Privacy Policy
SIGND is built by athletes for athletes. We take your privacy seriously and only collect data that helps you connect with college coaches.
1. What We Collect
To run SIGND, we collect three categories of information:
- Account info — name, email, phone (optional), password (hashed), and the school/grad year you provide during onboarding.
- Athletic profile — sport, position, stats, highlight videos, transcripts, social handles, and anything else you add to your public profile.
- Recruiting activity — the coaches you save, emails you draft and send, replies you receive, and notes you take inside the app.
If you connect Gmail, we use Google OAuth and request the minimum scopes required: read access to identify coach replies and (with your explicit grant) send access to deliver emails you compose inside SIGND. We never read mail unrelated to recruiting context, and you can revoke access at any time from your Google Account settings.
2. How We Use It
- To generate personalized coach emails and recruiting recommendations.
- To display your profile to coaches you share your link with.
- To send you product notifications (NCAA windows, follow-up reminders, account events). You can disable these in Settings.
- To improve the product. Aggregate, anonymized usage data informs feature decisions — never individual identifying data.
3. What We Don't Do
- We do not sell your data. Ever. To anyone.
- We do not share your profile with third parties unless you explicitly share your profile link.
- We do not see your payment card details — Stripe handles all payment processing.
- We do not use your private email content to train AI models.
4. Who Has Access
Inside SIGND: only you and (if you're on the Family plan) your linked parent account. Internally, only a small set of authorized engineers can access systems containing user data, and only when investigating bugs or providing support you've requested.
Service providers we use: Supabase (database + auth), Stripe (payments), Resend (transactional email), Anthropic (AI email generation), Vercel (hosting), Google (Gmail integration). Each handles only the data required to perform its function.
5. Security
All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. OAuth tokens are stored encrypted. Database access is restricted by row-level security so users can only access their own data.
6. Your Rights
- Access — request a copy of your data at any time.
- Correction — update anything inaccurate from Settings or by contacting us.
- Deletion — delete your account from Settings. Your data is preserved for 30 days in case you change your mind, then permanently deleted.
- Portability — export your CRM, emails, and profile data in JSON format.
To exercise any of these rights, email hello@getsignd.com.
7. Cookies
We use a single first-party cookie to keep you logged in. We don't use third-party tracking cookies, ad pixels, or analytics that follow you across sites.
8. Minors
SIGND is intended for high school athletes (typically 14+). If you're under 13, you cannot create an account. If you're 13–17, we recommend signing up with parental involvement — the Family plan is built for exactly this.
9. Changes
If we update this policy, we'll email registered users at least 14 days before changes take effect. The "Last updated" date at the top of this page reflects the most recent version.
10. Contact
Questions, concerns, or data requests: hello@getsignd.com.