Privacy Policy
Last updated: March 2026
This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use BESTLEVEL LLC's SaaS platform and tells you about your privacy rights and how the law protects you.
1. INTERPRETATION AND DEFINITIONS
1.1 Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
1.2 Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for Coaches, Clubs, Academies, or Institutions to access our SaaS platform or parts of our Service.
- Application refers to the BESTLEVEL mobile application used by Athletes, Students, or End Users.
- Company (referred to as either "the Company", "We", "Us" or "Our") refers to BESTLEVEL LLC.
- Device means any device that can access the Service such as a computer, cellphone or digital tablet.
- Athletes, Students, or End Users means the athletes, students, or clients of our Coaches, Clubs, Academies, or Institutions who use the mobile application.
- Personal Data is any information that relates to an identified or identifiable individual.
- Platform refers to our SaaS web platform used by Coaches, Clubs, Academies, and Institutions to manage their athletes, students, and clients.
- Service refers to both our SaaS platform and mobile application.
- Service Provider means any natural or legal person who processes data on behalf of the Company.
- Coaches, Clubs, Academies, and Institutions means our direct clients who are coaches, sports clubs, academies, educational institutions, or organizations using our platform.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
2. DATA WE COLLECT
2.1 Coach / Institution Data (Our Direct Clients)
When Coaches, Clubs, Academies, or Institutions register and use our platform, we collect:
- Email address and password
- First name and last name
- Phone number
- Business information (club/academy name, certifications)
- Payment information (processed through Stripe)
- Workout content, training programs, and playbook designs created
- Client and athlete management data entered into the platform
2.2 Athlete / End User Data
Through our mobile application and web platform, we collect data about Athletes, Students, or End Users on behalf of Coaches, Clubs, Academies, and Institutions:
- Name and contact information provided by the Coach, Club, or Institution
- Training progress and performance data
- Photos and videos related to exercises and training sessions (with permission), including videos distributed or assigned by the Coach, Club, or Institution to athletes or their parents/guardians through the platform's Video Center and video assignment features — the Institution is solely responsible for ensuring it has the necessary rights, licenses, and permissions to distribute such video content
- Device information and app usage data
- Communication between coaches and athletes through the app
- Compliance Registration Data (when the Institution uses the Athlete Compliance Registration module): date of birth, gender, address, parent/guardian contact information, emergency contacts, medical/allergy information, headshot photos, birth certificate images, and electronic waiver signatures — all collected and managed by the Institution as Data Controller
Note on Video Analysis: Any video analysis performed by our platform using AI uses general object detection to track tactical movement. We do not extract, collect, or store biometric identifiers (such as facial recognition data) from uploaded media.
2.3 Usage Data
We automatically collect:
- IP addresses and device identifiers
- Browser type and version
- Pages visited and time spent on our platform
- Mobile device information and operating system
- App usage patterns and feature interactions
3. HOW WE USE YOUR DATA
3.1 For Coaches, Clubs, Academies, and Institutions
- Provide access to our SaaS platform and its features
- Process payments and manage subscriptions
- Provide customer support and technical assistance
- Send service updates and important notifications
- Improve our platform based on usage patterns
- Ensure platform security and prevent fraud
3.2 For Athletes, Students, or End Users
- Enable communication between coaches and their athletes or clients
- Provide workout content and track progress
- Store and sync data across devices
- Improve app functionality and user experience
- Ensure app security and proper functioning
- Process compliance registration data on behalf of the Institution (when applicable)
Important:
We act as a data processor for athlete and end user data. Coaches, Clubs, Academies, and Institutions are responsible for obtaining proper consent from their athletes, students, and clients, and ensuring compliance with applicable privacy laws in their jurisdiction.
4. DATA SHARING AND DISCLOSURE
4.1 We may share data in the following situations:
- With Service Providers: Stripe for payment processing, cloud hosting providers for data storage
- Between Coaches/Institutions and Athletes/End Users: Data is shared within the coach-athlete or institution-member relationship as intended
- With Third-Party Sports Platforms: When the Client (Coach, Club, Academy, or Institution) instructs or initiates an export of data to third-party league registration or sports management systems (e.g., GotSport, SportsEngine, Sports Connect), the data is transmitted as directed by the Client. BESTLEVEL LLC facilitates such exports as a Data Processor acting on the Client's instructions.
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In case of merger, acquisition, or sale of company assets
- Safety and Security: To protect rights, property, or safety of our users
4.2 We do NOT:
- Sell personal data to third parties
- Share data between different Coaches, Clubs, or Institutions
- Use athlete or end user data for our own marketing purposes
- Access coach-athlete communications unless required for technical support
4.3 Client Responsibility for Exported Data
Data Export Disclaimer:
BESTLEVEL LLC securely stores all data within its infrastructure using industry-standard encryption, access controls, and security measures. However, once data has been exported from, downloaded from, or transmitted outside of BestLevel's infrastructure by the Client or its authorized users — including but not limited to exports to third-party league registration systems (e.g., GotSport, SportsEngine), the Client's own local systems, email, spreadsheets, or any other medium — BESTLEVEL LLC assumes zero liability for the security, confidentiality, integrity, or any unauthorized access, use, or disclosure of such data.
