App Store or Google Play purchase management. League Plus/Max billing issues route through the Stripe-backed web/admin billing path and managed billing support. Unscouted does not provide self-serve league refunds or credits and does not issue app-side cash refunds for mobile Legend subscriptions.

Account Export

Account/legal export is available outside the paid feature matrix. In Supabase mode, authenticated users can request a requester-scoped CSV export through the app. The export is stored in private account-exports storage and returned as a short-lived signed download URL, currently valid for 1 hour. When production Resend delivery is configured, users can also request email delivery of that signed link to their verified account email. Personal calendar/history exports and league-wide data/stats exports are deferred for launch unless reopened.

Account Deletion

Authenticated users can request account deletion through the privacy/support workflow. A deletion request creates a legal/account support ticket and sets a 30-day review marker on the account profile. Deletion is not immediate. After the review date, a platform admin may run the service-owned deletion execution workflow. That workflow removes live account access, deletes or expires live access artifacts such as push tokens, notification preferences, presence, and account export links, detaches and deletes the Supabase Auth account where it exists, and anonymizes the profile that remains attached to league history. Some records are retained where required for security, fraud prevention, accounting, billing, provider reconciliation, dispute handling, legal compliance, or audit integrity.

Retention

We retain account, league, match, billing, support, safety, audit, and provider records for as long as needed to provide the service, preserve league history, support users, satisfy accounting or legal obligations, prevent abuse, and reconcile provider events. Short-lived export links are temporary. Export files, support tickets, audit records, billing records, and safety records may be kept longer when needed for account/legal, compliance, security, dispute, provider, or operational reasons.

Local queued mutation rows may remain on the device until they sync or fail; synced queue rows are pruned by the app. Push tokens can be deleted when the push provider reports that a device is no longer registered.

Security

Unscouted uses HTTPS/TLS for app and provider traffic, Supabase Row Level Security, server-owned Edge Functions for privileged writes, private storage for account exports, and server-side secrets for service-role, provider, webhook, notification, invite, and billing operations. Do not place provider secrets, service-role keys, database passwords, OAuth secrets, webhook secrets, or admin credentials in Expo public environment variables or client code.

Children

Unscouted is not directed to children under 13 or to users under the equivalent minimum age required by local law. League operators are responsible for using the app consistently with any youth, school, club, or parental-consent rules that apply to their league.

Contact And Requests

Use the in-app Support and Privacy screens for support, export, deletion, and privacy requests when signed in. Public account request pages should be published at:

Support email is a fallback for signed-out, deliverability, provider, legal/account, and required transactional workflows. The planned root reply-to alias is support@unscouted.app.

Changes

We may update this policy as features, providers, store disclosures, or legal requirements change. Store privacy labels and Google Play Data Safety answers must stay aligned with the current app binary, provider setup, and this policy.