Privacy Policy

Effective June 13, 2026. Version 1.0.

This Privacy Policy explains how PracticeIQ (“PracticeIQ,” “we,” “us”) collects, uses, shares, and protects information when you use our website and web application (the “Service”). It applies alongside our Terms of Service. By using the Service, you agree to this Policy.

1. Who we are and how to contact us

For privacy questions, deletion requests, or any other inquiries, email team@practiceiq.app.

2. What we collect

  • Account information: name, email, password (hashed), coaching level, and other profile details you enter during signup or in account settings.
  • Billing metadata: plan, subscription status, billing period, and a Stripe customer identifier. We do not see or store your full card number or CVC; Stripe handles those directly.
  • Customer Content: practice plans, drill notes and diagrams, attachments, rosters, attendance, performance notes, and schedules that you upload or create.
  • Usage and device data: pages viewed, actions taken in-app, IP address, browser, operating system, approximate location derived from IP, referring URL, and timestamps. Used for security, debugging, and product improvement.
  • Cookies and similar technologies: a session cookie required to keep you logged in, and a small number of first-party analytics cookies.
  • Communications: messages you send us through the Service or by email.

3. Why we use it

  • To operate, maintain, and secure the Service and your account (contractual necessity).
  • To process payments through Stripe (contractual necessity).
  • To provide customer support (contractual necessity / legitimate interest).
  • To improve the product, including generating de-identified, aggregated analytics (legitimate interest).
  • To send transactional emails (account, billing, security). You cannot opt out of these.
  • To send marketing emails about PracticeIQ, only if you opted in. You can unsubscribe at any time.
  • To comply with legal obligations and enforce our Terms.

4. Who we share it with

We use a small number of subprocessors to run the Service:

  • Stripe— payment processing.
  • Supabase— database, authentication, and file storage.
  • Vercel— web hosting and analytics.
  • Email provider— transactional and (if opted in) marketing email delivery.
  • Error and product analytics providers— for debugging and usage metrics.

Each subprocessor is bound by a data-processing agreement. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We may disclose information when required by law, to protect the Service or users, or in connection with a merger, acquisition, or sale of assets, in which case we will provide notice.

5. Cookies and analytics

We use a session cookie required for authentication. We use first-party analytics to understand how the Service is used. We do not use cross-site advertising trackers. You can clear cookies through your browser at any time; doing so will log you out.

6. How long we keep data

We keep your account and Customer Content for as long as your account is active. When your subscription ends, Customer Content is marked for deletion, kept in a recoverable state for ninety (90) days, and then permanently deleted. Backups age out on their normal schedule, no more than thirty (30) additional days. You can request earlier deletion at any time, and we will honor verified deletion requests required by law (for example, GDPR Article 17, CCPA / CPRA) within the timeframes required.

7. Security

We use encryption in transit (TLS) and at rest, role-based access controls, row-level security at the database layer, and least-privilege access for our team. No system is perfectly secure; you are responsible for keeping your password confidential and notifying us of any compromise at team@practiceiq.app.

8. Children and student data

PracticeIQ accounts are for coaches who are at least 18 years old. The Service is not directed to children, and we do not knowingly collect personal information from children for our own purposes.

Rosters uploaded by a coach or program may include information about minors. In that case, the coach or the Institution on the Program plan is the controller of that information; PracticeIQ acts only as a processor. Parents, guardians, or students with questions about their information should contact the coach or program directly. If you operate as a “school official” under FERPA and need a data-handling addendum, contact team@practiceiq.app.

9. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete your personal information, to opt out of marketing email, and to lodge a complaint with a supervisory authority.

  • California (CCPA / CPRA): You have the right to know, the right to delete, the right to correct, and the right to opt out of sale or sharing for cross-context behavioral advertising. We do not sell or share your personal information.
  • EU / UK (GDPR / UK GDPR): You have the right of access, rectification, erasure, restriction, objection, and portability. Our legal bases are contractual necessity, legitimate interest, consent (for marketing), and legal obligation.

To exercise any right, email team@practiceiq.app from the address on your account. We will respond within the timeframes required by applicable law.

10. International transfers

Personal information is processed in the United States and other countries where our subprocessors operate. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms for cross-border transfers.

11. Changes to this Policy

We may update this Policy from time to time. For material changes we will give at least thirty (30) days’ notice by email and by updating the effective date and version above. Continued use of the Service after the effective date constitutes acceptance.

Questions: team@practiceiq.app