Who We Are and Scope of This Policy

This Privacy Policy explains how CGMax FFTP — Flag Football Tracker Pro ("FFTP," "we," "our," or "us"), operated by ITCC LLC, handles information in connection with your use of the FFTP web application (the "App") accessible at our website.

By using the App, you acknowledge you have read and understood this Privacy Policy. If you do not agree, please do not use the App.

Information We Collect — and What We Do Not Collect

FFTP is designed with a minimal data footprint. Here is exactly what happens with information when you use the App:

What is stored locally on your device (not transmitted to us):

• Team name and coach name you enter during setup
• Player roster: first names and last initials only (e.g., "Jaxon B.") — never full last names
• Jersey numbers
• Game scores, per-player statistics, and rotation play counts
• Season history, MVP records, and quarter-by-quarter data
• Your access code validation token (a hashed indicator that a valid code was entered — the code itself is not stored in a recoverable form)
• Your selected team colors and app preferences
• Multiple team profiles (team names and roster associations for coaches managing more than one team)
• Per-game attendance records (which players were present or absent for each game)
• In-game auto-save state (localStorage key: ff_live_game_v1): To prevent data loss when you switch apps or your screen turns off during a live game, the App automatically saves a snapshot of the active game state to localStorage. This snapshot is deleted when the game ends normally (saved to Season History) or when you start a new game. It is retained for up to 24 hours and is used solely to offer a "resume game" prompt on next app open.
• Pro tier status (localStorage keys: ff_pro_v1, ff_license_key): If you have activated a valid Pro license key, the App stores a flag locally indicating your Pro tier is active, along with your license key for re-validation purposes. License key validation is performed by transmitting your key to ITCC LLC's secure backend (hosted on Vercel) where it is checked against your subscription record in our license database (hosted on Supabase). See Section 5 for details on these third-party processors.

Optional: Live Sync & Parent View data transmitted to ITCC LLC's backend (Pro tier only, only when you activate this feature):

• Live game scores and per-player statistics (the same data visible to you in-app)
• Team name, opponent name, and game date
• Player roster names (first name + last initial format only)
• Team colors and quarter configuration
• A 6-character session game code used to route parent view requests

This data is transmitted to ITCC LLC's secure backend (Vercel serverless functions) and stored in our Supabase-hosted database. Each live session record expires automatically after 12 hours and is deleted from the database. Your Pro license key is used to authorize write access to the Live Sync endpoint — no other personal data is transmitted beyond what is listed above.

What we do NOT collect:

• Full names, addresses, email addresses, or phone numbers of players
• Photos or biometric data of any kind
• Payment card numbers or full payment details — all payments are processed directly by Stripe, Inc. ITCC LLC never receives or stores your card data
• Precise geolocation data
• Device identifiers, advertising IDs, or behavioral tracking data
• Any data from players who are minors — the App is designed so no minor's personal information is ever entered or transmitted
• Audio recordings — voice commands are processed entirely by your device's on-device speech recognition engine (the browser's Speech Recognition API). The App receives only text transcriptions of recognized commands; no audio stream is captured or transmitted by ITCC LLC.

Web server access logs: Like all websites, our web host may automatically log basic access information such as your IP address, browser type, operating system, and pages visited for security and operational purposes. This data is controlled by our web hosting provider under their own privacy policy and is not linked to your coaching data.

Children's Privacy (COPPA Compliance)

We take the privacy of minors extremely seriously. FFTP is a coaching tool for adults — it is designed to be used exclusively by coaches and adult team staff, not by players or children.

• The App requires an access code distributed directly to authorized coaches. It is not publicly accessible to minors.
• The App is designed to capture only first name and last initial of players (e.g., "Marcus T.") — never full last names or any other identifying information.
• No player photos, biometrics, or contact information are collected at any point.
• We do not knowingly collect personal information from children under 13 in any form.
• Coaches using this App confirm by use that they have obtained appropriate parental or guardian consent as required by applicable law for any coaching activities involving minors.

If you believe a child has submitted personal information through the App in any way, please contact us immediately at cgomez@itcc.llc and we will take appropriate action.

How We Use Information

Because FFTP operates locally on your device, we do not "use" your coaching data — we never receive it. The limited purposes for which information is processed are:

