Privacy Policy

Effective Date: March 14, 2026

RawRecruit ("we," "us," or "our") operates the RawRecruit website and progressive web application (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information. We have written this policy in plain language so you can actually understand it.

By creating an account or using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

RawRecruit is an AI-powered college recruiting platform that helps high school athletes in football, men's basketball, women's basketball, men's track & field, and women's track & field discover and evaluate college programs. RawRecruit is owned and operated by RawRecruit, LLC. Our principal place of business is in the United States.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and build your athlete profile, you may provide:

• Name and email address (via Google OAuth sign-in or email/password registration)
• Profile photo
• Role selection (Student-Athlete or Parent/Guardian)
• Athletic data: position, height, weight, graduation year, 40-yard dash time, bench press, squat
• Academic data: GPA, SAT score, ACT score
• Location data: state, city, high school
• Biographical information and film links (Hudl or YouTube URLs)
• Campus and cultural preferences: preferred campus size, setting, climate, diversity preference
• Family income bracket (optional, used solely for financial fit matching, never shared with schools or third parties)
• Payment information (processed securely by Stripe; we never see or store your full card number)

2.2 Information We Collect Automatically

When you use the Service, we automatically collect:

• Device information: device type (mobile, tablet, desktop), operating system, browser type
• Usage data: pages viewed, features used, search queries, Fit Score views, time spent on pages
• Session data: session identifiers, referral URLs, login timestamps
• Performance data: page load times, errors encountered

We use PostHog for product analytics. PostHog collects anonymous usage events to help us understand how the Service is used and improve it. We do not track individual browsing activity across other websites.

2.3 Information From Third-Party Sources

When you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We do not access your Google contacts, calendar, or any other Google data.

2.4 Publicly Available School and Coach Data

Our Service displays information about college athletic programs, including coaching staff names, titles, publicly listed email addresses, phone numbers, and social media profiles. This information is collected from publicly available sources, including official school athletic department websites, NCAA/NAIA/NJCAA databases, and public directories. This data is not user-generated content and is not considered personal information of our users.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including computing your personalized Fit Scores
• Match you with college programs based on your athletic, academic, geographic, and cultural fit
• Create and maintain your account and athlete profile
• Process subscription payments and manage your billing
• Send transactional emails: welcome messages, profile completion nudges, match updates, and recruiting calendar alerts
• Send marketing emails related to recruiting tips and Service updates (you can unsubscribe at any time)
• Display anonymous, aggregate competitive statistics (e.g., "47 athletes are tracking this school")
• Improve and optimize the Service through analytics and error tracking
• Enforce our Terms of Service and prevent misuse
• Respond to your questions and support requests

4. How We Share Your Information

We do not sell your personal information to anyone. We do not share your profile data, Fit Scores, or athletic information with college coaches, schools, recruiters, or any third party unless you explicitly choose to make your profile public (a Varsity+ feature). Specifically:

• Service Providers: We share data with third-party service providers who help us operate the Service. These include Supabase (database and authentication), Stripe (payment processing), PostHog (analytics), Resend (email delivery), Cloudflare (file storage), Vercel (hosting), and Sentry (error tracking). Each provider processes data only to perform services on our behalf and is contractually obligated to protect your information.
• Aggregate/Anonymous Data: We may share anonymous, aggregate statistics that cannot identify any individual user (e.g., "average GPA of athletes interested in this school").
• Legal Requirements: We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If RawRecruit is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

5. Children's Privacy (COPPA Compliance)

RawRecruit is designed for high school athletes, many of whom are under 18. We take the privacy of minors seriously.

• Under 13: Children under the age of 13 may not create an account on RawRecruit. If a child is under 13, a parent or guardian must create an account first and manage the child's profile. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.
• Ages 13–15: Users between 13 and 15 may create accounts. Analytics data for users in this age range is anonymized. We do not associate usage events with personally identifiable information.
• Ages 16–17: Users 16 and older may use the full Service with standard analytics tracking, with consent.
• Parent/Guardian Accounts: Parents and guardians can create their own accounts to manage and view their child's profile, Fit Scores, and recruiting progress.

If you are a parent or guardian and believe your child under 13 has provided personal information without your consent, please contact us at [email protected] and we will take steps to remove that information.

6. Payment Information

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. When you subscribe to a paid plan, your payment details (credit card number, expiration date, CVV) are transmitted directly to Stripe through their secure embedded checkout. We never see, transmit, or store your full payment card information on our servers. We retain only your Stripe customer ID and subscription status for account management purposes.

7. Data Storage and Security

Your data is stored on servers located in the United States, managed by Supabase (PostgreSQL database with Row Level Security) and Cloudflare R2 (file storage). We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS on all connections)
• Encryption at rest for stored data
• Row Level Security (RLS) policies on every database table, ensuring users can only access their own data
• Server-side session validation on every authenticated request
• Webhook signature verification for all payment events
• Rate limiting to prevent abuse

While we use commercially reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

• Authentication Cookies: Essential cookies managed by Supabase to maintain your login session. These are strictly necessary for the Service to function and cannot be disabled.
• Analytics: PostHog analytics events to understand how the Service is used. PostHog does not track you across other websites.

We do not use advertising cookies or trackers. We do not participate in ad networks. We do not sell or share cookie data with advertisers.

9. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information. You can delete your account at any time from your account settings. Upon deletion, we will remove your profile, athlete data, Fit Scores, and saved schools. Some data may be retained as required by law or for legitimate business purposes (e.g., payment records for tax compliance).
• Data Portability: Request a machine-readable export of your data.
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in every email or by updating your notification preferences in Settings.
• Do Not Sell (CCPA): We do not sell personal information. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account and profile data: retained until you delete your account
• Fit Score history: retained while your account is active
• Payment records: retained for 7 years as required for tax and accounting purposes
• Analytics data: retained in aggregate form indefinitely; individual-level data is purged after 24 months
• Email engagement data: retained for 12 months after last interaction

When you cancel your subscription, your account and data are preserved (you revert to the free Prospect tier). To permanently delete your data, you must delete your account.

11. Third-Party Links

The Service may contain links to third-party websites, including school athletic department websites, Hudl, YouTube, and social media platforms. We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at: