Legal

Privacy Policy

Last updated: April 14, 2026

1. Who We Are

Prospect Unlocked ("we," "us," "our") operates the website prospectunlocked.com and related services. We provide a recruiting management platform for high school football coaches, athletes, and their families.

We are committed to protecting the privacy and security of student data in compliance with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Protection of Pupil Rights Amendment (PPRA), the Texas Student Privacy Act (HB 2087), Texas Education Code Chapter 32, and the Texas Data Privacy and Security Act (HB 4390).

2. Information We Collect

We practice data minimization — we collect only the information necessary to provide recruiting management services. We do not collect information beyond what is needed for the stated educational purpose.

Account information: name, email address, password (hashed), and role (coach, athlete, or parent) when you create an account.

Profile information: school, position, graduation year, height, weight, academic information (GPA, test scores, NCAA ID), and athletic statistics that you or your coach provide.

Usage data: pages visited, features used, and interactions within the platform. We use Google Analytics (GA4) with anonymized data and internal logging for this purpose.

Communications: email address for transactional emails (account confirmation, notifications, recruiting activity updates).

Pre-loaded roster data: player names, positions, graduation years, and publicly available statistics sourced from public athletic databases. This information is publicly available and does not constitute education records under FERPA. Coaches and athletes can update or correct this information at any time.

3. How We Use Your Information

We use the information we collect solely to:

  • Provide and maintain the recruiting management platform
  • Display athlete profiles to coaches and recruiting contacts
  • Send transactional emails (account verification, activity notifications, parent updates)
  • Improve the platform based on anonymized usage patterns
  • Communicate platform updates and new features

We do not sell student data. We do not use student data for targeted advertising. We do not use student data for any purpose other than providing the recruiting management service. We do not build advertising profiles from student information.

4. Information Sharing

We share information only in these circumstances:

  • Public team pages: athlete names, positions, graduation years, and measurables are displayed on public team pages accessible to college coaches. This is the core purpose of the platform — increasing recruiting visibility.
  • Coach access: verified coaches who have claimed a school can view and manage their roster's information.
  • Parent/guardian access: linked parents can view their athlete's profile and recruiting activity.
  • Service providers (subprocessors): we use a limited set of service providers to operate the platform. See Section 11 for the complete list.
  • Legal requirements: if required by law, subpoena, or court order. We will notify the affected school district promptly unless legally prohibited.

We do not share, sell, rent, or trade student data with any third party for commercial purposes. We do not disclose student data to third parties other than our stated subprocessors without prior written consent from the school district or parent.

5. FERPA Compliance

We comply with the Family Educational Rights and Privacy Act (FERPA) and recognize that student education records are protected. When operating under an agreement with a school district:

  • We function as a "school official" with legitimate educational interest as defined under FERPA 34 CFR 99.31(a)(1)
  • We use student data only for the purposes specified in our service agreement with the school district
  • We do not re-disclose student education records without authorization
  • We maintain student data under the direct control of the school district
  • Parents and eligible students retain all rights under FERPA, including the right to inspect, review, and request correction of education records

6. Data About Minors (COPPA & Student Privacy)

Our platform contains information about high school athletes, many of whom are under 18. We take this responsibility seriously:

  • We collect only information relevant to athletic recruiting — no social security numbers, financial information, biometric data, or health records
  • We do not knowingly collect information from children under 13 without verified parental consent in compliance with COPPA
  • Parent/guardian accounts can be linked to athlete accounts for full oversight and control
  • Coaches control roster visibility for their programs
  • We comply with the Texas Student Privacy Act (HB 2087), which prohibits using student data for targeted advertising, selling student data, and unauthorized third-party sharing

If you are a parent or guardian and believe we have collected information about your child without appropriate consent, contact us immediately at info@prospectunlocked.com and we will promptly investigate and address your concern.

7. Data Ownership

All student data remains the property of the student, their family, and/or the school district. We claim no ownership of student data. We are granted a limited license to process data solely for the purpose of providing our recruiting management services.

Upon termination of a school's use of the platform, or upon written request from a school district, parent, or eligible student, we will delete all associated student data within 30 days and provide written confirmation of deletion.

8. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS) for all connections
  • Hashed passwords — we never store plaintext passwords
  • Row-level security policies on all database tables
  • Role-based access controls (coaches, athletes, parents see only authorized data)
  • Email-scoped invite tokens with expiration for account linking
  • All data stored in the United States on SOC 2 certified infrastructure

9. Breach Notification

In the event of a data breach involving student information:

  • We will notify affected school districts within 72 hours of discovering the breach
  • We will notify affected parents and users as required by Texas law
  • We will provide a description of the breach, the data involved, and the steps taken to address it
  • We will cooperate fully with school districts and law enforcement in any investigation

10. Your Rights

You may:

  • Access your personal information by logging into your account
  • Update or correct your information through your profile settings
  • Request a complete copy of all data we hold about you or your child
  • Request deletion of your account and all associated data
  • Opt out of non-essential communications
  • Request that we stop processing your data for any non-essential purpose

To exercise any of these rights, contact info@prospectunlocked.com. We will respond within 30 days.

11. Subprocessors

We use the following service providers to operate the platform. Each processes data only as necessary to provide their specific function:

  • Supabase (database, authentication) — SOC 2 Type II certified, data stored in US
  • Amazon Web Services / AWS Amplify (hosting, content delivery) — SOC 2 certified, data stored in US
  • Resend (transactional email delivery) — data stored in US
  • Google Analytics (anonymized usage analytics) — no student PII is transmitted to Google
  • Google Workspace (business email) — SOC 2 certified

We do not engage additional subprocessors without updating this list. We require all subprocessors to maintain security standards consistent with this policy.

12. Cookies and Tracking

We use:

  • Essential cookies: authentication session cookies required for the platform to function
  • Analytics: Google Analytics (GA4) to understand how the platform is used. No student PII is shared with Google. You can opt out using browser extensions or privacy settings.
  • Local storage: platform preferences and access state

We do not use tracking cookies for advertising. We do not build behavioral profiles of students.

13. Texas-Specific Compliance

For school districts in Texas, we additionally comply with:

  • Texas Education Code, Chapter 32 — student data protection requirements for education technology vendors
  • HB 2087 (Texas Student Privacy Act) — prohibitions on selling student data, using student data for advertising, and unauthorized third-party sharing
  • HB 4390 (Texas Data Privacy and Security Act) — comprehensive data privacy and security requirements
  • TX Standard Data Privacy Agreement (DPA) — we support and are prepared to execute the standard Texas DPA for K-12 institutions as developed by the Texas Student Privacy Alliance (TXSPA)

School districts requiring a signed Data Privacy Agreement should contact info@prospectunlocked.com.

14. Changes to This Policy

We may update this policy as our platform evolves. Material changes will be communicated via email to all registered users and a prominent notice on the platform at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

15. Contact

Questions or concerns about your privacy? Contact us:

Email: info@prospectunlocked.com

For school district data privacy inquiries, FERPA requests, or to execute a Data Privacy Agreement, please email info@prospectunlocked.com with "Data Privacy" in the subject line.