Privacy Policy

This Privacy Policy describes how TurfBurn, LLC (“TurfBurn,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the TurfBurn website, mobile experience, or related services (the “Service”).

By using the Service, you acknowledge that you have read and understood this Policy.

a. Information You Provide

We collect information you provide directly, including:

• Account information (email, password, authentication data)
• Player profile data (name, date of birth, graduation year, physical attributes, position)
• Athletic and evaluation data (scores, rankings, narratives, photos)
• Academic data (school, GPA, test scores, interests)
• Preferences and recruiting interests
• Event participation data
• Communications and feedback
• Payment information (processed by Stripe; we do not store full card details)

b. Information We Generate

We generate and infer data including:

• Match scores, rankings, and classifications
• AI-generated narratives and recommendations
• Usage analytics and engagement metrics
• Device and log data (IP address, browser, timestamps)

c. Information from Third Parties

We may receive information from partners to verify evaluations, enhance profiles, and improve matching accuracy.

d. Sensitive Personal Information

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), certain categories of information are designated “Sensitive Personal Information.” We collect the following Sensitive Personal Information from you when you choose to provide it:

• Religious or philosophical beliefs — you may optionally indicate religious-affiliation preferences in your School Preferences (for example, to receive better matches with Catholic, Jesuit, or other faith-affiliated programs).

We use Sensitive Personal Information only to deliver the Service you requested — specifically, to rank and recommend schools that align with the preferences you stated. We do not use Sensitive Personal Information to infer additional characteristics about you, to build advertising profiles, or for any purpose beyond the matching feature you opted into.

Because we limit use of Sensitive Personal Information to providing the requested Service, the CCPA/CPRA “right to limit use and disclosure of sensitive personal information” (Cal. Civ. Code §1798.121) does not apply — there is no secondary use to limit. You may, however, remove these fields from your preferences at any time from your /preferences page, and we will stop using them immediately.

We use information to:

• Operate, maintain, and improve the Service
• Generate recruiting insights and recommendations
• Train and improve machine learning and AI systems
• Process payments and manage subscriptions
• Communicate with users and provide support
• Detect fraud, abuse, and security incidents
• Comply with legal obligations
• Generate aggregated and de-identified analytics

We use automated systems, including machine learning and artificial intelligence, to:

• Evaluate player profiles
• Rank and recommend schools
• Generate narratives and insights

These outputs are informational only and should not be relied upon as professional advice or guarantees of outcomes.

a. Free-Text Fields and Personal Context

Some fields in your profile accept free-text input (for example, a “personal context” field that lets you describe family alumni connections, coaches you know, regional ties, or programs you've attended). This text is processed by our AI provider (Anthropic) to enrich your per-school match analysis. It is never shared with college coaches in any outbound email, profile share, or partner export. You can clear or replace any free-text field at any time from your /profile page.

Please do not include sensitive information about third parties (e.g., medical, financial, or legally privileged details) in these fields. We have no obligation to retain or process such content and may redact or remove it at our discretion.

a. Service-Driven and Partner Sharing

We share information with third parties as part of delivering the Service and enabling recruiting visibility, including:

• College programs and coaches
• Recruiting, scouting, and evaluation services
• Strategic partners and integrations
• Analytics and infrastructure providers

This sharing supports:

• Profile visibility and evaluation
• Match verification and scoring
• Platform functionality and integrations
• Partner-enabled features and outreach

b. No Sale or Cross-Context Behavioral Advertising

TurfBurn does not sell personal information in exchange for monetary compensation, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA and analogous state privacy laws (Cal. Civ. Code §1798.140(t), (ah)).

Because we do not engage in either of these practices, we are not required to provide a “Do Not Sell or Share My Personal Information” link or opt-out mechanism. The right does not apply where the practice it protects against is not occurring.

Certain data sharing described elsewhere in this section (e.g., with college coaches you choose to share your profile with, or with service providers like Stripe and Anthropic that process data on our behalf) is governed by contractual restrictions and is not “sale” or “sharing” under these laws.

b.1. Global Privacy Control (GPC) and Opt-Out Preference Signals

Some browsers and extensions send a Global Privacy Control (GPC) signal — an HTTP header (Sec-GPC: 1) indicating the user's general privacy preference. We honor GPC signals.

Because we already do not sell personal information or share it for cross-context behavioral advertising (see §5b above), there is nothing for the GPC signal to opt you out of in those categories. As an additional safeguard, when our servers detect a GPC signal we further suppress optional first-party usage analytics for your session. Essential analytics required for security, fraud prevention, and core Service operation continue to function.

