Privacy Policy

Last updated: July 2, 2026

Scoutyx ("we", "us") connects athletes, scouts, and organisations. This policy explains what data we collect, why, and the choices you have — including the extra protections we apply to users under 18.

1. Information we collect

  • Account data: email, password (hashed, never stored in plain text), role (athlete, scout, or org).
  • Profile data: name, date of birth, sport, position, physical stats (height, weight, sprint speed, etc.), bio, and any photos or videos you upload.
  • Guardian data (minors only): a parent/guardian's email address and consent record, collected only to satisfy COPPA/GDPR (see Section 4).
  • Usage data: search queries sent to Athene AI, messages between users, shortlists, and app interaction logs, used to operate and improve the platform.
  • Payment data: handled entirely by Stripe. Scoutyx never receives or stores full card numbers.

2. How we use it

We use your data to:

  • Operate your profile and match athletes with scouts and organisations.
  • Power Athene AI search. Athene extracts intent from your natural-language query using an AI model — it never invents or hallucinates athlete data. All athlete results come directly from our database, not from the AI model.
  • Send transactional emails (verification, guardian consent, account notices) via Resend.
  • Process subscription payments via Stripe.
  • Detect and prevent abuse, fraud, and policy violations.

We do not sell your personal data to third parties, and we do not use your profile data to train third-party AI models.

3. Who we share data with

Only the service providers required to run Scoutyx, each bound by their own data-processing agreements:

  • Stripe — payment processing and subscription billing.
  • AWS (S3 + CloudFront) — secure media storage and delivery, scanned for malware before publishing.
  • OpenAI — natural-language intent extraction for Athene AI searches (query text only, never full profile/PII data).
  • Resend — transactional email delivery.

Your profile is never visible to other users until it's active and, if you're a minor, until your guardian has completed verification (Section 4).

4. Extra protections for users under 18 (COPPA / GDPR Art. 8)

Scoutyx welcomes athletes under 18, which means we take on legal obligations under the US Children's Online Privacy Protection Act (COPPA, for users under 13) and GDPR Article 8 (EU users under 16). To be safe across every jurisdiction, we apply the same protections to everyone under 18:

  • A minor's account is placed in a private, non-public pending state immediately after signup — invisible to scouts, orgs, and Athene AI search.
  • We email a parent or guardian a verification link. To confirm they're a reachable adult, we place a refundable €1 authorization hold on a card — this is never captured or charged, and is voided automatically the moment it's authorized.
  • Only after a guardian completes this step does the minor's account move to a limited "sandbox" state, and eventually full visibility — never straight to public.
  • Unverified minor accounts are automatically deleted, and their data anonymised, after 30 days.
  • We never display a minor's contact details (phone, address) anywhere on the platform — in-app messaging only.

5. Your rights

Wherever you are, you can request a copy of your data, ask us to correct it, or request deletion at any time. EU/UK users have full GDPR rights (access, rectification, erasure, portability, objection). To exercise any of these, or if you're a parent/guardian requesting deletion of a minor's account, email gcampoyf@gmail.com. We respond within 30 days.

6. Data retention

We retain account data for as long as your account is active. If you delete your account, we remove your profile, media, and messages within 30 days, except where we're legally required to retain records (e.g. payment history for tax purposes).

7. Security

Passwords are hashed with bcrypt. Access tokens are never persisted to disk on mobile — they live in memory only and are rotated on every use. Uploaded media is scanned for malware before publishing. We use industry-standard encryption in transit (TLS) for all traffic.

8. Changes to this policy

We'll update the date at the top of this page when this policy changes, and notify you in-app for material changes.

9. Contact

Questions about this policy or your data? Email gcampoyf@gmail.com.