Privacy Policy

1. Introduction

Welcome to SpiralXO. We respect your privacy and are committed to protecting the personal information you share with us.

This Privacy Policy explains:

• What information we collect
• How we use that information
• How we protect it
• Your rights and choices

By using SpiralXO, you acknowledge this Privacy Policy. Where we rely on consent for specific processing activities (such as optional cookies where required by law), you may withdraw consent at any time.

SpiralXO is operated by FieldIQ Holdings LLC, a Wyoming limited liability company. If you have questions about this Privacy Policy, contact us at privacy@spiralxo.com.

Definitions

Throughout this document, the following terms have specific meanings:

“Organization” refers to the entity (such as a high school, football program, club, or other sports organization) that purchases and controls access to SpiralXO. Organizations are our customers and are responsible for managing user accounts, setting permissions, and ensuring compliance with applicable laws.

“User” refers to any individual who accesses or uses SpiralXO, including coaches, staff members, players, and administrators. Users access the platform through accounts created or authorized by an Organization.

“Minor” refers to any individual under the age of 18, regardless of location. Additional parental consent requirements may apply in certain jurisdictions for users under the age of 16 or 18, as specified by applicable state or regional laws.

“Parent/Guardian Account” refers to a limited-access account granted exclusively to a parent or legal guardian through an organization-issued invitation, providing read-only access to designated Organization Events, coach-published Announcements, and compiled Resources. Parent/Guardian Accounts do not provide access to any football operations features and are entirely optional at the organization’s discretion.

“Organization Event” refers to a calendar event designated by a coach admin or organization administrator as visible to all organization members including Parent/Guardian Account holders, as distinct from Team-only, Group-only, or Individual-specific events.

“Availability Status” refers to the feature within SpiralXO that allows Organizations to track whether a player is available for practices, games, or other team activities. Availability Status is intended solely for scheduling and planning purposes and must indicate only general availability (such as “Available,” “Unavailable,” or “Limited”). It must not include medical diagnoses, health conditions, treatment details, or other protected health information.

“Recruiting Page” refers to an optional, public-facing web page created and controlled by an Organization (or by a coach admin acting on the Organization’s behalf) to showcase selected players for college recruiting and exposure purposes. A Recruiting Page is publicly accessible and is not subject to the role-based access controls that govern other areas of the platform.

“Recruiting Profile” refers to the individual player profile displayed on a Recruiting Page, containing only the information the Organization elects to publish about that player.

“Recruiting Information” refers to the categories of player information an Organization may choose to publish in a Recruiting Profile, including athletic information (such as height, weight, and performance metrics like bench, squat, and 40-yard time), academic information (such as GPA, standardized test scores, accomplishments, and awards), biographical information, current college offers, a linked social media profile, up to three (3) images, and up to three (3) linked YouTube video URLs.

2. Who We Serve

SpiralXO provides software to football organizations (such as high schools, programs, and clubs) to help them manage teams, planning, and coordination.

Important distinctions:

• Our customers are organizations, not individual users
• Organizations control access and determine who can use the platform
• All users must be 13 years of age or older
• We do not knowingly collect information from children under 13
• Organizations may optionally extend limited platform access to parents and guardians for communication and logistics purposes through Parent/Guardian Accounts; this feature is entirely optional and all parent/guardian access is controlled exclusively by the organization

Organizations are responsible for verifying user eligibility, including age requirements, before granting access to the platform.

3. Information We Collect

A. Organization & Account Information

When an organization creates an account, we collect:

• Organization name
• Organization email address
• Account credentials (encrypted and securely stored)
• Administrative contact information
• Billing information (if applicable)

B. Coach & Staff Information

When coaches or staff members are added to the platform, we collect:

• Name
• Email address
• Login credentials (encrypted and securely stored)
• Team and role assignments
• Platform activity data

C. Player Information (Ages 13+)

When players join the platform, we collect:

• Name
• Email address
• Login credentials (encrypted and securely stored)
• Team affiliation
• Role or position (if applicable)
• Platform usage data (time spent, features accessed, content viewed)

Player Availability Status: Organizations may enter player availability status (such as “Available,” “Unavailable,” or “Limited”) for scheduling and participation purposes only. Availability is intended for scheduling purposes only and should not include medical details. We do not collect diagnoses, treatment details, medical records, or health notes.

