How we handle your data.

How Athlytix collects, uses, stores, and protects information across the Athlytix platform and related services.

Version 1.0Effective June 1, 2026Last reviewed June 2, 2026

Purpose

This Privacy Policy explains how Athlytix, LLC ("Athlytix," "we," "us," or "our") collects, uses, stores, processes, discloses, and protects information in connection with the Athlytix platform and related services.

Athlytix provides a cloud-based software platform for collegiate athletic recruiting, roster management, player evaluation, document processing, and related team workflows. Athlytix primarily provides services to institutional customers, including colleges, universities, athletic departments, and coaching staffs.

Where Athlytix processes data on behalf of an institutional customer, Athlytix acts as a service provider or processor for that customer. The institutional customer determines what data is submitted to Athlytix and is responsible for ensuring it has appropriate authority to provide such data to the Athlytix platform.

Scope

This Privacy Policy applies to information processed through:

The Athlytix web application.
The Athlytix mobile application, where/when available.
Athlytix recruiting, roster, player evaluation, and document-upload workflows.
Athlytix camera, photo upload, file upload, and mobile capture workflows.
Athlytix customer support and onboarding.
Athlytix AI-assisted document parsing, OCR, object detection, and data extraction workflows.
Communications with Athlytix by email, forms, or support channels.

This Privacy Policy does not apply to third-party websites, applications, or services that are not controlled by Athlytix.

Information We Collect

Athlytix may collect and process the following categories of information.

3.1 Institutional User Account Information

Athlytix may collect information about coaches, staff members, administrators, or other authorized institutional users, including:

Name.
Email address.
Role or title.
Institution/team affiliation.
Login credentials, including hashed passwords.
MFA enrollment status.
Authentication logs and security events.
Usage and support communications.

Athlytix does not store plaintext passwords.

3.2 Recruiting and Prospect Information

Institutional users may upload or enter recruiting and prospect information into the Athlytix platform, including:

First and last name.
Email address.
Phone number.
Graduation year or class year.
Club/team affiliation.
Position.
Height and weight.
Athletic statistics, performance information, ratings, notes, tags, and evaluations.
Video links or related recruiting materials.
Academic information such as GPA, test scores, or other information provided by institutional users.

Some recruiting or prospect information may relate to individuals under the age of 18. Athlytix does not independently solicit information directly from minors. Such information is submitted by institutional customers or their authorized users in connection with collegiate recruiting workflows.

3.3 Roster and Team Information

Athlytix may process roster and team information submitted by institutional users, including:

Player names.
Eligibility years.
Class year.
Scholarship or roster-related information.
NIL-related planning information, where applicable.
Team notes and evaluations.
Player status fields or other team-management information entered by institutional users.

Athlytix does not require institutional customers to submit medical records. If an institutional user enters health, injury, availability, or other sensitive player-status information into free-text fields or roster workflows, Athlytix processes that information only as part of providing the contracted services.

3.4 Uploaded Files, Images, Sheets, and Documents

Institutional users may upload or provide documents and files to Athlytix, including:

Prospect sheets.
Recruiting spreadsheets.
Player lists.
Roster files.
Uploaded images or PDFs.
Other recruiting or team-management documents.

These files may contain identifiable student, prospect, or player information. Athlytix does not sell recruiting, prospect, roster, player, uploaded file, institutional, or customer data. Athlytix also does not use this data for third-party advertising or unrelated marketing purposes.

3.5 AI, OCR, and Machine Learning Processing Data

Athlytix may use artificial intelligence, optical character recognition, object detection, computer vision, machine learning, or related processing methods to support features such as:

Parsing uploaded prospect sheets.
Extracting structured data from PDFs, images, spreadsheets, or other files.
Detecting and identifying player/recruit information from submitted materials.
Improving the accuracy and reliability of Athlytix-owned extraction, OCR, and detection systems.
Reducing manual data entry for authorized institutional users.

