1. Scope and Roles

Bravara processes personal information in different roles depending on the context.

Organization-controlled data. When an Organization uploads, imports, enters, or otherwise controls player, participant, parent or guardian, roster, evaluation, scheduling, communications, or similar league-operational data in the Services, the Organization decides why and how that information is used. In that context, the Organization is the controller or business, and Bravara processes that information on the Organization's behalf to provide the Services.

Bravara-controlled data. When we collect information about website visitors, account holders, Organization representatives, billing contacts, support contacts, and users' interactions with our own website and Services, Bravara acts as the controller or business for that information.

If an Organization has entered into a separate written agreement with us that governs privacy, security, or data processing for Organization-controlled data, that agreement will control to the extent of any conflict.

This Privacy Policy does not apply to information collected by third-party services except to the extent that such information is transmitted to Bravara so that we can provide the Services. Those third parties have their own privacy policies and practices.

2. Personal Information We Collect

We collect the following categories of personal information, depending on how the Services are used.

A. Information you provide directly to us

We may collect:

• name
• email address
• phone number
• mailing address
• Organization name
• title or role with an Organization
• account username
• authentication-related information
• customer support messages and correspondence
• information you submit through forms, demos, waitlists, surveys, or similar interactions

B. Organization-controlled participant and league data

Organizations may upload, import, or enter information into the Services, including:

• parent or guardian names
• player or participant names
• birthdates
• contact details
• team assignments
• division assignments
• jersey numbers
• coaching assignments
• roster information
• scheduling and availability information
• evaluation scores
• skill ratings
• draft-related information
• communications and operational notes
• season history and other league-operational information provided to or generated within the Services at the Organization's direction

We process this information on behalf of the Organization to provide and support the Services.

C. Billing and transaction information

Payments are processed by third-party payment processors. Bravara does not store full payment card numbers or card security codes on our servers. We may receive limited billing and transaction information such as:

• billing name and contact information
• payment status
• card brand
• last four digits of a payment card
• invoice and subscription details
• transaction identifiers
• fraud-prevention or chargeback information

D. Third-party sign-in or integration data

If you choose to sign in through or connect a third-party provider or integration, we may receive information such as:

• name
• email address
• profile image
• unique account identifier
• other information you authorize that provider to share with us

E. Information collected automatically

When you visit or use the Services, we and our service providers may automatically collect information such as:

• IP address
• approximate location derived from IP address or network information
• browser type and version
• operating system
• device type and identifiers
• referring URLs
• pages viewed
• features used
• clicks and navigation paths
• timestamps
• crash data, error logs, and diagnostics
• cookie identifiers
• session and authentication data

We do not intentionally collect precise geolocation data.

F. Prohibited or unnecessary high-risk data

Our Services are not designed for the storage of unnecessary high-risk data. Organizations and users must not upload or store, unless we expressly support it in writing:

• Social Security numbers
• driver's license, passport, or other government-issued identification numbers
• full payment card numbers or card security codes
• medical records or detailed health histories
• biometric identifiers
• precise geolocation data
• any other high-risk personal information that is not reasonably necessary for league operations

Uploading prohibited data may violate our Terms of Service. We may remove, quarantine, or restrict access to such data.

3. How We Use Personal Information

We may use personal information to:

• provide, operate, maintain, and support the Services
• create and manage accounts
• authenticate users and secure accounts
• import, organize, display, and manage Organization-controlled data
• facilitate evaluations, drafts, rosters, scheduling, communications, and other league workflows
• preserve season history, league records, and operational continuity across seasons for Organizations that choose to maintain those records in the Services
• process subscriptions, billing, payments, collections, and account administration
• respond to inquiries and provide customer support
• send administrative, transactional, security, and service-related communications
• send promotional communications, subject to applicable opt-out rights
• operate, measure, and improve our public-facing website and marketing activities
• monitor usage, troubleshoot issues, debug errors, and improve performance
• detect, prevent, and investigate fraud, abuse, and security incidents
• enforce our Terms of Service and other agreements
• comply with legal obligations and respond to lawful requests
• create and use deidentified or aggregated information for analytics, product improvement, benchmarking, and other lawful purposes

Bravara does not use Organization-controlled participant data or authenticated application data for cross-context behavioral advertising.

When we process personal information on behalf of an Organization, we process that information only to provide and support the Services, maintain and improve the Services in a manner permitted by law and our agreements, maintain security, prevent fraud, troubleshoot and debug, comply with law, and perform other processing permitted for service providers or processors under applicable law.

