Legal

Privacy Policy

Arena Sports Network — Last updated June 15, 2026

Arena Sports Network LLC (“we,” “us,” or “our”), located at 134 South Main Street, Suite 100, Alpine, Utah 84004, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you use our Platform — including our website (arenasports.space), progressive web application, mobile applications (iOS and Android), APIs, service workers, checkout flows, messaging tools, and related services.

By using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Platform.

Arena Sports serves users across the United States. Privacy, consumer, child-safety, health-information, breach-notice, biometric, and youth-sports laws vary by state. We apply this Policy nationwide and honor applicable non-waivable state privacy rights where they apply to you.

1.Information We Collect

1.1 Information You Provide Directly

Account Registration:

Full name (first and last)
Email address
Phone number
Date of birth
ZIP code
Billing address where needed for taxes, fraud prevention, or payment processing
Unique handle/username
Profile photo (optional)
Authentication and session data, such as login codes, OAuth identifiers, refresh tokens, and device/session metadata

Creator-Specific Information:

Professional bio and qualifications
Years of experience and sport specializations
Certifications and credentials
Background check information (provider, status, dates)
Professional insurance details (provider, policy number, coverage amount, expiration, certificate uploads)
Social media links (website, LinkedIn, Facebook, Instagram, TikTok, X/Twitter, YouTube)
Stripe Connect financial information (bank account details, SSN, date of birth, EIN, government-issued identification for identity verification)

Dependent/Athlete Profiles (provided by parents):

First and last name
Date of birth and gender
Sports interests, current team, positions, dominant hand/foot, and athletic goals
Presidential Fitness Test data for enabled events, including age or date of birth used for scoring, boys/girls scoring group, grade or school/team where provided, test item results, completion status, award status, event context, recorder, and notes
Height, weight, and shirt size
School, grade, GPA, and graduation year
Medical conditions (from predefined categories: asthma, ADHD, diabetes type 1/2, epilepsy, heart condition, anxiety, depression, and others)
Allergies, current medications, and special medical notes
Doctor name and phone number
Health insurance information (provider, policy number, group number, policyholder details, insurance card photos)
Emergency contacts (name, phone, relationship)
Concussion history and return-to-play clearance status
Photo/video consent preference (allowed or not allowed)
Digital consent signatures (Base64 signature data for medical consent, liability waiver)

Registration and Transaction Data:

Event, camp, and training session selections
Fitness test participation and result records for events where Presidential Fitness Test administration is enabled before registration
Course enrollments and lesson progress
Payment information (processed by Stripe; we store payment method metadata — card brand and last 4 digits — but not full card numbers)
Waitlist positions and offer history
Review and rating submissions (text, photos, ratings)

Communications:

Messages sent through the Platform (direct and group)
Message attachments (images, videos, files, voice notes)
Support requests and incident reports
Review responses

1.2 Information Collected Automatically

Device information: IP address, browser type and version, operating system, device identifiers, screen resolution
Usage data: pages visited, features used, search queries, click patterns, time spent on pages, referral sources
Session data: login timestamps, session duration, actions performed
Location data: approximate location based on IP address (we do NOT track precise GPS location)
Referral attribution: if you arrive through a referral or share link, the referral code in the link and, upon signup, the Ambassador whose link you used
Cookies and similar technologies: session cookies (for authentication), analytics cookies, and preference cookies
Service worker data: cached content and offline usage patterns for the progressive web application

1.3 Information from Third Parties

Google OAuth: name, email address, and profile photo (when you sign up or log in with Google)
Apple authentication: verified identity signals and email address when you use Sign in with Apple
Stripe: payment confirmation, payment method metadata, dispute status, transaction status, payout status, tax calculation data, and identity verification results
Google Calendar and Gmail integrations: tokens, account identifiers, calendar event IDs, message metadata, and content needed to provide the specific integration you connect
Device contacts: names and phone numbers selected or permitted through the mobile app for sharing or invitations; contacts are used for the action you request and are not sold
Creators and organizations: roster updates, cancellation notices, attendance, refund notes, incident details, or participant information they enter into the Platform

2.How We Use Your Information

Service Delivery — Process registrations, payments, and refunds; manage event enrollments; deliver digital courses; facilitate messaging between users; manage waitlists and spot offers; track attendance.

Participant Safety — Share relevant medical information (allergies, conditions, medications, emergency contacts) with creators and staff supervising participants; comply with applicable mandatory reporting, child-safety, emergency, and youth-sports requirements; process incident reports.

Communication — Send transactional emails (registration confirmations, payment receipts, status updates, waitlist notifications) via Resend; deliver in-app and push notifications; send creator email broadcasts.

Platform Improvement — Analyze usage patterns to improve features, fix bugs, and optimize performance; conduct A/B testing; generate anonymized and aggregated analytics via PostHog.

Error Monitoring — Track and resolve application errors, performance issues, and crashes via Sentry to ensure Platform reliability.

Security — Detect and prevent fraud, unauthorized access, and abuse; enforce rate limiting; monitor for data breaches; manage token-based authentication with refresh token rotation.

