Rate My Baseball Club

Rate My Baseball Club

Privacy Policy

Last updated: 2025-11-08

This Privacy Policy explains how Rate My Baseball Club ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our platform.

info

Introduction

At Rate My Baseball Club, we are committed to protecting your privacy and ensuring the anonymity of our reviewers. We believe transparency builds trust, which is why we've created this comprehensive privacy policy.

Our Core Privacy Principles:

  • Reviewer Anonymity: We use SHA-256 cryptographic hashing to ensure reviewers cannot be identified by clubs
  • Data Minimization: We only collect data necessary for platform operation
  • Transparency: We clearly explain what data we collect and how we use it
  • User Control: You have rights to access, modify, and delete your data
  • Security First: We employ industry-standard security measures to protect your information
info

Information We Collect

A. Information You Provide Directly

  • Account Information: Email address (stored as SHA-256 hash for reviewer anonymity), display name (optional), profile photo (optional)
  • Review Content: Written reviews, ratings (1-5 stars across 11 categories), coach ratings (7 categories), photos/videos you upload
  • Club Information: If you claim a club - business name, address, contact details, verification documents
  • Payment Information: For premium subscriptions - processed securely through Stripe (we do not store credit card numbers)
  • Communications: Messages you send us, support tickets, feedback

B. Information Collected Automatically

  • Device Information: Browser type, device type, operating system, screen resolution
  • Usage Data: Pages visited, features used, time spent on platform, search queries
  • IP Address: Collected for spam prevention and security (deleted after 90 days)
  • Location Data: Approximate location from IP address (city/region level, not precise GPS)
  • Cookies & Similar Technologies: See "Cookies & Tracking" section below

C. Information from Third Parties

  • Analytics Providers: Aggregated usage statistics from Vercel Web Analytics and Google Analytics
  • Payment Processors: Transaction status from Stripe (not card details)
  • Fraud Prevention: Risk scores from security services to prevent spam and abuse
settings

How We Use Your Information

We use the information we collect for the following purposes:

  • Platform Operation: To provide and maintain the review platform, process your requests, enable account features
  • Review Verification: To verify you are a real person and prevent duplicate reviews (via email hash matching)
  • Fraud Prevention: To detect and prevent spam, fake reviews, review bombing, and other abuse
  • Content Moderation: To screen reviews for prohibited content (hate speech, threats, etc.) using AI-assisted moderation
  • Communications: To send magic link login emails, notifications about your account, responses to your reviews, platform updates
  • Analytics & Improvements: To understand how users interact with the platform and improve features
  • Payment Processing: To handle subscription payments and billing for premium features
  • Legal Compliance: To comply with legal obligations, respond to law enforcement requests, enforce our Terms of Service
  • Customer Support: To respond to your questions and provide technical assistance
shield

Anonymity Protection (Our Core Commitment)

Your identity as a reviewer is protected through industry-leading cryptographic technology.

How We Ensure Anonymity:

  • SHA-256 Hashing: Your email address is converted to a cryptographic hash using the SHA-256 algorithm. This is a one-way function - we can verify it's you, but cannot reverse it to reveal your email
  • No Email Storage: We NEVER store your plaintext email address in our reviews database
  • No IP Exposure: IP addresses used for spam detection are never exposed to clubs or other users
  • No Identifying Metadata: Reviews contain no author name, email, or other personally identifiable information
  • Clubs Cannot Identify You: Even club administrators cannot determine who wrote a review

Important Note: While we protect your identity, please avoid including identifying information in your review text (e.g., "I'm John Smith's parent"). Once published, review content is public.

settings

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and understand platform usage.

Types of Cookies We Use:

1. Essential Cookies (Required)

These cookies are necessary for the website to function. They enable core features like authentication, session management, and security.

  • Session cookies for login state
  • CSRF protection tokens
  • Security cookies

2. Functional Cookies (Optional)

These cookies remember your preferences and choices.

  • Language preferences
  • Display settings
  • Recently viewed clubs

3. Analytics Cookies (Optional)

These cookies help us understand how users interact with the platform.

  • Vercel Web Analytics (privacy-friendly, no cookies, GDPR compliant)
  • Google Analytics (anonymized IP)
  • Page view tracking
  • Feature usage statistics
  • Web Vitals performance metrics

Managing Cookie Preferences

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies (not recommended)
  • Delete cookies when closing browser
groups

Third-Party Services

We use trusted third-party services to provide platform functionality. Each service has its own privacy policy.

Vercel (Hosting & Infrastructure)

Hosts our website and processes user requests.

Privacy Policy: vercel.com/legal/privacy-policy

Vercel Web Analytics (Usage Analytics)

Privacy-friendly analytics that tracks page views, user sessions, and Web Vitals performance metrics. No cookies, GDPR compliant, and collects no personal data.

Privacy Policy: vercel.com/legal/privacy-policy

AWS S3 (File Storage)

Stores uploaded photos, videos, and verification documents securely.

Privacy Policy: aws.amazon.com/privacy

Mailgun (Email Delivery)

Sends magic link authentication emails and platform notifications.

Privacy Policy: mailgun.com/privacy-policy

Stripe (Payment Processing)

Processes premium subscription payments. We do not store credit card numbers.

Privacy Policy: stripe.com/privacy

OpenAI (Content Moderation)

Assists with AI-powered content screening to detect prohibited content.

Privacy Policy: openai.com/privacy

Upstash Redis (Caching & Rate Limiting)

Provides fast caching and API rate limiting to prevent abuse.

Privacy Policy: upstash.com/privacy

Mapbox (Map Visualization)

Powers the interactive club map view feature.

Privacy Policy: mapbox.com/legal/privacy

send

Data Sharing & Disclosure

We do NOT sell your personal information to third parties.

We may share information in these limited circumstances:

  • With Service Providers: Third-party vendors who help operate the platform (hosting, email, payment processing) under strict confidentiality agreements
  • Public Review Content: Published reviews are public information visible to all users and search engines
  • Legal Compliance: When required by law, court order, subpoena, or government request
  • Safety & Security: To prevent fraud, protect our rights, investigate violations of our Terms of Service
  • Business Transfers: If we are acquired or merged, your information may be transferred to the new entity (you will be notified)
  • With Your Consent: Any other sharing will only occur with your explicit permission

Important Reminder:

Even though we protect your identity through hashing, any content you post in reviews is public. Do not include sensitive personal information in your review text.

balance

Your Privacy Rights (GDPR & Beyond)

Depending on your location, you may have specific privacy rights under laws like GDPR (Europe), CCPA (California), and other data protection regulations.

You have the right to:

  • check_circle
    Access Your Data: Request a copy of all personal information we hold about you
  • check_circle
    Rectification: Correct inaccurate or incomplete information
  • check_circle
    Deletion ("Right to be Forgotten"): Request deletion of your account and associated data (note: published reviews may be retained for platform integrity)
  • check_circle
    Data Portability: Receive your data in a machine-readable format to transfer to another service
  • check_circle
    Object to Processing: Object to processing of your data for specific purposes (e.g., marketing)
  • check_circle
    Restrict Processing: Request we limit how we use your data
  • check_circle
    Withdraw Consent: Withdraw consent for data processing (where consent is the legal basis)
  • check_circle
    Lodge a Complaint: File a complaint with your local data protection authority

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@ratemybaseballclub.com

Subject Line: "Privacy Rights Request - [Your Request Type]"

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

schedule

Data Retention Periods

We retain different types of data for varying periods based on legal requirements and business needs:

Review Content & Ratings

Retention: Indefinitely (for platform integrity and historical record)

Reviews remain published unless they violate our guidelines or you request deletion. Even after account deletion, reviews may be retained anonymously.

Email Hashes (Review Verification)

Retention: 7 years

Used to prevent duplicate reviews and verify authorship for potential legal disputes.

IP Addresses

Retention: 90 days

Automatically deleted after 90 days. Used only for spam detection and fraud prevention.

Account Information

Retention: Until account deletion

When you delete your account, we remove your email, display name, and profile information within 30 days.

Payment Records

Retention: 7 years

Required for tax compliance and financial record-keeping.