Athlytix may use customer-submitted files and data to develop, test, validate, train, tune, or improve Athlytix-owned OCR, object detection, data extraction, and machine learning systems used to provide and improve the Athlytix service across customers, unless restricted by a written agreement with the institutional customer.

Athlytix does not sell customer data. Athlytix does not use customer data for advertising. Athlytix does not use student or prospect data for unrelated profiling or marketing.

Where practical, Athlytix seeks to minimize the data used for model improvement, limit access to authorized personnel, and apply appropriate safeguards to training and testing workflows. Institutional customers may request additional restrictions on the use of their data for cross-customer model improvement through their written agreement with Athlytix.

3.6 Technical, Log, and Usage Information

Athlytix may collect technical information to operate, secure, monitor, and improve the platform, including:

IP address.
Device and browser information.
User agent.
Login and authentication events.
Application usage logs.
Error logs.
Security-relevant events.
Uptime and performance information.

Athlytix uses this information for security monitoring, troubleshooting, product reliability, analytics, support, and abuse prevention.

3.7 Billing and Payment Information

Athlytix does not currently collect, process, store, or transmit credit card information through the Athlytix application. Customer billing is currently handled outside the application through manual invoicing and third-party payment or banking providers such as Mercury and/or Stripe.

Athlytix does not store full credit card numbers or sensitive cardholder data in its application database.

Athlytix may evaluate a future payment integration, but that is not currently part of the assessed product scope. If implemented, Athlytix intends to use a third-party payment processor such as Stripe and avoid storing sensitive cardholder data directly within the Athlytix application.

How We Use Information

Athlytix uses information to:

Provide, operate, maintain, and secure the Athlytix platform.
Authenticate users and manage access.
Support recruiting, roster, player evaluation, and team workflows.
Process uploaded files and convert them into structured recruiting or roster data.
Provide AI-assisted OCR, detection, parsing, and extraction functionality.
Improve extraction accuracy, reliability, and product quality.
Provide customer support.
Monitor service availability and troubleshoot issues.
Detect, prevent, and respond to security incidents.
Maintain audit logs and operational records.
Comply with legal, contractual, and regulatory obligations.
Enforce agreements and protect the rights, safety, and security of Athlytix, customers, users, and affected individuals.

FERPA and Institutional Customer Data

Athlytix may process student education records or personally identifiable information from education records under the Family Educational Rights and Privacy Act ("FERPA") when providing services to institutional customers.

When Athlytix processes such information on behalf of an institution, Athlytix uses the information only to provide and improve the contracted services, subject to the applicable agreement with the institutional customer. Athlytix does not redisclose student education records except as permitted by the institutional customer agreement, required by law, or necessary for subprocessors to provide the contracted services under appropriate confidentiality and data-protection obligations.

Institutional customers are responsible for determining whether information submitted to Athlytix is subject to FERPA or other education privacy laws and for ensuring that appropriate permissions, notices, or contractual terms are in place.

Data Storage and Location

Athlytix primarily stores application data in managed cloud infrastructure hosted in the United States.

Athlytix currently uses DigitalOcean App Platform, DigitalOcean Managed PostgreSQL, and DigitalOcean Spaces for application hosting, database hosting, and file storage. During early customer trials and onboarding workflows, some customer files may also be received or temporarily stored through Google Workspace, Gmail, Google Drive, local development environments, or founder-managed devices. Athlytix is working to reduce reliance on manual email/file-transfer workflows and centralize customer file handling within the Athlytix application and approved cloud storage environment.

Local Development and Testing

Athlytix may use test data, synthetic data, or limited customer data in local development and testing workflows to validate CSV uploads, document parsing, data ingestion, and production-readiness of customer workflows.

Where customer data is used for testing, Athlytix limits access to the founder, uses secured devices, and uses such data only to support implementation, validation, troubleshooting, or service improvement. Athlytix is working to further limit use of identifiable customer data in local testing through improved staging environments, synthetic data, anonymized test data, and production-safe validation workflows.