Legal Compliance — Comply with laws and regulations, respond to legal process, enforce our Terms of Service, and protect the rights and safety of our users.

AI and Automation — Provide support, moderation assistance, administrative drafting, recommendations, analytics, summaries, and operational tooling, subject to safeguards described below.

3.Children’s Privacy (COPPA Compliance)

We are committed to protecting the privacy of children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA):

The Platform is not directed to children under 13, and children may not create independent accounts. A parent or legal guardian must create and control any Dependent Profile for a child. Where COPPA requires verifiable parental consent, we rely on the parent or guardian account holder’s affirmative creation, checkout, consent, and profile-management actions and may request additional verification.

We collect only the minimum information necessary for children to participate in athletic programs: name, date of birth, gender, sports interests, medical information (for safety), emergency contacts, and shirt size.

Parents may review, update, or delete their child’s personal information at any time through their account settings.

We do NOT:

Allow children under 13 to create their own accounts
Collect social media accounts, precise geolocation, or financial information from children
Use children’s personal information for behavioral advertising or targeted marketing
Sell or rent children’s personal information to any third party
Make children’s personal information publicly available
Use children’s personal information for behavioral advertising, sale, or third-party AI model training

Children’s medical information is shared only with creators and staff who need it for participant safety during registered programs.

COPPA parental consent verification status is tracked on each Dependent Profile and may be reverified periodically.

To request deletion of a minor’s data, remove their profile from your account or contact [email protected]. Deletion requests are processed within 30 days.

4.1 Service Providers and Partners

We share information with the following categories of third parties, solely to provide Platform services:

Stripe, Inc. — Payment processing, tax calculation, and creator/organization payouts via Stripe Connect
Cloudinary — Image and media storage, transformation, and delivery
Resend — Transactional and broadcast email delivery
Google — OAuth authentication, Google Maps for location services, Google Analytics for aggregate usage metrics
Apple — Sign in with Apple and mobile platform services
Pusher — realtime messaging, presence, and notification transport
Cloudflare Stream — video hosting and playback where used
GIPHY — GIF search and delivery in messaging where enabled
PostHog — Product analytics and session recording
Sentry — Error monitoring and performance tracking
Vercel — Hosting, edge functions, and content delivery

4.2 Creators and Organizations

When you register for an event, training, or course, the following information is shared with the responsible creator or organization:

Member name, email, and phone number
Participant name, date of birth, and medical information relevant to safe participation
Emergency contact information
Registration details and payment confirmation (creators do not see your full payment details)
Waiver, consent, attendance, cancellation, refund-request, fitness test, and incident information needed to operate the specific program

For events with Presidential Fitness Test administration enabled, Arena may use fitness test results for event operations, participant profile history, internal reporting, program improvement, and aggregated or de-identified partner reporting. Arena does not share identifiable minor fitness results with external partners unless permitted by law and Arena’s applicable agreements or a separate permission applies.

4.3 Referral and Ambassador Program

If you participate in our Referral and Ambassador Program, or sign up through a referral link, we process limited information to operate the Program:

Referral attribution — the referral code used and which Ambassador referred your account, recorded at signup
Earnings data — the qualifying transactions a referred creator completes, used to calculate the Ambassador’s 1% commission, reversals, and payouts
Limited visibility to the Ambassador — an Ambassador can see the name of each creator they referred and the referral earnings those creators have generated, so they can track their own commissions. Ambassadors do NOT see a referred creator’s contact details, customers, participants, medical data, banking information, or customer-level transaction data through the Program

4.4 Legal and Safety Disclosures

We may disclose information:

When required by law, subpoena, court order, or legal process
To protect the safety of any person, including mandatory reporting of suspected abuse, neglect, exploitation, imminent harm, or other reportable safety concerns to the appropriate state or local authority where required by law
To enforce our Terms of Service or protect our legal rights
In connection with an investigation of fraud, intellectual property infringement, or other illegal activity

4.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

4.6 What We Do NOT Do

We do NOT sell your personal information to third parties
We do NOT share your information for third-party marketing or advertising purposes
We do NOT intentionally target services to users outside the United States
We do NOT use your data for automated decision-making that produces legal effects without human oversight
We do NOT participate in cross-site tracking or retargeting networks

5.Data Retention

We retain your personal data according to the following schedule:

Active accountsDuration of account active status

Closed accountsAccount identifiers anonymized and eligible profile/session data deleted within 30 days, except as required by law or platform integrity needs

Financial records7 years (IRS regulations)

Consent and waiver recordsRetained as needed to prove authorization, resolve disputes, enforce waivers, and satisfy legal obligations

Incident reports7 years or as required by law

Audit logs2 years

Child dataDeleted promptly upon parent request or account closure

MessagesLife of the conversation or until deleted, reported, moderated, or removed under account deletion workflows

ReviewsLife of the reviewed entity; anonymized upon reviewer account closure

Backup copiesPurged per standard rotation schedule (maximum 90 days)

6.Your Rights

Depending on your jurisdiction, you may have the following rights:

Right to Access — Request a copy of the personal data we hold about you.

