Back to Home
Sportal Logo

Privacy Policy

Effective Date: August 6, 2025
Last Updated: December 28, 2025

Sportal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services (collectively, the "Services"). This policy complies with applicable privacy laws including GDPR, CCPA, and follows Apple App Store guidelines.

Information We Collect

Account Information

  • • Full name and email address
  • • Profile photo (optional)
  • • Phone number (for notifications)

Location Data

  • • Event locations you create or attend
  • • Location searches via Google Places
  • • No background location tracking
  • • Location only used for event purposes

Event & Team Data

  • • Events you create or attend
  • • Team roster memberships
  • • RSVP responses and attendance
  • • Messages and communications

Usage Information

  • • App usage patterns and features used
  • • Device information and app version
  • • Crash reports and performance data
  • • Time spent in app (for improvements)

Data Sharing and Disclosure

🛡️ We DO NOT sell your personal information

Your data is never sold to third parties for marketing or advertising purposes.

Visibility Within Sportal

Name Visibility

If you join a roster, members of that roster can see your name. If you accept an event invitation, the event organizer and other attendees can see your name.

Contact Info is Private by Default

Your email and phone number are always hidden from everyone, including managers, unless you explicitly opt-in to share.

Opt-In Only Contact Sharing

Contact information can only be shared through explicit opt-in. You must actively choose to share your email and phone with roster members through your roster settings.

Control Your Sharing

Toggle contact sharing on or off anytime in your roster settings. Leave any roster at any time to remove your information from that roster.

Third-Party Sharing

We may share information in these specific circumstances:

  • Service Providers: Firebase/Google Cloud for hosting, Apple/Google for push notifications, and subcontractors providing customer service support
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In case of merger, acquisition, or sale of business assets
  • With Consent: Any other sharing will require your explicit permission

📱 Mobile Information & SMS Protection

  • No Marketing Sharing: We will never share your mobile information (phone number, SMS opt-in data, or consent) with third parties or affiliates for marketing or promotional purposes.
  • SMS Data Protection: Text messaging originator opt-in data and consent information will not be shared with any third parties under any circumstances.
  • Support Services Only: Mobile information may only be accessed by authorized service providers (subcontractors) for the sole purpose of providing customer service and technical support.

Data Security & Protection

Encryption

  • • Data encrypted in transit (TLS 1.3)
  • • Data encrypted at rest (AES-256)
  • • Secure Firebase authentication
  • • Regular security audits

Data Access

  • • Role-based access controls
  • • Multi-factor authentication
  • • Regular access reviews
  • • Minimal data access principle

Third-Party Services

Services We Use:

  • Google Firebase: Database, authentication, and hosting
  • Google Places API: Location search and autocomplete
  • Twilio: SMS text message delivery
  • RevenueCat: Subscription and in-app purchase management
  • Apple Push Notifications: iOS event notifications
  • Google Cloud Messaging: Android event notifications

These services have their own privacy policies. We recommend reviewing them:Google Privacy Policy,Apple Privacy Policy,Twilio Privacy Policy,RevenueCat Privacy Policy

Your Privacy Rights

Access & Portability

Request a copy of your personal data in a portable format

Correction & Updates

Update or correct your profile information anytime in the app

Deletion

Delete your account and associated data (some data may be retained for legal compliance)

Opt-Out

Control notification preferences and marketing communications

Data Retention

  • Account Data: Retained while your account is active
  • Event Data: Kept for 90 days for historical purposes, can be deleted by an event manager at any time
  • Messages: Stored for team coordination, can be deleted individually
  • Deleted Accounts: Personal data removed within 30 days (except legal requirements)

Children's Privacy (COPPA Compliance)

Age Requirement: Sportal is intended for users 13 years and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately. Parents who believe their child under 13 has provided information should contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers are located. We ensure appropriate safeguards are in place for international transfers, including adherence to Privacy Shield principles and Standard Contractual Clauses where applicable.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: sportalpdxgmailcom

Replace [at] with @ and [dot] with . to send an email

🗑️ Account Deletion

To delete your account and all associated data, go to: Account Settings → Privacy & Security → Delete My Account

For other data requests (portability, specific data removal, or general privacy inquiries), please contact us via email. We aim to respond to all privacy-related inquiries within 30 days.