• SpiralXO is not a HIPAA-covered entity and does not provide medical services.
• Organizations must not upload Protected Health Information (PHI), clinical medical records, detailed diagnoses, treatment notes, or medical documentation into the platform.
• Availability status should not include specific medical conditions or health details (e.g., diagnoses, protocols, or treatment plans).
• We do not request, require, or process medical records or health data.
• If SpiralXO determines that prohibited health or medical information has been uploaded, we reserve the right to remove such data, restrict features, suspend accounts, or require corrective action.

D. Parent/Guardian Account Information (Optional)

When an organization chooses to enable Parent/Guardian Accounts and invites parents or guardians to the platform, we collect:

• Name
• Email address
• Login credentials (encrypted and securely stored)
• Organization affiliation
• Usage data limited to: login timestamps, Announcements viewed, Resources accessed, Organization Events viewed, and reactions submitted

Important clarifications regarding Parent/Guardian Account data:

• The Parent/Guardian Account feature is entirely optional. Organizations are not required to enable or use it.
• We do not collect health or medical information from Parent/Guardian Account holders.
• We do not collect information about specific players through Parent/Guardian Accounts.
• Parent/Guardian Account holders are not purchasers and no payment information is collected from them directly.
• Parent/Guardian Account data is used solely to provide access to the designated parent-facing features: Organization Events (Calendar), coach-published Announcements, and compiled Resources.
• We do not use Parent/Guardian Account data for marketing or advertising.

E. Football Program Data

Organizations upload and manage their own content, including:

• Playbooks and practice plans
• Strategy materials
• Depth charts and personnel groupings
• Team schedules
• Internal communications

Your organization retains full ownership of this content.

F. Usage & Technical Data

We automatically collect certain information when you use SpiralXO:

• Login timestamps and session duration
• Features accessed and interaction patterns
• Time spent on different areas of the platform
• Device information (type, operating system, browser)
• IP address and general location data
• Error logs and diagnostic information

This data helps us:

• Operate and maintain the platform
• Monitor performance and security
• Improve functionality
• Troubleshoot technical issues

G. Recruiting Profile Information (Optional)

If an Organization enables the optional Recruiting Page feature and elects to publish a player, we process the Recruiting Information the Organization chooses to publish for that player. This may include:

• Athletic information (height, weight, and performance metrics such as bench, squat, and 40-yard time)
• Academic information (GPA, standardized test scores, accomplishments, and awards)
• Biographical information and current college offers
• A linked social media profile, up to three (3) images, and up to three (3) linked YouTube video URLs

Important clarifications regarding Recruiting Information:

• The Recruiting Page feature is entirely optional and is controlled exclusively by the Organization. The Organization decides whether to enable it, which players appear, and what information is entered; any field left blank is not displayed.
• Athletic performance metrics are not medical information. We do not collect, and you must not enter, diagnoses, injuries, treatment details, or other protected health information.
• Information published to a Recruiting Page is public. See “Public Recruiting Pages” in Section 5 and the dedicated “Recruiting Page Privacy” section below.

4. How We Use Your Information

We use the information we collect to:

Provide and Operate the Service

• Create and manage organization and user accounts
• Enable team coordination and planning features
• Facilitate communication within organizations
• Process and display football program content
• Provide customer support
• Provide Parent/Guardian Account holders with access to Organization Events, coach-published Announcements, and compiled Resources designated by the organization

Security and Platform Integrity

• Verify user identity and prevent unauthorized access
• Detect and prevent fraud or misuse
• Monitor for security threats
• Enforce our Terms of Service

Improve SpiralXO

• Analyze usage patterns and trends
• Develop new features and functionality
• Fix bugs and optimize performance
• Conduct research using aggregated, anonymized data

Legal and Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and prevent harm
• Protect our rights and property
• Enforce our agreements

Communications

• Send account-related notifications
• Provide customer support responses
• Send important updates about the platform or our Terms

We do not use your information for:

• Marketing or advertising to players
• Selling personal data to third parties
• Purposes unrelated to operating the platform
• Marketing or advertising to Parent/Guardian Account holders

5. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

Within Your Organization

Information is shared with other authorized users in your organization according to the access controls and permissions your organization sets.

