MyHomeStand

Privacy Policy

Last updated: March 29, 2026

1. Introduction

MyHomeStand (“we,” “us,” or “our”) operates the MyHomeStand platform (the “Service”), a web-based youth sports league management tool. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: name, email address, and password (hashed and salted; we never store plaintext passwords). If you sign in with Google, we receive your name, email, and profile picture from Google.
  • Club and team data: club names, season information, team names, age divisions, and event details (including location names and addresses).
  • Child/player profiles:player name, date of birth, jersey number, allergies or dietary restrictions, and emergency contact name and phone number. This information is provided by parents/guardians or authorized coaches and administrators—not directly by children.
  • Communications: messages sent through the platform (subject and body), and information included in invitation emails.
  • Payment information: fee names, amounts, and payment status. Actual credit card numbers and sensitive financial data are collected and processed exclusively by Stripe and are never stored on our servers.

2.2 Information Collected Automatically

  • Session cookies: We use a session cookie (named authjs.session-token or __Secure-authjs.session-token) to authenticate your session. This cookie contains a JSON Web Token (JWT) and is essential for the Service to function. We do not use advertising, analytics, or tracking cookies.
  • Server logs: Our hosting provider (Vercel) may automatically collect standard server log information such as IP address, browser type, referring URL, and timestamps. This data is used for operational purposes only (e.g., debugging and security monitoring).

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your account and sessions.
  • Facilitate club operations, including team management, scheduling, roster management, and communication between coaches, admins, and parents.
  • Process payments through Stripe on behalf of clubs.
  • Send transactional emails, including invitations, event reminders, snack duty reminders, payment receipts, and password reset links.
  • Provide emergency contact and allergy information to coaches and administrators for player safety purposes.
  • Enforce our Terms of Service, prevent fraud, and protect the security of the Service.

4. Children’s Privacy (COPPA Compliance)

MyHomeStand does not knowingly collect personal information directly from children under the age of 13. Our Service is designed to be used by adults (parents/guardians, coaches, and administrators). Information about minor players is provided exclusively by their parents/guardians or by authorized club personnel acting with parental consent.

The child-related information we store is limited to: player name, date of birth, jersey number, allergies/dietary restrictions, and emergency contact details. This data is collected solely for the purpose of managing youth sports team operations and player safety.

Parents and guardians may review, update, or request deletion of their child’s information at any time through the “My Family” section of the app or by contacting us at support@myhomestand.com. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.

5. Third-Party Services and Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the following third-party service providers, solely as necessary to operate the Service:

  • Stripe(stripe.com) — Payment processing. When you make a payment, your payment card information is collected and processed directly by Stripe. We receive only transaction metadata (amounts, status, session identifiers). Stripe’s privacy policy: stripe.com/privacy.
  • Google(google.com) — OAuth authentication (sign-in with Google). If you choose to sign in with Google, we receive your name, email, and profile image. Google Fonts are also used for typography. Google’s privacy policy: policies.google.com/privacy.
  • Resend(resend.com) — Transactional email delivery. Email addresses and email content are transmitted to Resend for sending invitations, reminders, receipts, and password reset emails. Resend’s privacy policy: resend.com/legal/privacy-policy.
  • Vercel(vercel.com) — Application hosting and deployment. Server logs (IP addresses, request metadata) may be collected by Vercel as part of standard hosting operations. Vercel’s privacy policy: vercel.com/legal/privacy-policy.
  • Neon(neon.tech) — Database hosting (PostgreSQL). All application data is stored in a Neon-hosted database. Neon’s privacy policy: neon.tech/privacy.

We may also disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Cookies and Tracking Technologies

We use only essential session cookies required for authentication. We do not use advertising cookies, analytics cookies, or any third-party tracking technologies. Our session cookie is a secure, HTTP-only JWT token that is deleted when you log out or when your session expires.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Club data (including player profiles, events, and payment records) is retained for as long as the club remains active on the platform.

Password reset tokens expire after 1 hour and are deleted automatically. Invitation tokens expire after 7 days.

If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:

  • Passwords are hashed using bcrypt before storage; we never store plaintext passwords.
  • All data is transmitted over HTTPS/TLS encryption.
  • Session tokens are signed JWTs with expiration.
  • Rate limiting is applied to authentication endpoints and sensitive operations to prevent brute-force attacks.
  • Security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) are enforced.
  • Access controls restrict data visibility based on user roles (admin, coach, parent).

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information. Parents can update child profiles directly through the app.
  • Deletion: Request that we delete your personal information, subject to legal retention requirements.
  • Portability: Request a copy of your data in a structured, commonly used format.
  • Objection: Object to the processing of your personal information in certain circumstances.

To exercise any of these rights, please contact us at support@myhomestand.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources, purposes, and third parties with whom we share it.
  • Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No sale of personal information: We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.

To submit a CCPA request, contact us at support@myhomestand.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@myhomestand.com