Privacy Policy

1. Overview

The Southern State Seminoles ("we," "us," or "our") is a 501(c)(3) non-profit youth athletic organization serving children ages 4–13 in the Long Island and New York City area. We are committed to protecting the privacy and security of our participants, their families, and all users of our platform.

This Privacy Policy describes how we collect, use, store, and protect personal information through our website and related services.

2. Children's Privacy (COPPA Compliance)

We comply with the Children's Online Privacy Protection Act (COPPA).

• We do not knowingly collect personal information directly from children under 13 without verified parental consent.
• All information about child participants (name, date of birth, allergies, medical information) is collected from and managed by the child's parent or legal guardian.
• Parents/guardians must complete the registration process on behalf of their child.
• We do not require children to disclose more information than is reasonably necessary to participate in our programs.
• Parents/guardians may review, update, or request deletion of their child's personal information at any time by contacting us at ssseminolesfootball@gmail.com.
• We do not share children's personal information with third parties except as necessary to operate our programs (e.g., league administration).

3. Information We Collect

From Parents/Guardians:

• Full name, email address, phone number, mailing address
• Emergency contact information
• Payment method selection (we do not store card numbers)
• Volunteer preferences
• Secondary parent/guardian contact information

About Child Participants (provided by parents):

• Full name, date of birth
• Allergies and medical/behavioral notes
• Birth certificate, state ID, or passport (for age verification)
• Physical/medical clearance form
• Photos and videos (with signed media release)

Automatically Collected:

• Anonymized/hashed IP address (SHA-256 hashed, non-reversible)
• Device type (mobile/desktop)
• Pages visited, time on site, scroll depth
• Referral source (how you found our site)
• Browser type and operating system

4. How We Use Information

• To register participants and manage team rosters
• To communicate with families (schedules, announcements, reminders)
• To verify age eligibility for divisions
• To ensure player safety (allergies, medical conditions, emergency contacts)
• To process and verify registration payments
• To improve our website and services (anonymized analytics)
• To provide sponsors with aggregate, anonymized audience metrics (never individual data)

5. Information Sharing

We do NOT sell, rent, or trade personal information to third parties.

We may share limited information with:

• League administrators — player names, DOBs, and eligibility documents as required for league participation
• Coaching staff — player roster information, medical/allergy notes, emergency contacts relevant to their assigned team only
• Service providers — AWS (hosting, email, storage) under strict data processing agreements
• Sponsors — only aggregate, anonymized analytics (e.g., "150 unique visitors this month"), never individual data

6. Data Security

• All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
• IP addresses are SHA-256 hashed with a salt before storage — they cannot be reversed
• Sensitive documents (birth certificates, medical forms) are stored in access-controlled S3 buckets
• Access to player data is role-based — coaches only see their own team
• Authentication uses one-time passwords (OTP) — no passwords are stored
• Session tokens expire after 30 days
• All administrative actions are logged

7. Data Retention

• Active participant data is retained for the duration of participation plus one additional season
• After a participant leaves the program, personal data is deleted within 90 days upon request
• Rejected gallery submissions are moved to archive storage after 30 days
• Analytics data (anonymized) may be retained indefinitely for historical reporting
• Financial records are retained as required by law (typically 7 years for nonprofits)

8. Your Rights

Parents and guardians have the right to:

• Access — Request a copy of all personal information we hold about you or your child
• Correct — Update inaccurate information via the parent dashboard or by contacting us
• Delete — Request deletion of personal information (subject to legal retention requirements)
• Opt-out — Unsubscribe from non-essential communications at any time
• Revoke consent — Withdraw media release consent at any time by contacting us in writing

9. Cookies and Tracking

Our site uses:

• Session cookies — to maintain your login state (httpOnly, secure)
• Analytics tracking — anonymized page views, scroll depth, and session duration to improve our services
• UTM parameters — to track which marketing channels drive traffic (no personal identification)

We do not use third-party advertising cookies or cross-site tracking.

10. Photo and Media Policy

• Photos and videos of participants are only captured and shared with signed parental consent (Photo & Media Release form)
• Media is used solely for organizational purposes (website gallery, social media, promotional materials)
• Parents may revoke media release consent at any time by written request
• All media submissions by parents/coaches are reviewed by staff before publication
• Inappropriate content is rejected and may result in removal from the organization

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered families. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For privacy questions, data requests, or concerns: