Privacy policy.

The Program Suite ("we," "us," or "our") is a Texas-based sports management platform that provides coaching, athletic administration, and program management tools to high school and college athletic programs. We operate the application at tpscoach.com and the marketing website at theprogramsuite.com (collectively, the "Service"). Both sites are owned and operated by the same entity under the laws of the State of Texas.

Questions about this Policy may be directed to: privacy@theprogramsuite.com
Mailing address: 5900 Balcones Drive, Suite 29102, Austin, TX 78731

We collect the following categories of personal information:

Account and Identity Information

• Full name, email address, and password (hashed — we never store plaintext passwords)
• Role within a program (coach, admin, athlete, family member)
• Profile photo (optional, uploaded by the user)
• Jersey number and athletic position (athlete accounts)
• Date of birth (required for athlete accounts to verify minimum age)

Guardian and Family Information

• When an athlete registers, we collect the name and email address of at least one parent or legal guardian. This information is used to create an associated family account and to send an invitation to that guardian.
• Family members may also add themselves to an athlete's account using an invitation link provided by the coaching staff or generated through the platform.

Health and Medical Information

• Doctor's notes, medical clearance status, and participation restrictions submitted by athletes or coaching staff
• Injury status flags set by coaching staff for scheduling and attendance purposes
• Body weight and biometric data entered in the strength and conditioning module (stored encrypted at rest)

Program and Performance Data

• Attendance records and participation history
• Practice plans, drill libraries, and session notes
• Scouting reports and opponent information
• Strength training logs and nutrition data
• Disciplinary or behavioral notes entered by coaching staff

Communications

• Messages and announcements sent through the platform
• Files and attachments uploaded to announcements or events

Technical and Usage Data

• Page-level analytics collected by Vercel Analytics (page views, referrer, country-level location). Vercel Analytics does not use cookies and does not track individual users across sessions or sites.
• IP addresses processed by Cloudflare for security, DDoS protection, and rate limiting
• IP addresses temporarily held by Upstash for API rate limiting (not retained beyond the rate-limit window)
• Browser type and device type inferred from your User-Agent header
• Login timestamps

• To operate the Service — providing coaching tools, attendance tracking, scheduling, scouting, and all other platform features
• To manage accounts — creating and authenticating user accounts, sending password resets, managing role-based access
• To coordinate medical information — routing doctor's notes to athletic training staff and notifying coaches of clearance status changes
• To send transactional emails — account invitations, password resets, notification of submitted medical notes, and other service-driven communications. These emails are sent to all user types.
• To send marketing communications — we send promotional emails about The Program Suite only to head coaches who are account holders. Athletes, family members, and other staff are never sent marketing or promotional email. Coaches may opt out at any time.
• To enforce age requirements — we use date of birth to verify that athlete accounts meet the minimum age of 13 years. We do not create accounts for individuals under 13.
• To improve the Service — aggregate, anonymized usage data helps us understand how the platform is used and where to focus improvements
• To comply with legal obligations — we may use or retain data as required by applicable law, court order, or governmental authority

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

We share information in the following limited circumstances:

Within Your Program

Coaches, administrators, and authorized staff within your athletic program can view information about athletes and family members in that program. This is the core function of the Service. Athletes can view their own data. Family members can view data associated with their linked athlete.

Training Staff (Medical Notes)

When a doctor's note is submitted, the platform emails a notification and a copy of the attached file to the athletic training staff contacts designated by the program's coaching staff. These contacts are stored in the system by the coaching staff and may not have accounts on the platform.

Data Processors (Service Providers)

We use the following sub-processors to operate the Service. Each is bound to process data only on our instructions:

Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

Business Transfers

If The Program Suite is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

The Program Suite is not a HIPAA-covered entity and does not provide HIPAA-compliant medical record storage. The medical notes feature is an administrative coordination tool designed to help athletic programs manage participation clearance status and communicate between athletes, coaches, and athletic training staff. It is not a medical records system, an electronic health record (EHR), or a substitute for clinical documentation.

Users who submit doctor's notes or medical information through the platform acknowledge that this information will be accessible to their program's coaching staff and will be emailed to the athletic training contacts designated by that program. By submitting medical information, you consent to this disclosure within your athletic program.

Programs that are covered entities under HIPAA or that require HIPAA-compliant handling of health information should not use the medical notes feature as a substitute for their existing compliant systems and should consult with their legal counsel regarding appropriate use.

Nothing in the Service constitutes medical advice. Participation clearance decisions remain the responsibility of qualified healthcare and athletic training professionals.

The Service is designed for use by athletic programs, coaches, and athletes. We do not knowingly create accounts for children under the age of 13. Athlete account registration requires entry of a date of birth, and the platform will not permit account creation for individuals who are younger than 13 years of age.

For athletes between the ages of 13 and 17, we require a parent or legal guardian's name and email address at the time of registration. An account is automatically created for the guardian, and an invitation is sent to the provided email address. We encourage parents and guardians to stay involved in their athlete's account and to contact us at privacy@theprogramsuite.com with any concerns.

If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

We use the following technologies on the Service:

• Authentication cookies — set by Supabase to maintain your login session. These are strictly necessary for the Service to function. They are session cookies and expire when you sign out or when your session times out.
• Vercel Analytics — measures page views and performance using a privacy-preserving method that does not set cookies and does not use persistent identifiers. Data is collected at the aggregate level.
• Vercel Speed Insights — measures real-user page performance (load times, Core Web Vitals). No cookies are set.

We do not use advertising cookies, cross-site tracking cookies, or third-party behavioral tracking on the Service.

We retain your personal information for as long as your account is active and for a period following account closure or program cancellation as described below:

• Active accounts: Data is retained for the duration of the account and updated as the Service is used.
• After cancellation or deletion: We retain your data for 90 days following cancellation or account deletion. During this period, you may request a data export or reactivate your account to recover your data. After 90 days, personal data is permanently deleted from our active systems.
• Backup systems: Deleted data may remain in encrypted backup snapshots for up to an additional 30 days before cycling out of backup rotation.
• Anonymized data: Aggregated, de-identified usage data with no personal identifiers may be retained indefinitely for product improvement purposes.
• Legal holds: We may retain certain data for longer periods if required by law, regulation, or ongoing legal proceedings.

Depending on where you live, you may have the following rights regarding your personal information:

Texas Residents (Texas Data Privacy and Security Act)

• Right to know what personal data we have collected about you
• Right to correct inaccurate personal data
• Right to delete personal data we hold about you
• Right to obtain a portable copy of your personal data
• Right to opt out of the sale of personal data (we do not sell personal data)
• Right to opt out of profiling for decisions that produce legal or similarly significant effects (we do not engage in such profiling)

California Residents (CCPA/CPRA)

• Right to know the categories and specific pieces of personal information collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share)
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@theprogramsuite.com. We will respond within 45 days. For complex requests, we may extend this period by an additional 45 days and will notify you of the extension. We may need to verify your identity before processing your request.

If you are an athlete or family member and your account was created by a coach or administrator, some data may be part of that program's records. Deletion requests for program-level records may require coordination with the program's coaching staff.

We implement industry-standard security measures to protect your personal information:

• All data is transmitted over encrypted HTTPS connections
• Passwords are hashed using industry-standard algorithms and are never stored in plaintext
• Sensitive data fields (biometric measurements) are encrypted at rest using AES-256-GCM
• File storage is hosted in private, access-controlled buckets; sensitive files are served via short-lived signed URLs
• Database access is governed by row-level security policies tied to each program's tenant context
• Access to production systems is restricted to authorized personnel

No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify affected users in accordance with applicable law.

We send marketing and promotional emails only to head coaches who are account holders. Athletes, family members, and non-head-coach staff are not sent promotional emails.

Coaches may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by emailing privacy@theprogramsuite.com. Opting out of marketing emails does not affect transactional and service-related emails, which are necessary for the operation of your account.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify account holders by email or through an in-app notice. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Policy.

For privacy-related questions, requests, or concerns: