Sportfolio
LegalLast updated June 1, 2026

Privacy Policy

Plain-English summary

We collect only what we need to run your account and process your deals. We never sell your data. We encrypt everything in flight and at rest. You can export or delete your data at any time from Settings → Security.

What we collect

Account data

  • Name, email, phone, password (hashed), date of birth
  • Profile information you publish (sport, school, bio, links)
  • Verification data: government ID + liveness selfie (encrypted, deleted after match)
  • Payment instruments and tax forms (held by Stripe; never on Sportfolio servers in plaintext)

Usage data

  • Pages viewed, features used, session duration
  • Device, browser, OS, IP address (truncated for analytics)
  • Cookies and similar technologies (see Cookies Policy)

How we use it

To operate your account, match you with deals, process payments, enforce compliance, improve the product, send transactional notifications, and meet legal obligations (tax, anti-fraud, audit).

We use aggregated, anonymized data for internal analytics and benchmarking. We never re-identify it.

When we share

  • Service providers (Stripe, Persona, ID.me, AWS, Cloudflare) — only the minimum needed to perform their function
  • Counterparty in a deal — when you accept an offer, the brand sees what's needed to execute the deal
  • Schools & compliance authorities — when required for NIL filing
  • Legal & safety — to comply with court orders, prevent fraud, protect users

We never sell your personal data.

Your rights

Regardless of where you live, you can:

  • Access the data we hold about you
  • Correct or delete that data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time

EU/UK residents: GDPR. California residents: CCPA/CPRA. Use the Data Request page or email privacy@sportfolio.app.

Data retention

Account data is kept as long as your account is active. After deletion, we retain only what's required by law (typically 7 years for tax records) and anonymized analytics. Verification documents are deleted within 30 days of a successful match.

Security

TLS 1.3 in transit, AES-256 at rest, SOC 2 Type II audited annually, vulnerability disclosure program at security@sportfolio.app. Two-factor authentication recommended for all accounts; required for Enterprise.

International transfers

We are headquartered in the US and process data here. For EU/UK users we rely on Standard Contractual Clauses and equivalent safeguards.

Contact

Privacy questions: privacy@sportfolio.app. Our Data Protection Officer responds within 30 days.