Bravara does not use personal information to make automated decisions that produce legal or similarly significant effects.

4. How We Disclose Personal Information

We may disclose personal information in the following circumstances.

A. Within an Organization

Organizations control user roles and permissions in the Services. Depending on the Organization's configuration, the following information may be visible to authorized users within that Organization:

• rosters
• schedules
• parent or guardian contact details
• team and division assignments
• coaching assignments
• communications relevant to league operations

Evaluation scores, draft information, internal comments, and similar league-management data are intended for authorized administrators, coaches, and staff designated by the Organization, unless the Organization affirmatively chooses to make them available more broadly.

B. Service providers and contractors

We may disclose personal information to vendors and service providers that perform services on our behalf, such as providers of:

• hosting and cloud infrastructure
• data storage and database services
• identity and authentication services
• payment processing
• communications and email delivery
• analytics
• error monitoring
• customer support infrastructure
• document processing
• security and fraud-prevention services

These providers may access personal information only as reasonably necessary to perform services for us and are contractually restricted from using it for unrelated purposes.

C. Third-party integrations or at your direction

If an Organization or user chooses to connect a third-party service or directs us to share information with another party, we may do so consistent with that direction.

D. Legal, safety, and compliance disclosures

We may disclose personal information if reasonably necessary to:

• comply with applicable law, regulation, legal process, or governmental request
• enforce our agreements
• protect the rights, property, or safety of Bravara, Organizations, users, or others
• prevent, investigate, or address fraud, abuse, security incidents, or technical problems

E. Professional advisors

We may disclose personal information to lawyers, accountants, auditors, insurers, lenders, and other professional advisors subject to confidentiality and other appropriate restrictions.

F. Corporate transactions

We may disclose personal information in connection with a merger, acquisition, financing, asset sale, bankruptcy, reorganization, or similar transaction, subject to applicable legal and contractual requirements.

G. Deidentified or aggregated information

We may create deidentified or aggregated information that does not reasonably identify an individual. We may use and disclose that information for lawful business purposes. We will maintain and use deidentified information in deidentified form and will not attempt to reidentify it except as permitted by applicable law. We will require recipients of deidentified information to agree not to attempt reidentification.

5. Sale, Sharing, and Targeted Advertising

Bravara does not sell personal information for monetary consideration.

On our public-facing website, we may use or permit third-party analytics, advertising, and conversion-measurement technologies that disclose limited identifiers, internet or other electronic network activity, and approximate geolocation derived from IP address or network information to advertising, social media, analytics, and measurement partners. Depending on the law that applies, this may be considered a "sale," "sharing," or use of personal information for targeted advertising.

Bravara does not sell or share Organization-controlled participant data or authenticated application data for cross-context behavioral advertising.

Bravara does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.

6. Cookies and Similar Technologies

We use cookies and similar technologies on our website and Services.

A. Authenticated application

Inside the logged-in application, we use cookies and similar technologies that are reasonably necessary for:

• authentication
• session management
• security
• load balancing
• fraud prevention
• performance monitoring
• internal product analytics

We do not deploy advertising or remarketing pixels in authenticated areas of the Services or on pages that display Organization-controlled participant data.

B. Public-facing website

On our public-facing website, we may use:

• essential cookies
• preference cookies
• analytics cookies
• advertising and conversion-measurement technologies

These technologies help us operate the website, understand usage, improve performance, and measure or optimize marketing campaigns.

Current cookie and tracking technologies may change over time. Where available, additional details are provided through our cookie or consent settings interface.

C. Your choices

You can manage cookies through your browser settings and, where available, through privacy choices tools we provide on the site. Blocking essential cookies may impair the functionality of the Services.

Where applicable law gives you the right to opt out of sale, sharing, or targeted advertising, you may do so by using any privacy choices tool or link we make available on the site, by enabling a supported Global Privacy Control signal, or by contacting us using the methods listed below.

7. International Data Transfers

Bravara and its service providers primarily process personal information in the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate, and that those jurisdictions may have data protection laws that differ from those in your location.

8. Data Retention

We retain personal information for as long as reasonably necessary to carry out the purposes described in this Privacy Policy, including providing and supporting the Services, preserving historical league records and season history, supporting recurring seasonal operations, maintaining service continuity, protecting security, preventing fraud and abuse, maintaining backups and disaster recovery capabilities, resolving disputes, enforcing agreements, complying with law, and maintaining appropriate business records.

Because many Organizations use Bravara as a long-term system of record for seasons, rosters, evaluations, scheduling, and related league history, some information may be retained for extended periods.

