Privacy Policy

Last updated: March 2026

1. Introduction

KickDeck ("we," "us," or "our"), operating at kickdeck.io, is committed to protecting the privacy and security of your personal information. This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have regarding your data.

This policy applies to all users of the KickDeck platform, including tournament organizers, team managers, coaches, players, and parents or guardians who interact with the Service. By accessing or using KickDeck, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

We collect information in the following categories:

2.1 Account Information

When you create a KickDeck account, we collect personal information necessary to provide the Service, including:

  • Full name
  • Email address
  • Phone number
  • Organization or club name (if applicable)
  • Role (e.g., tournament organizer, coach, team manager)
  • Account credentials (passwords are stored in hashed form and never in plain text)

2.2 Tournament and Team Data

To provide our tournament management features, we collect and process data related to:

  • Team names, rosters, and player information
  • Player ages, jersey numbers, and positions
  • Coach and manager contact details
  • Match schedules, scores, and standings
  • Tournament configurations and rules

2.3 Payment Information

Payment processing is handled entirely by our third-party payment processor, Stripe, Inc. KickDeck does not store full credit card numbers, CVV codes, or complete bank account details on its servers. We may receive and store:

  • Partial card information (e.g., last four digits, card brand, and expiration date) for display purposes
  • Billing address associated with the payment method
  • Transaction history, amounts, and status
  • Stripe customer and payment identifiers for managing recurring billing

2.4 Usage Data

We automatically collect certain technical and usage information when you interact with the Service, including:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Device type and screen resolution
  • Pages visited, features used, and time spent on the platform
  • Referring URLs and exit pages
  • Error logs and performance data used for debugging and improving the Service

2.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze how the Service is used. See Section 9 for detailed information about our use of cookies.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To create and manage your account, facilitate tournament creation and management, process team registrations, generate schedules, track scores and standings, and deliver the core functionality of the platform
  • Processing payments: To process registration fees, subscription payments, and other financial transactions through Stripe, and to maintain accurate billing and transaction records
  • Communications: To send you transactional notifications (e.g., registration confirmations, payment receipts, schedule updates), service announcements, and, with your consent, promotional communications about new features or offerings
  • Improving the platform: To analyze usage patterns, identify areas for improvement, conduct research and development, and enhance the features, functionality, and user experience of the Service
  • Security and fraud prevention: To detect, prevent, and address fraud, unauthorized access, security breaches, and other potentially harmful or illegal activities
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance

4. Information Sharing

KickDeck does not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

  • Stripe, Inc.: Payment data is shared with Stripe for processing financial transactions. Stripe acts as an independent data controller for payment information it processes. Please refer to Stripe's Privacy Policy for details on how they handle your data.
  • Email service providers: We use third-party email services (such as SendGrid) to deliver transactional and communication emails. These providers receive only the information necessary to deliver messages (e.g., email addresses and message content).
  • Hosting and infrastructure providers: Your data is stored and processed using third-party cloud hosting services that maintain industry-standard security and compliance certifications.
  • Analytics providers: We may share anonymized or aggregated usage data with analytics providers to help us understand how the Service is used and to improve our offerings.
  • Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of KickDeck, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of such a transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active accounts: Account information and associated data are retained for as long as your account remains active and in good standing.
  • Transaction records: Financial transaction records and payment history are retained for a minimum of seven (7) years from the date of the transaction to comply with tax, accounting, and legal obligations.
  • Closed accounts: Following account closure or termination, your personal data will be deleted or anonymized within ninety (90) days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms & Conditions).
  • Backups: Residual copies of data may exist in encrypted backup systems for a limited period and will be purged in accordance with our standard backup rotation schedule.