Backups & Archives

Retention: Up to 90 days

Data in backups is retained for disaster recovery but is not actively accessible.

lock

Data Security Measures

We implement industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, and destruction.

Our Security Measures Include:

  • lock
    Encryption in Transit: All data transmitted between your browser and our servers uses TLS/SSL encryption (HTTPS)
  • lock
    Encryption at Rest: Sensitive data in our database is encrypted using AES-256
  • lock
    Cryptographic Hashing: Email addresses are hashed using SHA-256 for reviewer anonymity
  • shield
    Secure Authentication: Magic link authentication with secure token generation
  • shield
    Access Controls: Role-based access control (RBAC) limits employee access to user data
  • warning
    Regular Security Audits: Periodic security assessments and penetration testing
  • settings
    Automated Backups: Daily encrypted backups stored in secure, geographically distributed locations
  • monitoring
    Monitoring & Alerts: 24/7 system monitoring with automated threat detection

Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will notify you via email within 72 hours of discovery, as required by GDPR and other applicable laws. We will provide details about the breach, affected data, and steps we're taking to address it.

Important: While we employ robust security measures, no system is 100% secure. Please use strong passwords and keep your login credentials confidential.

groups

Children's Privacy (COPPA Compliance)

Our platform is intended for users 13 years of age and older.

We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@ratemybaseballclub.com. We will delete the information promptly.

For Parents:

While our platform reviews youth baseball clubs, the platform itself is designed for parents, guardians, coaches, and administrators - not for children. We recommend parents:

  • Monitor your child's internet usage
  • Do not allow children under 13 to create accounts or submit reviews
  • Contact us if you have concerns about your child's data
groups

International Data Transfers

Rate My Baseball Club is based in the United States. If you access our platform from outside the U.S., your data may be transferred to, stored, and processed in the United States and other countries.

For EU/EEA Users (GDPR):

Data transfers to the U.S. are conducted under appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the EU
  • Adequacy decisions where applicable
  • Compliance with GDPR requirements for international transfers

By using our platform, you consent to the transfer of your data to the United States. You retain all rights under GDPR regardless of where your data is processed.

For Users in Other Countries:

We respect data protection laws in all jurisdictions. If you have specific concerns about international data transfers, please contact us at privacy@ratemybaseballclub.com.

location_on

California Residents (CCPA Rights)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your California Privacy Rights:

  • info
    Right to Know: You can request details about the personal information we collect, use, disclose, and sell (we do not sell personal information)
  • delete
    Right to Delete: You can request deletion of your personal information (subject to certain exceptions)
  • cancel
    Right to Opt-Out: You can opt out of the sale of personal information (note: we do not sell personal information)
  • send
    Right to Correct: You can request correction of inaccurate personal information
  • lock
    Right to Limit: You can limit the use of sensitive personal information
  • balance
    Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information We Collect (CCPA Disclosure):

  • Identifiers (email hash, IP address, device identifiers)
  • Internet/network activity (browsing history, searches)
  • Geolocation data (city/region from IP)
  • Professional information (if you're a coach)
  • User-generated content (reviews, ratings)
  • Payment information (via Stripe, not stored by us)

We Do NOT Sell Personal Information

Rate My Baseball Club has not sold personal information in the past 12 months and does not sell personal information.

To Exercise Your CCPA Rights:

Email us at privacy@ratemybaseballclub.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

notifications

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Post the revised policy on this page and make it accessible via our website footer
  • For material changes affecting your rights, we will notify you via:
    • Email to your registered address (at least 30 days before changes take effect)
    • Prominent notice on our website or platform dashboard

Your continued use of the platform after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the changes, please discontinue use and delete your account.

Tip: We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

email

Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mailing Address:

Rate My Baseball Club
Privacy Department
[Your Business Address]
San Diego, CA [ZIP Code]

Response Time: We strive to respond to all privacy inquiries within 30 days (or as required by applicable law).

For EU/EEA residents: If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy was last updated on 2025-11-08

Thank you for trusting Rate My Baseball Club with your information. We are committed to protecting your privacy and ensuring transparency in how we handle your data.