Parent/Guardian Account holders can only see content the organization has explicitly designated for parent visibility. Specifically: only Organization Events are visible (not Team-only, Group-only, or Individual-specific events); only coach admin-published Announcements are visible; and only Resources compiled from those Announcements are visible. No football operations data is accessible to or shared with Parent/Guardian Account holders under any circumstances.

Public Recruiting Pages

If your Organization enables the optional Recruiting Page feature, the Recruiting Information it elects to publish about a player is displayed on a public-facing web page. This is the one category of platform data that is intentionally made public. Unlike all other information on SpiralXO—which is restricted by role-based access controls and is not shared across organizations—information published to a Recruiting Page is accessible to anyone on the internet and may be viewed, copied, downloaded, cached, indexed by search engines, or shared by third parties, including college recruiters, media, and the general public.

Once information has been made public, we cannot control how third parties use it and cannot guarantee its removal from third-party systems, search engine caches, or archives, even after it is unpublished or deleted from the platform. The Organization controls what is published and is solely responsible for obtaining all consents required to publish a player’s information, including verifiable parental or guardian consent for any player who is a Minor.

Service Providers

We work with trusted third-party service providers who help us operate SpiralXO, such as:

• Cloud hosting and data storage providers
• Payment processors (if applicable)
• Analytics and monitoring services
• Customer support tools

These providers:

• Access information only as needed to perform their functions
• Are contractually obligated to protect your data
• Cannot use your information for their own purposes

Legal Obligations

We may disclose information when required by law or in response to:

• Valid legal process (subpoenas, court orders, warrants)
• Governmental or regulatory requests
• Emergency situations involving safety or security
• Protection of our rights, property, or users

Business Transfers

If SpiralXO is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and provide choices before your information is transferred or becomes subject to a different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

6. Support Access and Account Impersonation

To provide effective customer support, troubleshoot technical issues, and resolve platform problems, our support team may need to access user accounts using administrative privileges. This practice is commonly known as “support impersonation” or “login-as-user.”

When Support Impersonation Occurs

We may use support impersonation to:

• Diagnose and resolve technical issues that cannot be addressed remotely
• Investigate reported bugs or platform errors
• Verify reported problems in real-time
• Assist with account recovery or configuration issues
• Provide hands-on customer support when necessary

Support impersonation is used only:

• When necessary to resolve a support request or technical issue
• With appropriate authorization from organization administrators (when feasible)
• By authorized support staff who have undergone security and privacy training in accordance with our internal security policies and access controls

Support impersonation applies to all account types on the platform, including Parent/Guardian Accounts, on the same terms described in this section.

Logging and Accountability

We maintain detailed logs of all support impersonation activities, including:

• The support staff member who accessed the account
• The date and time of access
• The duration of the session
• The reason for access

These logs are:

• Retained for security, compliance, and audit purposes
• Reviewed regularly to ensure proper use
• Protected with the same security measures as other sensitive data

Your Rights

You may request a record of support impersonation events related to your account by contacting us at privacy@spiralxo.com. Organization administrators can also review access logs through their administrative dashboard (where available).

By using SpiralXO, organizations authorize support impersonation as described in this section for legitimate support and security purposes.

We are committed to using support impersonation responsibly and only when necessary to serve you better.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the service to your organization
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When your organization terminates its account:

• Active user access is immediately disabled
• We retain data for up to 90 days to allow for account recovery, renewal, or data export. (‘Grace Period’)
• After this period, we delete or anonymize personal information
• Some information may be retained longer for legal, security, or legitimate business purposes
• Certain sensitive data related to minors (such as player availability logs) may be deleted earlier, typically within thirty (30) days, to reduce privacy risk.
• Aggregated, anonymized data may be retained indefinitely

After the Grace Period:

• Personal information is deleted or anonymized
• Aggregated, anonymized data may be retained indefinitely
• Security, audit, and access logs may be retained beyond the Grace Period as required for compliance, security, or legal purposes.

Parent/Guardian Account access is automatically disabled upon lapse or termination of the organization’s subscription. When an individual Parent/Guardian Account is removed by the organization, that account’s personal data is flagged for deletion on the same 90-day Grace Period timeline. Organizations may also request earlier deletion of specific Parent/Guardian Account data by contacting us at privacy@spiralxo.com.