6. Data Security

KickDeck takes the security of your personal information seriously. We implement a combination of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS/SSL).
  • Encryption at rest: Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms.
  • Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis and is protected by multi-factor authentication.
  • Regular assessments: We conduct regular security assessments, vulnerability scans, and code reviews to identify and address potential security risks.
  • PCI compliance: All payment card data is handled exclusively by Stripe, which is a PCI DSS Level 1 certified service provider. KickDeck does not process, store, or transmit cardholder data directly.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents. If we become aware of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable law.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you are entitled to certain rights under the General Data Protection Regulation (GDPR) and related data protection laws. These rights include:

  • Right of access: You have the right to request a copy of the personal data we hold about you and to receive information about how it is processed.
  • Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to erasure ("right to be forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g., where we are required to retain data for legal or regulatory compliance).
  • Right to restrict processing: You have the right to request that we limit the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
  • Right to object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing and processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

To exercise any of these rights, please contact us at info@kickdeck.io. We will respond to your request within thirty (30) days of receipt. In certain circumstances, we may need to verify your identity before processing your request. If we are unable to fulfill your request, we will provide an explanation.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe that your data protection rights have been violated.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights regarding your personal information:

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to delete: You have the right to request the deletion of personal information we have collected from you, subject to certain legal exceptions.
  • Right to correct: You have the right to request correction of inaccurate personal information.
  • Right to opt-out of sale or sharing: KickDeck does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes. Therefore, there is no need to opt out. If this practice ever changes, we will provide a clear opt-out mechanism.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access to features as a result of exercising your privacy rights.

To submit a CCPA request, please contact us at info@kickdeck.io. We will verify your identity before processing your request and respond within forty-five (45) days, as required by law.

In the preceding twelve (12) months, KickDeck has collected the following categories of personal information: identifiers (name, email, phone), commercial information (transaction records), internet or network activity (usage data and logs), and geolocation data (approximate location from IP address).

9. Cookies & Tracking

KickDeck uses cookies and similar technologies to enhance your experience on the platform. Cookies are small text files placed on your device that help us recognize you and remember your preferences.

9.1 Essential Cookies

These cookies are strictly necessary for the operation of the Service. They enable core functionality such as user authentication, session management, and security features. Essential cookies cannot be disabled, as the Service would not function properly without them.

9.2 Analytics Cookies

We use analytics cookies to collect aggregated, anonymized information about how visitors use the Service. This data helps us understand usage patterns, identify popular features, and improve the platform. Analytics cookies are optional and can be declined through your browser settings or our cookie consent mechanism without affecting the core functionality of the Service.

9.3 Third-Party Advertising Cookies

KickDeck does not use third-party advertising cookies. We do not serve advertisements on the platform and do not allow third-party advertisers to track your activity through our Service.

9.4 Managing Cookies

Most web browsers allow you to manage your cookie preferences through browser settings. You can typically choose to block or delete cookies; however, blocking essential cookies may impair the functionality of the Service. For more information about managing cookies, consult your browser's help documentation.

10. Children's Privacy

KickDeck is not directed at children under the age of thirteen (13), and we do not knowingly collect personal information directly from children under 13. Account creation requires users to be at least eighteen (18) years of age.

We recognize that soccer tournaments frequently involve minor participants. When player data for minors is collected through the Service, it is submitted by tournament organizers, coaches, or team managers who act on behalf of and with the authorization of the player's parent or legal guardian. Tournament organizers are responsible for obtaining all necessary parental or guardian consent before submitting personal information of minor players to the platform.

If we become aware that we have inadvertently collected personal information directly from a child under 13 without verified parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child under 13, please contact us immediately at info@kickdeck.io.

11. International Data Transfers

KickDeck is based in the United States, and your personal data may be processed and stored in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

If you are located outside the United States, including in the European Economic Area, the United Kingdom, or Switzerland, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with our service providers, and other legally recognized transfer mechanisms to ensure that your personal data receives an adequate level of protection wherever it is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that significantly affect how we collect, use, or share your personal information, we will make reasonable efforts to notify you in advance through one or more of the following methods:

  • Sending an email notification to the address associated with your account
  • Displaying a prominent notice within the Service
  • Posting the updated policy on our website with a summary of changes

Your continued use of the Service after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

KickDeck
Email: info@kickdeck.io
Website: kickdeck.io

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.

We aim to respond to all privacy-related inquiries within thirty (30) days of receipt.

This document is provided for informational purposes and should be reviewed by qualified legal counsel before being relied upon as a binding privacy policy.