The Client (Coach, Club, Academy, or Institution) is solely responsible for:
- The security of its own systems, devices, networks, and physical records
- The proper training of its staff on data handling and data protection practices
- Securing account credentials, access tokens, and exported files
- Complying with all applicable data protection laws regarding data it controls, downloads, or exports from the platform
- Any data breaches, leaks, or unauthorized disclosures that occur on the Client's own systems or through the Client's actions
5. DATA SECURITY AND RETENTION
5.1 Security Measures
We implement industry-standard security measures including:
- Encryption of data in transit and at rest
- Regular security audits and updates
- Access controls and authentication systems
- Secure cloud infrastructure with reputable providers
- Regular backups and disaster recovery procedures
5.2 Data Retention
- Coach / Institution Data: Retained while account is active and for 90 days after cancellation
- Athlete / End User Data: Retained as long as the Coach, Club, or Institution maintains their account
- Usage Data: Typically retained for 2 years for analytics and improvement purposes
- Payment Data: Retained according to legal requirements and Stripe's policies
- Inactive Accounts: Accounts with no login activity for 12 consecutive months are considered inactive. We will send a notification email 30 days before automatic deletion. If no activity occurs during the 30-day notice period, the account and all associated data (including End User data) will be permanently deleted. Users can prevent deletion simply by logging in during the grace period.
6. YOUR RIGHTS
6.1 For Coaches, Clubs, Academies, and Institutions
- Access and download your data
- Correct or update your information
- Delete your account and associated data
- Export athlete and client data before account deletion
- Object to certain data processing activities
6.2 For Athletes, Students, or End Users
Athletes, students, or end users should contact their Coach, Club, or Institution directly for data requests. However, they can also contact us directly at contact@thebestlevel.com for:
- Questions about how their data is processed
- Requests to delete their data from our systems
- Complaints about data handling
7. INTERNATIONAL DATA TRANSFERS
As a global SaaS platform, your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:
- Standard contractual clauses with service providers
- Compliance with GDPR, CCPA, and other applicable privacy laws
- Regular assessment of data protection measures
- Ensuring service providers meet our security standards
8. CHILDREN'S PRIVACY AND COPPA COMPLIANCE
COPPA Compliance Declaration:
BESTLEVEL LLC complies with the Children's Online Privacy Protection Act (COPPA) with respect to the collection and use of personal information from children under the age of 13 in the United States.
8.1 Verifiable Parental Consent
Our platform is intended for coaches, clubs, academies, and institutions who are 18 years or older (or represented by adults). When a Coach, Club, Academy, or Institution adds an athlete under the age of 13 to the platform, the following safeguards are in place:
- The platform requires a parent or guardian email address for all athletes under 13 years of age.
- All account-related communications (welcome emails, notifications, payment reminders) are sent to the parent/guardian email, not to the child directly.
- The Club, Academy, or Institution, acting as the Data Controller, is responsible for obtaining verifiable parental consent before adding any minor under 13 to the platform.
- BESTLEVEL LLC does not knowingly collect personal information directly from children under 13 without parental involvement through the Data Controller.
8.2 Data Collected from Minors
When a minor athlete is added to the platform by their Club, Academy, or Institution, the following data may be collected and processed:
- Identity Information: Full name, date of birth, gender, address
- Physical Measurements: Height, weight (for athletic performance tracking)
- Performance Data: Training progress, workout completion, exercise metrics
- Health/Injury Data: Injury records, availability status, recovery tracking (for coaching communication and availability tracking purposes only — see Medical Disclaimer)
- Media Content: Photos and/or videos of training sessions, as well as videos distributed or assigned to athletes or their parents/guardians by the Coach, Club, or Institution through the platform's Video Center and video assignment features (uploaded and distributed by the Coach, Club, or Institution with consent and media release rights managed solely by the Data Controller) — BESTLEVEL LLC processes and stores this video data exclusively as a Data Processor on behalf of the Institution
- Compliance Registration Data (when the Institution enables the Athlete Compliance Registration module): parent/guardian name and contact information, emergency contact details, medical conditions, allergies, medications, physician information, headshot photographs, birth certificate images, insurance information, and electronic signatures on waivers. This data is collected and provided exclusively by the Institution (Data Controller) and processed by BESTLEVEL LLC solely on its behalf, stored in a segregated, access-controlled collection with full audit logging.
8.3 Parental Rights
Parents or legal guardians of minor athletes have the right to:
- Review the personal information collected about their child by contacting the Data Controller (their Club, Academy, or Institution) or by contacting BESTLEVEL LLC directly at contact@thebestlevel.com.
- Request deletion of their child's data from the platform.
- Refuse further collection of their child's personal information, which may result in the child's account being deactivated.
- Receive a copy of their child's data in a portable format upon request.