Right to Correction — Request correction of inaccurate or incomplete personal data.

Right to Deletion — Request deletion of your personal data (subject to legal retention requirements).

Right to Data Portability — Request an export of your data in a machine-readable format (JSON/CSV).

Right to Opt Out — Opt out of certain data processing activities, including targeted advertising.

Right to Withdraw Consent — Withdraw consent for data processing at any time (withdrawal does not affect the lawfulness of processing performed before withdrawal).

Right to Non-Discrimination — We will not discriminate against you for exercising any privacy right.

To exercise these rights, contact us at [email protected]. We will respond to verified requests within the timeframe required by applicable law. We may deny or limit requests where permitted by law, including for identity verification, security, fraud prevention, tax, accounting, dispute, waiver, legal-retention, or platform-integrity reasons.

7.Data Security

We implement industry-standard security measures to protect your information:

Encryption at rest: database, storage, and payment data are protected through managed infrastructure and provider-level encryption controls
Encryption in transit: HTTPS/TLS for production web, API, webhook, and third-party provider traffic
Authentication: passwordless email codes, magic links, OAuth sign-in, and token-based sessions; passwords are not stored by Arena Sports
Session tokens: JWT-based access tokens with short expiry; refresh token rotation with family detection to prevent token theft
Access controls: Role-based access controls limiting data access to authorized personnel
API security: Rate limiting on API endpoints; scope-based API key permissions
Session security: HttpOnly, Secure cookies with SameSite protections, refresh token rotation, and same-origin validation for state-changing tRPC traffic
Monitoring: error and abuse detection via Sentry, audit logging of significant actions, and security incident response procedures
Financial data: Sensitive bank account details and identity documents handled by Stripe (PCI DSS Level 1 compliant); full card numbers never stored by Arena Sports

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8.Cookies and Tracking

We use the following categories of cookies:

Essential Cookies — Required for Platform functionality (authentication session, CSRF tokens, theme preference). Cannot be disabled.

Analytics Cookies — Help us understand usage patterns and improve the Platform (PostHog, Google Analytics). Can be disabled through your browser settings.

Preference Cookies — Remember your settings and preferences (e.g., light/dark theme stored in localStorage). Can be disabled through your browser settings.

Referral Cookie — If you arrive through a referral or share link, we store the referral code in a first-party cookie (first-touch, for up to 60 days) so that, if you create a new account, you can be attributed to the Ambassador who referred you. This is functional, not advertising, and is never shared with advertising or cross-site tracking networks.

We do NOT use advertising or tracking cookies. We do NOT participate in cross-site tracking or retargeting networks.

9.AI and Automation

We may use AI-assisted and automated tools to operate the Platform, including support, administrative workflows, content drafting, moderation assistance, search, recommendations, analytics, summaries, and internal quality review. These tools may process information you provide to the Platform when needed to provide the feature, maintain safety, or support operations.

We do not intentionally use children’s personal information for third-party AI model training
AI outputs may be reviewed by authorized personnel for safety, support, quality, and abuse prevention
Creators and users remain responsible for reviewing AI-generated drafts before sending or publishing them
Automated systems may flag fraud, abuse, security risks, payment risk, policy violations, or moderation reports for human review

10.State Privacy Rights

Depending on where you live, state privacy laws may provide additional rights to access, correct, delete, port, or opt out of certain uses of personal information, and may require additional disclosures or appeal rights. We will honor verified requests where applicable law requires. To submit a request from any state, email [email protected] with “Privacy Request” in the subject line and include enough information for us to verify the request.

11.Utah Residents (Utah Consumer Privacy Act)

Where the Utah Consumer Privacy Act (UCPA) applies, Utah residents have additional rights:

Right to know whether we are processing your personal data
Right to access your personal data
Right to delete your personal data
Right to data portability
Right to opt out of targeted advertising (we do not engage in targeted advertising)
Right to opt out of the sale of personal data (we do not sell personal data)

To exercise UCPA rights, contact us at [email protected] with “Utah Privacy Request” in the subject line. We will respond to verified requests within 45 days. You may appeal any denial by contacting us.

12.California Residents (CCPA/CPRA)

If you are a California resident and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply, you may have additional rights. In the preceding 12 months, we have collected the categories of personal information described in Section 1. We have not sold personal information to third parties. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

To exercise your California privacy rights, contact us at [email protected] with “Privacy Request” in the subject line.

13.International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, you consent to the transfer, storage, and processing of your information in the United States. We do not currently offer services targeted at users in the European Economic Area (EEA). If you are located in the EEA and believe your data has been processed, you may contact your local data protection authority.

14.Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and sending an email notification at least 30 days before changes take effect. Your continued use of the Platform after changes become effective constitutes acceptance.

15.Contact Information

Arena Sports Network — Privacy Team

134 South Main Street, Suite 100

Alpine, Utah 84004

Email: [email protected]

Phone: (801) 836-7465

For CCPA/CPRA requests (California residents), include “Privacy Request” in your email subject line. For UCPA requests (Utah residents), include “Utah Privacy Request” in your email subject line.