Security

Athlytix maintains administrative, technical, and physical safeguards designed to protect information processed through the Athlytix platform. These safeguards include, as applicable:

HTTPS/TLS encryption in transit.
Managed database encryption at rest.
Password hashing using bcrypt.
MFA for administrative accounts.
Team-based multi-tenancy and role-based access controls.
Restricted administrative access.
Audit logging of authentication and security-relevant events.
Rate limiting and brute-force protection.
Secure handling of secrets and environment variables.
Security monitoring and error alerting.
Incident response procedures.
Vendor/subprocessor review.

No system can be guaranteed to be completely secure. Athlytix continues to improve its security controls as the platform and customer base mature.

Data Retention

Athlytix retains customer data for the duration of the customer relationship unless otherwise agreed in writing.

Upon termination of an institutional customer agreement, Athlytix will provide a reasonable export window for customer data upon request. After the applicable export window, Athlytix will delete customer data from active systems within the timeframe stated in the customer agreement or applicable policy. Backup copies may persist for a limited period according to normal backup rotation schedules and remain protected until deleted.

Data Export and Deletion

Institutional customers may request export or deletion of their data by contacting Athlytix. Athlytix will process such requests according to the applicable customer agreement, legal requirements, technical feasibility, and security obligations.

Athlytix is continuing to improve data export and deletion functionality to support institutional review, contract requirements, and customer offboarding.

Children and Minors

Athlytix supports collegiate recruiting workflows that may involve information about prospective student-athletes who are under the age of 18. Accordingly, Athlytix may process minor-related recruiting, prospect, roster, athletic, academic, contact, uploaded file, image, or evaluation information when that information is submitted by an institutional customer or its authorized users.

Athlytix is not a direct-to-child consumer service and is not intended for children under 13 to create accounts, submit information directly, or use the platform independently. Athlytix does not knowingly solicit personal information directly from children under 13.

Minor-related information processed by Athlytix is generally provided by colleges, universities, athletic departments, coaches, staff members, or other authorized institutional users in connection with collegiate recruiting and team-management workflows. Institutional customers are responsible for ensuring they have the appropriate rights, authority, notices, consents, or legal basis required to submit and process such information through Athlytix.

Athlytix uses minor-related recruiting and prospect information only to provide, secure, support, troubleshoot, and improve the Athlytix service, subject to Athlytix's agreements with institutional customers. Athlytix does not sell minor-related data and does not use such data for third-party advertising, behavioral advertising, data brokerage, or unrelated marketing purposes.

Data Sale and Advertising

Athlytix does not sell customer data, institutional data, student data, prospect data, recruit data, player data, roster data, uploaded files, or user account data.

Athlytix does not use customer data, student data, prospect data, recruit data, or player data for third-party advertising, behavioral advertising, data brokerage, or unrelated marketing purposes.

Athlytix may use customer-submitted data to provide, secure, support, troubleshoot, and improve the Athlytix service, including AI-assisted OCR, object detection, document parsing, and structured data extraction features, subject to Athlytix's agreements with institutional customers.

Third-Party AI Providers

Athlytix may use third-party AI, OCR, or machine learning providers to process uploaded materials and support extraction, detection, summarization, or data-structuring workflows.

Athlytix reviews such providers based on business purpose, data sensitivity, provider role, and available privacy/security terms. Athlytix does not authorize third-party AI providers to use institutional customer data for unrelated advertising or marketing purposes. Additional restrictions may be governed by the applicable institutional customer agreement.

Changes to this Privacy Policy

Athlytix may update this Privacy Policy from time to time to reflect changes in the platform, data practices, legal requirements, or security program. Material changes will be communicated to affected institutional customers where required by agreement or applicable law.

Contact

Questions about this Privacy Policy or Athlytix's data practices may be directed to:

Kyle Kolodziej

Founder & Sole Member

Athlytix, LLC

Email: [email protected]

Document Review

Athlytix will review this Privacy Policy at least annually and update it after material changes to the platform, data practices, AI/OCR workflows, legal requirements, or security program.