Recruiting Page content: When an Organization unpublishes a Recruiting Page, removes a player, or deletes a field, that content is removed from the SpiralXO-hosted page. However, because Recruiting Pages are public, copies that third parties have already viewed, downloaded, cached, or indexed (including by search engines or web archives) are outside our control, and we cannot guarantee their removal.

You can request deletion of specific data at any time by contacting us at privacy@spiralxo.com.

8. Data Security

We implement reasonable technical and organizational security measures to protect your information, including:

• Industry-standard encryption for data in transit and at rest
• Secure password hashing (we never store plain-text passwords)
• Access controls and authentication mechanisms
• Regular security monitoring and audits
• Employee training on data protection
• Detailed logging of administrative access and support impersonation activities

However, no system is completely secure. While we work hard to protect your information, we cannot guarantee absolute security against all threats. You also play a role by:

• Using strong, unique passwords
• Keeping login credentials confidential
• Reporting suspicious activity immediately

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You can request a copy of the personal information we hold about you.

Correction

You can update or correct inaccurate information through your account settings or by contacting us.

Deletion

You can request deletion of your personal information, subject to legal and operational requirements.

Restriction

You can request that we limit how we use your information in certain circumstances.

Objection

You can object to certain processing of your information.

Withdrawal of Consent

Where we rely on consent, you can withdraw it at any time.

To exercise these rights, contact us at privacy@spiralxo.com.

Organization Controls

Remember that your organization controls access to SpiralXO. Organization administrators can:

• Manage user accounts and permissions
• Update organization information
• Export or delete data
• Terminate the organizational account
• Add or remove Parent/Guardian Account holders at any time

10. Children’s Privacy

SpiralXO is designed for users 13 years of age and older. We do not knowingly collect personal information from children under 13.

Age Verification Responsibility

Organizations are responsible for verifying that all users meet minimum age requirements before adding them to the platform. SpiralXO relies on organizations to confirm eligibility during user onboarding.

We may require organizations to confirm age compliance as part of account setup or renewal.

If we discover that we have collected information from a child under 13:

• We will delete that information as quickly as possible
• We will notify the relevant organization
• We may suspend or terminate the account

If you believe a child under 13 has created an account, please contact us immediately at privacy@spiralxo.com.

Organizations are responsible for:

• Verifying that all users meet age requirements
• Obtaining required parental or guardian consents
• Ensuring compliance with applicable child protection laws
• Supervising and safeguarding minor users (ages 13-17)

The Parent/Guardian Account feature does not alter or reduce the organization’s responsibility for COPPA compliance, parental consent obligations, or any applicable state law requirements. SpiralXO does not verify the relationship between a Parent/Guardian Account holder and any player in the organization. Organizations are solely responsible for ensuring that individuals invited as Parent/Guardian Account holders have a legitimate relationship to the program, and for managing that access in compliance with any applicable custody arrangements, court orders, or legal restrictions on communication. SpiralXO takes no position on and has no liability for disputes arising from parental rights, custody arrangements, or disagreements over who is entitled to receive organizational communications.

Recruiting Pages and Minors. The optional Recruiting Page feature can make a Minor’s information publicly available on the internet. Publishing any Minor’s information on a Recruiting Page requires verifiable consent from the player’s parent or legal guardian, which the Organization is solely responsible for obtaining and retaining. SpiralXO does not verify consent, age, or parental or guardian relationships, and does not independently publish or restore any Recruiting Profile. The Recruiting Page feature does not shift any COPPA, FERPA, or child-protection compliance responsibility to SpiralXO, and Organizations remain solely responsible for compliance with all applicable laws governing the public display of minors’ information and student-athlete name, image, and likeness (NIL), which vary by state.

