Spotzy
Spotzy← Back to home

Privacy Policy

Effective May 17, 2026

Spotzy ("Spotzy," "we," "us") is a softball recruiting and college-visit journaling app built for high school athletes. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We only operate in the United States — we do not target users outside the US.

1. Information We Collect

You give us this directly:

  • Account info: email address, password (if you sign up with email), or your Google account profile (if you sign in with Google).
  • Profile info: name, grade, ZIP code, home state, high school, club team, position(s), GPA, SAT/ACT scores, profile photo, intended major, "about me" text, birthday, highlight video URL.
  • Visit journal content: photos, ratings, notes, and other content you create about campus visits.
  • School list: the colleges you add, your tier classification (reach/target/safety), application deadlines, recruiting status, coach contact notes.

We collect this automatically:

  • Usage data: pages viewed, features used, approximate device and browser info, and product events (e.g., "visit submitted," "school added"). We use PostHog for product analytics with all text input fields masked from session recordings.
  • Web vitals: Vercel Analytics collects performance metrics (page load times, etc.).
  • Authentication: Supabase logs sign-in attempts for security.

We derive this from what you give us:

  • Latitude and longitude: derived from the 5-digit ZIP code you enter, used to sort schools by distance.
  • Region: derived from your home state.
  • Class of [year]: derived from your grade.

2. How We Use Your Information

  • To run and improve Spotzy (authentication, your school list, visit journal, comparison features).
  • To personalize what you see — e.g., showing schools closest to your ZIP first, surfacing rosters at your position.
  • To enable the share-profile feature when you choose to use it.
  • To debug, monitor performance, and prevent abuse.
  • To communicate with you about your account or important changes (we do not send marketing emails today).

3. Service Providers and Third Parties

We use the following third-party services to operate Spotzy. Each handles your data under their own privacy policy:

  • Supabase — database, authentication, and file storage (profile photos, visit photos).
  • Vercel — application hosting and web vitals analytics.
  • Google — sign-in via OAuth (if you choose Google login).
  • PostHog — product analytics. Profiles are created only after you sign in; all text inputs are masked from session recordings.
  • OpenStreetMap (Nominatim) — geocoding addresses of college campuses.
  • Zippopotam.us — converting your ZIP code to latitude/longitude.
  • US Dept. of Education College Scorecard — public data about colleges (admissions, tuition, graduation rates).

We do not sell your personal information. We do not share your personal information with advertisers, data brokers, or any third party for their own marketing or profiling purposes.

4. Children Under 13

Spotzy is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under 13, do not use Spotzy or submit any information to us. If we learn that we have collected information from a child under 13, we will delete it. If you believe a child under 13 has provided us information, please contact us at hi@spotzy.app.

5. Users Aged 13–17

Spotzy is designed for high school athletes, most of whom are minors. If you are under 18, you should review this Privacy Policy and our Terms with a parent or guardian before creating an account. Public-profile sharing, described below, is especially worth discussing with a parent or guardian.

6. Public Profile Sharing

Spotzy offers an optional feature that lets you share a public version of your profile via a URL (for example, /share/your-name or/u/your-name). This feature is off by default. If you turn it on:

  • Your name, profile photo (if uploaded), grade, class year, high school, city/state, positions, GPA (if entered), club team (if entered), and your college list become viewable by anyone who has the link.
  • The link is unguessable but is not authenticated — anyone you send it to can open it, and they can forward it.
  • You can turn the feature off at any time by clearing your "profile slug" from your profile settings.

7. Coach Contact Information

Spotzy displays head softball coach contact information for the colleges in our directory. This data is collected from publicly available athletic department websites — we do not generate it ourselves and we do not guarantee its accuracy or that the named coach still holds the role. When you click "Email Coach," your device's default email app opens — we do not send emails on your behalf.

8. Data Retention

We keep your information for as long as your account is active. If you ask us to delete your account, we will delete your profile, visit journal, photos, and school list within 30 days of receiving your request. Some information may be retained in backups for up to 90 days, or longer if required by law.

9. Your Rights and Choices

You may, at any time:

  • Access the personal information we have about you.
  • Correct information by editing your profile in the app.
  • Delete your account and all associated data.
  • Export the data you have provided to us.
  • Opt out of analytics collection (see your browser's "Do Not Track" setting).

To make any of these requests, email us at hi@spotzy.app from the email address on your account. We will respond within 30 days.

10. California Residents

If you are a California resident, the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") provide additional rights, including the right to know what personal information we collect, the right to delete it, and the right to opt out of any sale or sharing. We do not sell or share your personal information for cross-context behavioral advertising. You can exercise your CCPA/CPRA rights by emailing us at hi@spotzy.app.

11. Data Security

We use industry-standard practices to protect your data: encrypted connections (HTTPS), row-level security in our database so users can only see their own data, masked text inputs in session recordings, and access-limited admin keys for internal operations. No service can guarantee perfect security, but we take this seriously.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will give you notice within the app or by email. The "Effective Date" at the top of this page shows when it was last updated.

13. Contact Us

For any privacy-related question or request, email us at hi@spotzy.app.

See also: Terms of Service.