To exercise any of these rights, parents may contact the Club, Academy, or Institution directly (as Data Controller) or reach out to BESTLEVEL LLC at contact@thebestlevel.com.
8.4 Minors Between 13 and 18
For athletes between the ages of 13 and 17, the Coach, Club, Academy, or Institution remains responsible for ensuring that appropriate parental awareness and/or consent is obtained in accordance with applicable laws in their jurisdiction. The platform supports optional parent/guardian email fields for athletes of all ages.
9. THIRD-PARTY SERVICES
9.1 Integrated Services
We use the following third-party services to operate our platform. Each service has its own privacy policy, and we encourage you to review them:
- Firebase (Google Cloud) — Authentication, real-time database, data synchronization, and push notifications. Google Cloud Privacy Policy
- Cloudflare (R2 Storage & Workers) — File and media storage (including training videos), CDN, and serverless proxy functions. Cloudflare Privacy Policy
- Stripe — Payment processing for subscriptions and coach/institution-athlete payments. Stripe Privacy Policy
- Supabase (PostgreSQL) — Analytics, health/injury data, and structured data storage. Supabase Privacy Policy
- Modal — Serverless GPU processing for video analysis (player tracking, tactical analysis). Modal Privacy Policy
- PostHog — Product analytics with anonymized usage data for platform improvement. PostHog Privacy Policy
We only share data with these service providers as necessary to operate the Service. We do not sell personal data to any third party.
10. DATA PROCESSOR AND DATA CONTROLLER RELATIONSHIP
Important Distinction:
Under applicable data protection laws (including GDPR, COPPA, and similar frameworks), the roles of Data Processor and Data Controller carry different responsibilities.
10.1 BESTLEVEL LLC as Data Processor
BESTLEVEL LLC operates as a Data Processor. This means:
- We provide the secure technical infrastructure ("Privacy by Design") to store, process, and transmit data on behalf of our clients (Coaches, Clubs, Academies, and Institutions).
- We process personal data only as instructed by the Data Controller (the Coach, Club, Academy, or Institution) and in accordance with these terms.
- We implement appropriate technical and organizational measures to ensure the security and integrity of the data entrusted to us.
- We do not independently decide the purposes or means of processing End User data.
10.2 Clubs, Academies, and Institutions as Data Controllers
The Club, Academy, Institution, or Coach using BESTLEVEL LLC is the Data Controller. This means they:
- Determine the purposes and means of processing their athletes' personal data.
- Are responsible for obtaining proper consent (including verifiable parental consent for minors under 13 per COPPA).
- Must comply with data protection laws in their jurisdiction.
- Are the primary point of contact for End Users (athletes/parents) regarding their data rights.
10.3 Data Processing Agreement (DPA)
A formal Data Processing Agreement (DPA) is available for all institutional clients, including high schools, clubs, and academies. The DPA details BESTLEVEL LLC's obligations under FERPA and COPPA, sub-processor disclosures, security measures, breach notification procedures, and data retention/deletion policies.
You can review the full DPA at: Data Processing Agreement
For institutions requiring a signed, bilateral version with custom terms, contact us at contact@thebestlevel.com.
11. POLICY UPDATES
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Sending email notifications to Coaches, Clubs, and Institutions for significant changes
- Displaying prominent notices on our platform
- Updating the "Last updated" date at the top of this policy
12. U.S. STATE PRIVACY RIGHTS (CCPA/CPRA, VCDPA, etc.)
If you are a resident of California, Virginia, Colorado, Connecticut, Texas, Utah, or any other U.S. state with comprehensive privacy legislation, you may have specific rights regarding your personal information under applicable state laws (such as the California Consumer Privacy Act / California Privacy Rights Act — CCPA/CPRA — or the Virginia Consumer Data Protection Act — VCDPA).
As stated in Section 10, BESTLEVEL LLC operates entirely as a Service Provider / Data Processor. We DO NOT sell or share personal information for cross-context behavioral advertising. We only process data as instructed by the Data Controller (the Club, Academy, or Institution).
Your Rights May Include:
- The right to know what personal information is collected about you and how it is used.
- The right to request deletion of your personal information.
- The right to correct inaccurate personal information.
- The right to opt out of the sale or sharing of your personal information (not applicable — we do not sell or share data).
- The right to non-discrimination for exercising your privacy rights.
How to Exercise Your Rights:
If you wish to exercise any of the rights listed above, you must submit your request directly to the Club, Academy, or Institution that provided you with access to our Service (as they are the Data Controller). BESTLEVEL LLC will assist the Data Controller in fulfilling these requests within the legally required timeframes.
You may also contact BESTLEVEL LLC directly at contact@thebestlevel.com as a secondary channel, and we will redirect your request to the appropriate Data Controller or process it as required by law.
13. CONTACT US
If you have any questions about this Privacy Policy or our data practices, contact us:
- Email: contact@thebestlevel.com
- Website: www.thebestlevel.com
- Data Protection Officer: Available through the above contact methods
For EU Residents:
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.