11. Your Responsibilities

If You’re an Organization

You are responsible for:

• Ensuring you have lawful authority to collect and share user data with us
• Complying with applicable privacy and data protection laws (including FERPA, COPPA, GDPR, etc.)
• Informing your users about how their data will be used
• Obtaining necessary consents from users or their guardians
• Managing user access and permissions appropriately
• Ensuring that all Parent/Guardian Account invitations are issued to individuals with a legitimate relationship to the program
• Promptly removing Parent/Guardian Account access when that relationship ends
• Determining which events are designated as Organization Events and taking responsibility for the appropriateness of that designation for external parent/guardian visibility
• Managing Parent/Guardian Account access in compliance with any applicable custody arrangements or legal restrictions on communication

If You’re a User

You are responsible for:

• Providing accurate information
• Keeping your login credentials secure
• Using the platform in accordance with our Terms of Service
• Respecting other users’ privacy

12. State and Regional Privacy Rights

California Residents (CCPA/CPRA)

SpiralXO acts as a Service Provider and does not sell or share personal information for cross-context behavioral advertising.

If you’re a California resident, you have specific rights under the California Consumer Privacy Act:

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@spiralxo.com.

European Economic Area, UK, and Switzerland (GDPR)

Data Processing Role

Where applicable, SpiralXO acts as a Data Processor on behalf of organizations, which act as Data Controllers.

If you’re in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation, including:

• Access, correction, and deletion rights
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with your local supervisory authority

Legal Basis for Processing: We process your information based on:

• Contract performance: To provide the service you’ve requested
• Legitimate interests: To improve and secure our platform
• Legal obligations: To comply with applicable laws
• Consent: Where we’ve obtained your explicit consent

Other Regions

We comply with applicable privacy laws wherever we operate. If you have questions about your rights, contact us at privacy@spiralxo.com.

13. International Data Transfers

SpiralXO is based in the United States. If you access our platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have different data protection laws than your country. When we transfer data internationally, we implement appropriate safeguards, such as:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Other legally recognized transfer mechanisms

14. Cookies and Tracking Technologies

SpiralXO uses cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze platform usage
• Improve performance and security

Types of Technologies We Use

Essential Cookies: Required for the platform to function (authentication, security)

Analytics Cookies: Help us understand how users interact with SpiralXO

Functional Cookies: Remember your settings and preferences

Your Choices

Most browsers allow you to control cookies through settings. However, disabling essential cookies may affect your ability to use SpiralXO.

15. Third-Party Links

SpiralXO may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before sharing information with them.

We are not responsible for the privacy practices or content of third-party sites.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or functionality

When we make changes:

• We’ll post the updated Privacy Policy with a new “Last Updated” date
• For material changes, we’ll notify you via email or platform notice
• Your continued use of SpiralXO after changes take effect means you accept the updated Privacy Policy

We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

FieldIQ Holdings LLC
30 N. Gould St.
Sheridan, WY 82801

Email: privacy@spiralxo.com

18. Additional Information for Specific Contexts

FERPA Compliance (Educational Records)

For purposes of the Family Educational Rights and Privacy Act (FERPA), SpiralXO acts as a ‘school official’ with legitimate educational interests when designated as such by an organization through a written agreement or Data Processing Addendum.

If your organization is subject to the Family Educational Rights and Privacy Act (FERPA), you are responsible for ensuring compliance. SpiralXO can function as a “school official” with legitimate educational interests when properly designated, but you remain responsible for:

• Maintaining appropriate agreements
• Ensuring proper use of educational records
• Protecting student privacy rights
• We do not sell, rent, or use student data for marketing or advertising
• Upon contract termination, we will return or delete student data in accordance with our retention policy and any applicable Data Processing Addendum (DPA)

Recruiting Pages and education records: Academic information that an Organization elects to publish on a Recruiting Page (such as GPA and standardized test scores) may constitute an education record under FERPA. Public display of such information may require parental or eligible-student consent or appropriate directory-information handling. Organizations are solely responsible for ensuring that any public display of academic information complies with FERPA and applicable law.

Data Processing Addendum (DPA)

School districts may request a DPA outlining data use limitations, security measures, and data return or deletion obligations.

