Privacy Policy

Striiver (“Company,” “we,” “us,” or “our”) is a sports performance management platform operated by Striiver Labs LLC, a North Carolina limited liability company.

The Striiver platform is designed for authorized coaches, athletic directors, athletic trainers, and authorized school personnel (collectively, “Authorized Users”) to manage athlete performance data, compliance, workouts, and team operations on behalf of a school, school district, or athletic organization.

Contact us at: team@striiver.io

Account Information

When an account request is submitted and approved, we collect: name, email address, password (stored encrypted using industry-standard hashing), role (coach, athletic director, etc.), school or organization affiliation, and selected subscription plan.

Athlete Data

Authorized Users enter athlete information into the Service in their capacity as authorized representatives of a school or athletic organization. Athlete information may include: first and last name, grade level / year, position, jersey number, height and weight (where entered by the school), strength testing results, athletic performance test data, game statistics, and attendance records.

Athlete data is entered exclusively by adult Authorized Users. Athletes do not have accounts on the Service and do not interact with the Service directly.

Striiver does NOT collect or store: student photographs or video, social security numbers, government identifiers, home addresses, parent or guardian contact information, academic grades or transcripts, medical or health records, disciplinary records, or family financial information.

Usage Data

We automatically collect information about how Authorized Users interact with the platform, including pages visited, features used, actions taken, and basic device and browser metadata, to improve the Service and to monitor security.

Payment Information

Where customers pay via invoice and ACH, payment data is processed through Mercury, our business banking provider. Where customers pay via credit card, payment is processed through Stripe, our third-party payment processor. Striiver does not store full credit card numbers; we receive only a tokenized reference and basic billing details from Stripe.

Communications

If you contact us, we may retain records of that communication for support and quality purposes.

We use the information we collect to:

• Provide, operate, and maintain the Striiver platform and its features.
• Generate analytics, insights, and reports for authorized coaches and staff of the contracting school.
• Power AI-driven features (“Scout AI”) that surface coaching insights from data the school has entered.
• Process payments and manage subscriptions.
• Send transactional emails (account approval, billing, password reset, post-game summaries, etc.).
• Improve and develop new features based on usage patterns.
• Respond to support requests and communications.
• Ensure security, prevent fraud, and detect unauthorized use.
• Comply with legal obligations.

We do not:

• Sell athlete data or Authorized User personal data to third parties.
• Use athlete data for advertising or targeted marketing.
• Build commercial profiles of student-athletes outside the educational context.
• Allow third-party advertising on the platform.

Use of Aggregated and De-Identified Data

Striiver may use aggregated or de-identified data — meaning data from which all personally identifiable information has been removed and that cannot reasonably be re-identified — for legitimate business purposes including: improving the Service, developing new features, generating benchmark or anonymized league-wide insights, supporting research and analytics, and reporting to partners. Aggregated and de-identified data is not athlete personal data and is not subject to the restrictions in the preceding paragraphs.

Striiver operates as a data processor on behalf of schools, districts, and athletic organizations, who act as the data controllers for athlete information entered into the platform.

When operating under a contract with a school or school district, Striiver also accepts designation as a “school official” with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g and 34 CFR Part 99). As a school official, Striiver: (a) performs services that the school would otherwise need to perform itself; (b) operates under the direct control of the school regarding student data; (c) uses student information only for the educational purposes authorized by the school; and (d) is subject to the same restrictions on the further disclosure of personally identifiable information from education records as the school under FERPA.

Coaches and athletic directors using the Service are solely responsible for:

• Obtaining all necessary consents from student-athletes and their parents or guardians prior to entering any athlete data into Striiver.
• Complying with applicable laws, including FERPA, COPPA (for any athlete under 13), and applicable state student data privacy laws.
• Ensuring their use of Striiver complies with school district policies and applicable regulations.
• Notifying athletes and parents about the use of performance tracking software as part of their athletic program, where required.

Athlete and Authorized User data is stored on secure cloud infrastructure operated by third-party sub-processors that maintain industry-standard security practices, including encryption at rest and encryption in transit. See Section 6 for the full sub-processor list.

We implement reasonable technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, role-based permissions, and security monitoring. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

Data is stored on servers located in the United States. We will not transfer Authorized User or athlete data outside the United States without prior notice.

Available on Request: Schools, districts, and contracting customers may request additional security documentation, where available, by writing to team@striiver.io.

We do not sell, trade, or rent your personal information or athlete data to third parties. Athlete and Authorized User data is processed only by Striiver Labs LLC and the third-party service providers (“sub-processors”) listed below, each of which is contractually bound to protect the data and to use it solely to provide services to Striiver.

Current sub-processors:

• Supabase — Database hosting, including primary athlete and Authorized User data storage.
• Vercel — Frontend application hosting.
• Render — Backend application hosting and operations.
• Anthropic — AI processing for the Scout AI feature. Athlete data is transmitted to Anthropic’s commercial API for analysis. Per Anthropic’s commercial terms, data submitted via the API is not used to train Anthropic’s AI models. Data sent to Anthropic is subject to Anthropic’s data retention policies.
• Redis — Caching and real-time messaging infrastructure.
• Stripe — Credit-card payment processing for customers who pay by card. No athlete data is shared with Stripe.
• Mercury — Business banking, including processing of invoice-based payments via ACH. No athlete data is shared with Mercury.
• Resend — Transactional email delivery (account, billing, password reset, post-game summaries).
• Cloudinary — Media hosting for non-athlete-identifying assets (e.g., team logos). Cloudinary is not used to store athlete photographs or video.
• Sentry — Error and performance monitoring. Configured to suppress personally identifiable information.