GPC honoring is required by Colorado CPA (effective July 2024), Connecticut CTDPA (effective 2025), California CCPA/CPRA (per CCPA Regulations §7025), and several other state privacy laws. Our honoring of GPC applies uniformly regardless of your state of residence.

c. Legal Basis for Sharing

We share information:

• To provide the Service you request
• For legitimate business interests (e.g., improving matching accuracy, enabling recruiting workflows)
• With your consent where required by law

Where required by applicable law, we will provide notice and/or obtain consent prior to sharing personal information for marketing or advertising purposes.

d. Service Providers

We use vendors to operate the Service, including:

• Supabase (data infrastructure)
• Vercel (hosting)
• Stripe (payments)
• Anthropic (AI processing)
• Resend (transactional email delivery)
• Sentry (error monitoring; PII is scrubbed before transmission)
• BetterStack (uptime monitoring and operational logs)
• Cloudflare (Turnstile bot-protection on account signup; processes IP address and behavioral signals only — no durable tracking cookies)

These providers are contractually bound to protect your information.

e. Coaches You Invite

If you invite a coach to verify your profile, we share relevant evaluation data with that coach.

f. Legal & Business Transfers

We may disclose information:

• To comply with legal obligations
• To protect rights, safety, or security
• In connection with mergers, acquisitions, or financing

g. Aggregate and De-Identified Data

We may use and share aggregated or de-identified data for any lawful purpose, including analytics, research, and product development.

a. Right to Access

You may access the personal information we hold about you at any time via your account (Profile, Preferences, Evaluation, Account pages). For a structured export, see §6.c (Data Portability).

b. Right to Correct

You have the right under CCPA/CPRA §1798.106 and analogous state laws to request correction of inaccurate personal information we hold about you. You can correct most of your information directly: profile fields via /profile, evaluation fields via /evaluation, preferences via /preferences, and account email/password via /account. For any field you cannot edit directly, email privacy@turfburn.ai with the specific correction requested; we will verify your identity and update the record within 45 days (with a one-time 45-day extension if reasonably necessary, per CCPA §1798.130).

c. Right to Delete

You may delete your account at any time via /account → Delete Account. A 31-day grace period applies during which you can reverse the request by signing back in. After the grace period, your personal information is automatically purged from our database and storage (see §8). For records covered by lawful retention obligations (e.g., financial records under 26 U.S.C. §6001), personally identifying fields are anonymized where feasible.

You may also request deletion via privacy@turfburn.ai if you cannot access your account.

b. Marketing Communications

You may opt out of TurfBurn marketing emails at any time.

This does not apply to:

• Transactional communications
• Communications from third-party partners

c. Data Portability

You may request a copy of your data in a structured format.

d. California Privacy Rights

Under the California Consumer Privacy Act (CCPA/CPRA), you may have the right to:

• Know what personal information we collect
• Request a copy of your personal information (data portability)
• Request correction of inaccuracies
• Request deletion
• Opt out of the “sharing” of personal information for certain purposes
• Be free from retaliation for exercising any of these rights

To exercise any of these rights, email privacy@turfburn.ai from the email address on your account. We'll verify your request and respond within 45 days (with a one-time 45-day extension if reasonably necessary, per CCPA §1798.130). For deletion or data-export requests we may ask for additional identification to confirm the request comes from the account holder.

e. EU / UK Rights

If applicable, you may have rights under the General Data Protection Regulation, including:

• Access, correction, deletion
• Restriction or objection to processing
• Data portability

Legal bases for processing include:

• Contractual necessity (providing the Service)
• Legitimate interests (product improvement, fraud prevention, analytics)
• Consent (where required, including marketing)

The Service is not directed to children under 13.

For users aged 13–17:

• A parent or guardian should supervise use
• By creating an account, a parent or guardian represents consent to this Policy

We will delete personal information of children under 13 if discovered.

We retain personal information:

• While your account is active
• For 31 days after you request account deletion (the “grace period”), during which you can sign back in to reverse the request. After the grace period, we permanently purge your personal information through an automated, scheduled process.

Certain records may be retained beyond the 31-day window where required by law — for example, payment and invoice records retained for tax and accounting compliance under 26 U.S.C. §6001 and analogous state laws, or audit logs required for security and fraud-prevention purposes under SOC 2 controls. Where feasible, personally identifying fields in such records are anonymized.

De-identified or aggregated data may be retained indefinitely.

We implement reasonable safeguards including encryption and access controls.

However, no system can be guaranteed to be completely secure.

We use cookies for authentication, session management, and analytics.

You may disable cookies, though some functionality may be affected.

Data is processed in the United States and may be subject to different data protection laws than your jurisdiction.

We may update this Policy from time to time.

Continued use of the Service constitutes acceptance of updates.

Questions, privacy requests, or DSARs:

privacy@turfburn.ai · help@turfburn.ai

Mailing address:

TurfBurn, LLC
PO Box 170
6671 W Indiantown Rd STE 50
Jupiter
FL 33458