Youth Sports Organizations

Organizations working with minors (ages 13–17) should:

• Have appropriate child safeguarding policies
• Obtain necessary parental consents
• Ensure proper supervision
• Comply with applicable youth protection laws

19. Data Flow Transparency

Data Segmentation & Access Controls

SpiralXO uses role-based access controls to ensure that:

• Organization data is logically separated from other organizations
• Users can access only the data permitted by their role
• Coaches, staff, and players see only team-relevant information
• Parent/Guardian Account holders can access only Organization Events, coach-published Announcements, and compiled Resources explicitly designated for parent visibility by the organization; no football operations data is accessible to Parent/Guardian Account holders
• Recruiting Information that an Organization elects to publish on a Recruiting Page is, by design, made publicly available and is the sole exception to the access controls described above; no other organizational data is exposed through this feature

Except for Recruiting Information that an Organization chooses to publish on a public Recruiting Page, data is processed solely to provide platform functionality and is not shared across organizations or made public.

20. Parent/Guardian Account Privacy

This section summarizes the key privacy information specific to Parent/Guardian Accounts in plain language.

What we collect: If your organization invites you as a Parent/Guardian Account holder, we collect your name, email address, login credentials, and limited usage data reflecting your interactions with Organization Events, Announcements, and Resources.

What we do not collect: We do not collect health or medical information, information about specific players, or payment information from Parent/Guardian Account holders.

How your data is used: Your data is used solely to provide you with access to the parent-facing features your organization has enabled: the Organization Events calendar, coach-published Announcements, and compiled Resources.

Who controls your access: Your access to SpiralXO is controlled entirely by the organization that invited you. The organization may revoke your access at any time, for any reason, without notice. SpiralXO does not independently grant, modify, or restore Parent/Guardian Account access.

What you can see: You can only see content the organization has explicitly designated for parent visibility. You cannot access playbooks, depth charts, practice plans, player data, scouting information, or any other football operations content.

COPPA and child protection compliance: The Parent/Guardian Account feature does not shift any COPPA, FERPA, or child protection compliance responsibility to SpiralXO. Organizations remain solely responsible for these obligations.

Custody and parental rights: SpiralXO does not verify the relationship between a Parent/Guardian Account holder and any player in the organization, and takes no position on custody arrangements or parental rights disputes. Organizations are solely responsible for determining who is entitled to receive organizational communications.

Support access: Our support team may access Parent/Guardian Accounts using the same support impersonation process described in Section 6 of this Privacy Policy.

Data deletion: You may request deletion of your personal data at any time by contacting privacy@spiralxo.com. Your data will also be deleted or anonymized within 90 days of your account being removed or the organization’s subscription lapsing.

21. Recruiting Page Privacy

This section summarizes the key privacy information specific to the optional Recruiting Page feature in plain language.

What it is: A Recruiting Page is an optional, public-facing web page that an Organization can create to showcase selected players for college recruiting. It is controlled entirely by the Organization.

What we publish: Only the Recruiting Information the Organization elects to publish for a selected player. This may include athletic information (height, weight, and metrics such as bench, squat, and 40-yard time), academic information (GPA, standardized test scores, accomplishments, and awards), a bio, current offers, a linked social media profile, up to three images, and up to three linked YouTube videos.

It is public: Information on a Recruiting Page is accessible to anyone on the internet and may be viewed, copied, cached, indexed by search engines, or shared by third parties. This is the only part of SpiralXO that is intentionally public. Once information is public, we cannot guarantee its removal from third-party systems even after it is unpublished or deleted.

What we do not collect or publish: We do not collect or publish health or medical information. Athletic performance metrics are not medical information, and diagnoses, injuries, and treatment details must never be entered anywhere on the platform.

Who controls it: The Organization decides whether to enable the feature, which players appear, and what information is entered (any field left blank is not displayed). The Organization (or a coach admin acting on its behalf) may also choose to let players edit their own profiles—this is off by default—but the Organization remains responsible for all published content. SpiralXO does not independently publish, modify, or restore any Recruiting Profile.

Consent and minors: Publishing a Minor’s information requires verifiable parental or guardian consent, which the Organization is solely responsible for obtaining. SpiralXO does not verify consent, age, or parental or guardian relationships. The feature does not shift COPPA, FERPA, or child-protection responsibilities to SpiralXO.

Third-party links: Linked YouTube videos and social media profiles are hosted by third parties and governed by their own terms and privacy policies, which are outside our control.

Data deletion: An Organization can unpublish a Recruiting Page or remove a player or field at any time. You may also request deletion of your personal data by contacting privacy@spiralxo.com. Removal from the platform does not guarantee removal of copies already cached or saved by third parties.