Sportal Logo

Privacy Policy

Effective Date: August 6, 2025
Last Updated: May 24, 2026

Sportal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services (collectively, the "Services"). This policy complies with applicable privacy laws including GDPR, CCPA, and follows Apple App Store guidelines.

Information We Collect

Account Information

  • • Full name and email address
  • • Profile photo (optional)
  • • Phone number (for notifications)

Location Data

  • • Event locations you create or attend
  • • Location searches via Google Places
  • • No background location tracking
  • • Location only used for event purposes

Event & Team Data

  • • Events you create or attend
  • • Team roster memberships
  • • RSVP responses and attendance
  • • Messages and communications

Usage Information

  • • App usage patterns and features used
  • • Device information and app version
  • • Crash reports and performance data
  • • Time spent in app (for improvements)

Data Sharing and Disclosure

🛡️ We DO NOT sell your personal information

Your data is never sold to third parties for marketing or advertising purposes.

Visibility Within Sportal

Name Visibility

If you join a roster, members of that roster can see your name. If you accept an event invitation, the event organizer and other attendees can see your name.

Contact Info is Private by Default

Your email and phone number are always hidden from everyone, including managers, unless you explicitly opt-in to share.

Opt-In Only Contact Sharing

Contact information can only be shared through explicit opt-in. You must actively choose to share your email and phone with roster members through your roster settings.

Control Your Sharing

Toggle contact sharing on or off anytime in your roster settings. Leave any roster at any time to remove your information from that roster.

Third-Party Sharing

We may share information in these specific circumstances:

  • Service Providers: Firebase/Google Cloud for hosting, Apple/Google for push notifications, and subcontractors providing customer service support
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In case of merger, acquisition, or sale of business assets
  • With Consent: Any other sharing will require your explicit permission

📱 Mobile Information & SMS Protection

  • No Marketing Sharing: We will never share your mobile information (phone number, SMS opt-in data, or consent) with third parties or affiliates for marketing or promotional purposes.
  • SMS Data Protection: Text messaging originator opt-in data and consent information will not be shared with any third parties under any circumstances.
  • Support Services Only: Mobile information may only be accessed by authorized service providers (subcontractors) for the sole purpose of providing customer service and technical support.

Data Security & Protection

Encryption

  • • Data encrypted in transit (TLS 1.3)
  • • Data encrypted at rest (AES-256)
  • • Secure Firebase authentication
  • • Regular security audits

Data Access

  • • Role-based access controls
  • • Multi-factor authentication
  • • Regular access reviews
  • • Minimal data access principle

Breach Notification. If we determine that a security incident has resulted in the unauthorized acquisition of, or access to, your personal information, we will notify you and applicable regulators without unreasonable delay and in accordance with applicable law.

AI and Machine Learning

We do not use your personal information to train third-party generative AI or large language models. To the extent we use AI-assisted features within the Services, we use providers under contractual restrictions that prohibit them from using your data to train their models, and we apply data-minimization practices to limit what is processed.

Third-Party Services

Services We Use:

  • Google Firebase: Database, authentication, and hosting
  • Google Places API: Location search and autocomplete
  • Twilio: SMS text message delivery
  • RevenueCat: Subscription and in-app purchase management
  • Apple Push Notifications: iOS event notifications
  • Google Cloud Messaging: Android event notifications

These services have their own privacy policies. We recommend reviewing them:Google Privacy Policy,Apple Privacy Policy,Twilio Privacy Policy,RevenueCat Privacy Policy

Your Privacy Rights

Access & Portability

Request a copy of your personal data in a portable format

Correction & Updates

Update or correct your profile information anytime in the app

Deletion

Delete your account and associated data (some data may be retained for legal compliance)

Opt-Out

Control notification preferences and marketing communications

Data Retention

  • Account Data: Retained while your account is active
  • Event Data: Kept for 90 days for historical purposes, can be deleted by an event manager at any time
  • Messages: Stored for team coordination, can be deleted individually
  • Deleted Accounts: Personal data removed within 30 days (except legal requirements)

Children's Privacy (COPPA Compliance)

Age Requirement: Sportal is intended for users 13 years and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately. Parents who believe their child under 13 has provided information should contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers are located. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards, including the EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. DPF) where the recipient is certified, and otherwise the European Commission's Standard Contractual Clauses (SCCs). You may request a copy of the safeguards we use by contacting us at the email below.

Your U.S. State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws. This section describes those rights and how to exercise them. To submit a request, email sportalpdx@gmail.com with the subject "Privacy Rights Request" and the state you reside in. We will verify your request using information already associated with your account and respond within the time required by law (generally 45 days).

California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share, including the categories of sources and third parties.
  • Access a copy of the personal information we hold about you.
  • Delete personal information we have collected about you, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Limit use and disclosure of sensitive personal information.
  • Opt out of the "sale" or "sharing" of personal information and of targeted advertising.
  • Non-discrimination for exercising your rights.

We do not sell your personal information for money and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CPRA. We do not use or disclose sensitive personal information for purposes that require an opt-out under California law.

You may also designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization and may require you to verify your own identity directly.

Opt-Out Preference Signals. We honor opt-out preference signals, including the Global Privacy Control (GPC), where required by law. When we receive a GPC signal from a browser or device associated with you, we treat it as a valid request to opt out of the "sale" or "sharing" of personal information and of targeted advertising, to the extent applicable.

Oregon (OCPA)

If you are an Oregon resident, you have the right under the Oregon Consumer Privacy Act to:

  • Confirm whether we process your personal data and access that data.
  • Obtain a list of the specific third parties to which we have disclosed your personal data.
  • Correct inaccuracies in your personal data.
  • Delete personal data we maintain about you.
  • Obtain a portable copy of personal data you provided to us.
  • Opt out of (a) the sale of personal data, (b) targeted advertising, and (c) certain profiling that produces legal or similarly significant effects.

We do not sell personal data, engage in targeted advertising, or conduct profiling that produces legal or similarly significant effects. If you are dissatisfied with our response, you may appeal by replying to our decision; you may also contact the Oregon Attorney General.

Other U.S. States

Residents of other states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Utah, Texas, Montana, Tennessee, Iowa, Indiana, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, and others as they take effect) may have similar rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of sale, targeted advertising, and certain profiling. You may exercise those rights using the same contact method above.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: sportalpdx@gmail.com

🗑️ Account Deletion

To delete your account and all associated data, go to: Account Settings → Privacy & Security → Delete My Account

For other data requests (portability, specific data removal, or general privacy inquiries), please contact us via email. We aim to respond to all privacy-related inquiries within 30 days.