Legal

Privacy Policy

Arena Sports Network — Last updated April 5, 2026

Arena Sports Network (“we,” “us,” or “our”), located at 134 South Main Street, Suite 100, Alpine, Utah 84004, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform — including our website (arenasports.space), progressive web application, mobile applications (iOS and Android), APIs, service workers, and related services.

By using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Platform.

1.Information We Collect

1.1 Information You Provide Directly

Account Registration:

Full name (first and last)
Email address
Phone number
Date of birth
ZIP code
Unique handle/username
Profile photo (optional)
Password (hashed using bcrypt; never stored in plaintext)

Creator-Specific Information:

Professional bio and qualifications
Years of experience and sport specializations
Certifications and credentials
Background check information (provider, status, dates)
Professional insurance details (provider, policy number, coverage amount, expiration, certificate uploads)
Social media links (website, LinkedIn, Facebook, Instagram, TikTok, X/Twitter, YouTube)
Stripe Connect financial information (bank account details, SSN, date of birth, EIN, government-issued identification for identity verification)

Dependent/Athlete Profiles (provided by parents):

First and last name
Date of birth and gender
Sports interests, current team, positions, dominant hand/foot, and athletic goals
Height, weight, and shirt size
School, grade, GPA, and graduation year
Medical conditions (from predefined categories: asthma, ADHD, diabetes type 1/2, epilepsy, heart condition, anxiety, depression, and others)
Allergies, current medications, and special medical notes
Doctor name and phone number
Health insurance information (provider, policy number, group number, policyholder details, insurance card photos)
Emergency contacts (name, phone, relationship)
Concussion history and return-to-play clearance status
Photo/video consent preference (allowed or not allowed)
Digital consent signatures (Base64 signature data for medical consent, liability waiver)

Registration and Transaction Data:

Event, camp, and training session selections
Course enrollments and lesson progress
Payment information (processed by Stripe; we store payment method metadata — card brand and last 4 digits — but not full card numbers)
Waitlist positions and offer history
Review and rating submissions (text, photos, ratings)

Communications:

Messages sent through the Platform (direct and group)
Message attachments (images, videos, files, voice notes)
Support requests and incident reports
Review responses

1.2 Information Collected Automatically

Device information: IP address, browser type and version, operating system, device identifiers, screen resolution
Usage data: pages visited, features used, search queries, click patterns, time spent on pages, referral sources
Session data: login timestamps, session duration, actions performed
Location data: approximate location based on IP address (we do NOT track precise GPS location)
Cookies and similar technologies: session cookies (for authentication), analytics cookies, and preference cookies
Service worker data: cached content and offline usage patterns for the progressive web application

1.3 Information from Third Parties

Google OAuth: name, email address, and profile photo (when you sign up or log in with Google)
Stripe: payment confirmation, transaction status, and identity verification results

2.How We Use Your Information

Service Delivery — Process registrations, payments, and refunds; manage event enrollments; deliver digital courses; facilitate messaging between users; manage waitlists and spot offers; track attendance.

Participant Safety — Share relevant medical information (allergies, conditions, medications, emergency contacts) with creators and staff supervising participants; comply with Utah mandatory reporting requirements for suspected abuse or neglect (Utah Code §62A-4a-403); process incident reports.

Communication — Send transactional emails (registration confirmations, payment receipts, status updates, waitlist notifications) via Resend; deliver in-app and push notifications; send creator email broadcasts.

Platform Improvement — Analyze usage patterns to improve features, fix bugs, and optimize performance; conduct A/B testing; generate anonymized and aggregated analytics via PostHog.

Error Monitoring — Track and resolve application errors, performance issues, and crashes via Sentry to ensure Platform reliability.

Security — Detect and prevent fraud, unauthorized access, and abuse; enforce rate limiting; monitor for data breaches; manage token-based authentication with refresh token rotation.

Legal Compliance — Comply with laws and regulations, respond to legal process, enforce our Terms of Service, and protect the rights and safety of our users.

3.Children’s Privacy (COPPA Compliance)

We are committed to protecting the privacy of children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA):

We require verifiable parental consent before collecting any personal information about children under 13. Parental consent is obtained through our account registration process, where the parent or legal guardian creates the account and adds Dependent Profiles.

We collect only the minimum information necessary for children to participate in athletic programs: name, date of birth, gender, sports interests, medical information (for safety), emergency contacts, and shirt size.

Parents may review, update, or delete their child’s personal information at any time through their account settings.

We do NOT:

Allow children under 13 to create their own accounts
Collect social media accounts, precise geolocation, or financial information from children
Use children’s personal information for behavioral advertising or targeted marketing
Sell or rent children’s personal information to any third party
Make children’s personal information publicly available
Use children’s data for AI model training or analytics beyond direct service delivery

Children’s medical information is shared only with creators and staff who need it for participant safety during registered programs.

COPPA parental consent verification status is tracked on each Dependent Profile and may be reverified periodically.

To request deletion of a minor’s data, remove their profile from your account or contact hello@arenasports.space. Deletion requests are processed within 30 days.