Sub-Processor Changes: When we add or change a sub-processor that handles personal data, we will update this Privacy Policy and provide at least 14 days’ notice via email to active customers and by posting an updated version of this Privacy Policy with a revised “Last Updated” date. For customers under a separate Data Processing Agreement (DPA), the notification process specified in the DPA governs.

We may share data only in the following additional limited circumstances:

• Legal Requirements: If required by law, court order, or governmental authority.
• Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction with prior notice.
• Aggregated / De-Identified Data: We may share aggregated or de-identified data with partners or for research, benchmarks, and analytics as described in Section 3.

Authorized Users may generate shareable links for athlete performance reports and for live or post-game pages. These links are accessible to anyone with the link URL. The Authorized User is responsible for managing who they share these links with, for using appropriate caution when sharing links involving minors, and for revoking access when appropriate. Striiver is not responsible for unauthorized sharing of links by Authorized Users.

Live Game Data: Live in-game data transmitted to public viewers via shareable game links is subject to Striiver’s Live Data Transmission Policy, which describes the standardized delay applied to live updates.

We retain account data, Authorized User data, and athlete data for as long as the account is active or as needed to provide the Service.

Upon account cancellation or contract termination:

• We retain data for 30 days following cancellation, during which the customer may request a data export by contacting team@striiver.io.
• After this 30-day window, data may be permanently deleted from our production systems.
• Aggregated or de-identified data that does not personally identify any individual may be retained for product improvement purposes.

Schools or districts subject to a separate Data Processing Agreement (DPA) with Striiver should refer to the DPA for any data-retention, return, or deletion obligations that supersede this section.

You may also request earlier deletion of your account data at any time by writing to team@striiver.io.

In the event of a confirmed breach of security that materially compromises athlete data or other personal information, Striiver will notify affected customers without unreasonable delay, and where feasible within 72 hours of confirmed discovery of the breach. Notifications will identify, to the extent then known: the nature of the breach, the categories of data affected, the actions Striiver is taking in response, and any recommended actions for the customer. Striiver will provide additional updates as the investigation proceeds.

Striiver includes AI-powered features (“Scout AI”) that analyze athlete and team data to surface coaching insights. When Scout AI processes information:

• Athlete and team data — including names, position, performance metrics, and team context — is transmitted to Anthropic’s commercial API for analysis.
• Per Anthropic’s commercial terms, data submitted via the commercial API is not used to train Anthropic’s AI models.
• Data sent to Anthropic is subject to Anthropic’s then-current data retention policies.
• Scout AI outputs are displayed only to the authorized coaches and staff of the school that entered the data.
• Striiver is working toward minimizing personally identifying information sent in AI prompts where feasible.

AI-generated outputs are advisory only. They are not professional medical, athletic, training, or educational advice. All coaching, training, and educational decisions remain solely the responsibility of the coach and the school.

We use essential cookies and session tokens for authentication and platform functionality. We do not use advertising cookies or third-party tracking cookies. You may disable cookies in your browser settings, but this may affect platform functionality.

Authorized Users have the following rights regarding their personal data:

• Right to access the personal data we hold about you.
• Right to correct inaccurate data.
• Right to request deletion of your data.
• Right to object to or restrict processing.
• Right to data portability.

To exercise any of these rights, contact us at team@striiver.io.

Parents and guardians have rights regarding their child’s information under FERPA and applicable state law. Because Striiver receives student information from schools acting as the educational institution of record, parents should direct most data requests to their child’s school, which is responsible for reviewing the child’s educational records, requesting correction of inaccurate information, and requesting deletion of records. Schools may direct Striiver to delete or correct specific student records at any time.

Striiver is intended for use by authorized adult coaching staff and is not directed to children. Athletes do not log into Striiver or otherwise interact with the platform directly. Data about student-athletes is entered into Striiver only by authorized adult coaching staff.

In the limited cases where a student-athlete is under 13 (for example, a freshman in their first year of eligibility or a particularly young high-school athlete), schools represent that any consent required under the Children’s Online Privacy Protection Act (COPPA) has been obtained as part of the school’s athletic participation policies and is the responsibility of the school.

If you believe we have inadvertently received information directly from a child under 13, please contact us immediately at team@striiver.io and we will promptly investigate and delete it where appropriate.

We may update this Privacy Policy from time to time. We will notify Authorized Users of material changes by email and by posting an updated version of this Privacy Policy on the platform with a revised “Last Updated” date, at least 14 days before the change takes effect. Your continued use of Striiver after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: team@striiver.io
• Mail: Striiver Labs LLC, 6342 Carmel Rd Ste D.I.a, Charlotte, NC 28226
• Website: striiver.io