• App functionality: localStorage enables the App to save your roster, stats, preferences, team profiles, and attendance records between sessions. This processing occurs entirely on your device.
• Access control (Lite tier): Your app access code is validated locally on your device. No code data is transmitted to our servers.
• Pro license validation: When you enter or re-validate a Pro license key, the key is transmitted via HTTPS to ITCC LLC's validation endpoint (hosted on Vercel) and checked against our license database (hosted on Supabase). The response indicates whether your subscription is active. No other personal data is transmitted during this check beyond the license key itself.
• Pro subscription payments: When you purchase a Pro subscription, payment is handled entirely by Stripe, Inc. Stripe transmits a webhook event to our backend confirming a successful payment. We use this event to generate your license key and email it to your billing address via Resend. We store your email address, license key, Stripe customer ID, and subscription status in our Supabase license database solely to manage your subscription.
• Live Sync & Parent View (optional, Pro tier): When you tap "Go Live Now," live game data is transmitted to ITCC LLC's Vercel/Supabase backend and associated with a temporary 6-character session code. This data is made available in read-only form to anyone who opens the parent view link. The session record expires and is deleted after 12 hours. This transmission only occurs while you are actively hosting a session.
• Security and operations: Web server access logs (IP address, browser type, referrer) are used to protect against abuse, diagnose technical issues, and maintain availability.
• Voice command audio feedback (Pro): When you use Voice Stat Logging, the App plays synthesized audio tones (a chime on success, a buzz on failure) using the browser's built-in Web Audio API. This sound synthesis is entirely local to your device — no audio is recorded, captured, transmitted, or stored by the App or by ITCC LLC at any point. The Web Audio API generates tones mathematically; it does not access your microphone for this purpose.
• Communications: If you contact us at cgomez@itcc.llc, we will use your email address solely to respond to your inquiry.

Data Sharing and Disclosure

We do not sell, rent, or trade any personal information. We do not share your coaching data with advertisers, data brokers, or analytics platforms.

We may disclose information in the following limited circumstances:

• Web hosting (GitHub Pages): The App's static files are hosted on GitHub Pages. GitHub may log basic access information. See GitHub's Privacy Statement.
• Stripe, Inc. (payment processing): Pro subscriptions are processed by Stripe. When you purchase a subscription, Stripe collects your payment details and billing email. Stripe shares with us only your email address, subscription status, and customer ID — never your full card details. Stripe's use of your data is governed by Stripe's Privacy Policy.
• Supabase (license database & Live Sync storage): We store your email address, license key, Stripe customer ID, subscription plan, and subscription status in a Supabase-hosted PostgreSQL database. This data is used solely to manage and validate your Pro subscription. Additionally, when you use the Live Sync feature, temporary live game data (scores, player stats, team name) is stored in a separate Supabase table under a session code and expires automatically after 12 hours. Supabase's data processing is governed by Supabase's Privacy Policy.
• Vercel (serverless backend): Our license validation and webhook processing functions are hosted on Vercel. License key validation requests and Stripe webhook events are processed through Vercel's infrastructure. See Vercel's Privacy Policy.
• Resend (transactional email): When you purchase a Pro subscription, your license key delivery email is sent via Resend. Resend processes your email address and email content for delivery purposes only. See Resend's Privacy Policy.
• Legal requirements: We may disclose information if required to do so by law, court order, or government regulation, or to protect the rights, safety, or property of ITCC LLC or others.
• Business transitions: In the event of a merger, acquisition, or sale of ITCC LLC or its assets, any data we hold may be transferred as part of that transaction. We will notify affected users if this occurs.

Data Storage, Retention, and Deletion

All coaching data is stored in your browser's localStorage on your own device. ITCC LLC does not have access to this data and cannot retrieve it.

How to delete your data:

• In any browser: go to Settings → Privacy → Clear Browsing Data → Clear Site Data / Local Storage
• On iOS Safari: Settings → Safari → Clear History and Website Data
• On Chrome/Android: Settings → Site Settings → Storage → Find the App → Clear Data
• Uninstalling the App from your home screen will remove the installed cache but may not delete localStorage — follow the steps above to ensure full deletion

Web server access logs are retained according to our hosting provider's standard retention schedules (typically 30–90 days) and are then automatically deleted.

Security

We implement reasonable technical and organizational measures to protect the App and its infrastructure, including HTTPS encryption for all data in transit between your browser and our web server. However, because all coaching data is stored locally on your device, the security of that data also depends on the security of your device and browser.

We recommend:

• Using a device passcode or biometric lock
• Not sharing your access code with unauthorized individuals
• Keeping your browser and operating system updated

No system can guarantee absolute security. If you become aware of a security issue affecting the App, please notify us at cgomez@itcc.llc.

California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) may afford you certain rights regarding your personal information. In the context of FFTP:

• Right to Know: We collect only minimal server log data as described in Section 2. No coaching data is collected by us.
• Right to Delete: You may request deletion of any server log data we hold associated with your IP address by contacting us.
• Right to Opt Out of Sale: We do not sell personal information. There is nothing to opt out of.
• Non-Discrimination: You will not receive different service or pricing for exercising any CCPA/CPRA rights.

To exercise any California privacy rights, contact us at cgomez@itcc.llc.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time as the App evolves. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes, we will make reasonable efforts to notify active users (for example, by displaying a notice within the App on next access).

Continued use of the App after any changes to this Privacy Policy constitutes acceptance of the updated Policy.

Contact Us