4.1 Service Providers and Partners

We share information with the following categories of third parties, solely to provide Platform services:

Stripe, Inc. — Payment processing, tax calculation, and creator/organization payouts via Stripe Connect
Cloudinary — Image and media storage, transformation, and delivery
Resend — Transactional and broadcast email delivery
Google — OAuth authentication, Google Maps for location services, Google Analytics for aggregate usage metrics
PostHog — Product analytics and session recording
Sentry — Error monitoring, performance tracking, and session replay
Vercel — Hosting, edge functions, and content delivery

4.2 Creators and Organizations

When you register for an event, training, or course, the following information is shared with the responsible creator or organization:

Member name, email, and phone number
Participant name, date of birth, and medical information relevant to safe participation
Emergency contact information
Registration details and payment confirmation (creators do not see your full payment details)

4.3 Legal and Safety Disclosures

We may disclose information:

When required by law, subpoena, court order, or legal process
To protect the safety of any person, including mandatory reporting of suspected child abuse or neglect to Utah DCFS (1-855-323-3237) as required by Utah Code §62A-4a-403
To enforce our Terms of Service or protect our legal rights
In connection with an investigation of fraud, intellectual property infringement, or other illegal activity

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

4.5 What We Do NOT Do

We do NOT sell your personal information to third parties
We do NOT share your information for third-party marketing or advertising purposes
We do NOT transfer your personal data outside the United States without adequate legal protections
We do NOT use your data for automated decision-making that produces legal effects without human oversight
We do NOT participate in cross-site tracking or retargeting networks

5.Data Retention

We retain your personal data according to the following schedule:

Active accountsDuration of account active status

Closed accountsPersonal data deleted within 30 days, except as required by law

Financial records7 years (IRS regulations)

Consent recordsDuration of consent validity + 3 years for audit

Incident reports7 years or as required by law

Audit logs2 years

Child dataDeleted promptly upon parent request or account closure

MessagesLife of the conversation; deleted when both parties close accounts

ReviewsLife of the reviewed entity; anonymized upon reviewer account closure

Backup copiesPurged per standard rotation schedule (maximum 90 days)

6.Your Rights

Depending on your jurisdiction, you may have the following rights:

Right to Access — Request a copy of the personal data we hold about you.

Right to Correction — Request correction of inaccurate or incomplete personal data.

Right to Deletion — Request deletion of your personal data (subject to legal retention requirements).

Right to Data Portability — Request an export of your data in a machine-readable format (JSON/CSV).

Right to Opt Out — Opt out of certain data processing activities, including targeted advertising.

Right to Withdraw Consent — Withdraw consent for data processing at any time (withdrawal does not affect the lawfulness of processing performed before withdrawal).

Right to Non-Discrimination — We will not discriminate against you for exercising any privacy right.

To exercise these rights, contact us at hello@arenasports.space. We will respond to verified requests within 30 days (45 days for Utah Consumer Privacy Act requests).

7.Data Security

We implement industry-standard security measures to protect your information:

Encryption at rest: AES-256 encryption for stored data
Encryption in transit: TLS 1.3 for all data transmission
Password security: bcrypt hashing with salt (passwords never stored in plaintext)
Authentication: JWT-based access tokens with short expiry; refresh token rotation with family detection to prevent token theft
Access controls: Role-based access controls limiting data access to authorized personnel
API security: Rate limiting on API endpoints; scope-based API key permissions
Session security: HttpOnly, Secure cookies with SameSite=Lax; CSRF token protection
Monitoring: Automated breach detection via Sentry, audit logging of all significant actions, and security incident response procedures
Financial data: Sensitive bank account details and identity documents handled by Stripe (PCI DSS Level 1 compliant); full card numbers never stored by Arena Sports

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8.Cookies and Tracking

We use the following categories of cookies:

Essential Cookies — Required for Platform functionality (authentication session, CSRF tokens, theme preference). Cannot be disabled.

Analytics Cookies — Help us understand usage patterns and improve the Platform (PostHog, Google Analytics). Can be disabled through your browser settings.

Preference Cookies — Remember your settings and preferences (e.g., light/dark theme stored in localStorage). Can be disabled through your browser settings.

We do NOT use advertising or tracking cookies. We do NOT participate in cross-site tracking or retargeting networks.

9.Utah-Specific Provisions (Utah Consumer Privacy Act)

Under the Utah Consumer Privacy Act (UCPA), effective December 31, 2023, Utah residents have additional rights:

Right to know whether we are processing your personal data
Right to access your personal data
Right to delete your personal data
Right to data portability
Right to opt out of targeted advertising (we do not engage in targeted advertising)
Right to opt out of the sale of personal data (we do not sell personal data)

To exercise UCPA rights, contact us at hello@arenasports.space with “Utah Privacy Request” in the subject line. We will respond to verified requests within 45 days. You may appeal any denial by contacting us.

10.California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide additional rights. In the preceding 12 months, we have collected the categories of personal information described in Section 1. We have not sold personal information to third parties. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

To exercise your California privacy rights, contact us at hello@arenasports.space with “Privacy Request” in the subject line.

11.International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, you consent to the transfer, storage, and processing of your information in the United States. We do not currently offer services targeted at users in the European Economic Area (EEA). If you are located in the EEA and believe your data has been processed, you may contact your local data protection authority.

12.Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and sending an email notification at least 30 days before changes take effect. Your continued use of the Platform after changes become effective constitutes acceptance.

13.Contact Information

Arena Sports Network — Privacy Team

134 South Main Street, Suite 100

Alpine, Utah 84004

Email: hello@arenasports.space

Phone: (801) 836-7465

For CCPA/CPRA requests (California residents), include “Privacy Request” in your email subject line. For UCPA requests (Utah residents), include “Utah Privacy Request” in your email subject line.