Rather than applying a single fixed retention period to all data, we determine retention by category of information and criteria such as:

• whether the relevant account or Organization remains active
• whether the information remains needed for current or future seasons
• whether the information remains part of historical league records the Organization expects Bravara to preserve
• the need to support reactivation, migration, export, or transition requests
• the need to maintain support history, audit trails, and operational records
• legal, tax, accounting, audit, insurance, and regulatory obligations
• security monitoring, fraud prevention, abuse prevention, and incident investigation needs
• dispute resolution, legal hold, and enforcement needs
• backup, archival, and disaster recovery requirements
• whether the information has been deidentified

Our general retention practices are as follows:

• Account and Organization administrator data: retained while the account remains active and afterward for as long as reasonably necessary to maintain the account relationship, support service continuity, preserve relevant business and audit records, enforce agreements, protect security, comply with law, and resolve disputes.
• Organization-controlled participant and league data:retained for as long as the Organization continues to use the Services, keeps the data in the Services, or may reasonably need the data for league administration, recurring seasons, historical recordkeeping, support, reactivation, migration, backup, disaster recovery, security, fraud prevention, dispute resolution, enforcement, or legal compliance.
• Billing, tax, contract, and transaction records:retained for as long as reasonably necessary for billing, collections, accounting, tax, audit, chargeback, legal, and compliance purposes.
• Customer support and business communications:retained for as long as reasonably necessary to respond to requests, maintain support history, improve support operations, comply with law, protect security, and resolve disputes.
• Security logs, audit logs, diagnostics, and fraud-prevention records:retained for as long as reasonably necessary to maintain security, investigate incidents, prevent abuse, monitor performance, enforce our agreements, and comply with legal obligations.
• Cookie-based and similar identifiers on the public-facing website:retained based on the type of technology used, the purpose for which it is used, browser or device settings, user choices, and our configuration of the relevant tool or service.
• Backup and archival copies: may persist after information is deleted or removed from active systems and may remain until overwritten, rotated out, or otherwise removed in the ordinary course of our backup, archival, and disaster recovery processes.
• Deidentified or aggregated information: may be retained indefinitely.

If an Organization asks us to delete or return Organization-controlled data, we will handle that request in accordance with our agreement with that Organization, applicable law, our legitimate retention needs, and the technical and operational limits of our systems, including backup and disaster recovery systems.

9. How We Protect Personal Information

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information, including measures such as:

• encryption in transit
• role-based access controls
• authentication controls
• logging and monitoring
• vendor due diligence and contractual controls
• backups and recovery processes
• patching and maintenance practices

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident involving Organization-controlled data, we will notify the relevant Organization consistent with applicable law and our contractual obligations. If we become aware of a security incident involving Bravara-controlled data, we will provide any notices required by applicable law.

10. Children's Information

Bravara is intended for use by Organizations and adult users and is not directed to children under 13. Children may not create Bravara accounts directly.

We may process personal information about child participants when that information is submitted by an Organization or by a parent or guardian for league administration. That information may include a child participant's name, birthdate, team or division assignment, roster details, evaluation information, and parent or guardian contact information (for league administration, associating participants with the correct parent or guardian, and supporting Organization-directed communications).

We request only the information that is reasonably necessary for league operations. We do not use child participant data for cross-context behavioral advertising.

Organizations are responsible for:

• providing legally required notices to parents and participants
• obtaining any legally required permissions or consents
• determining which authorized adults may access child participant information
• responding to requests to access, correct, or delete child participant information that the Organization controls

If you are a parent or guardian and your child's information was provided to Bravara through an Organization, please contact the Organization first. You may also contact us, and we will coordinate with the Organization as appropriate.

If we learn that a child has created a Bravara account directly in violation of our rules, or that we collected personal information directly from a child where authorization was required and not obtained, we will take appropriate steps consistent with applicable law and our systems and operations, which may include disabling the account or restricting associated information.

11. Your Privacy Rights

Depending on your location and the law that applies, you may have some or all of the following rights:

• the right to know or access personal information
• the right to correct inaccurate personal information
• the right to delete personal information
• the right to obtain a portable copy of personal information
• the right to opt out of the sale, sharing, or targeted advertising use of personal information
• the right to limit the use or disclosure of sensitive personal information, where applicable
• the right to withdraw consent where processing is based on consent
• the right to appeal a denial of a privacy request, where applicable
• the right not to receive unlawful discriminatory treatment for exercising privacy rights

A. Organization-controlled data

If we process your personal information, or your child's personal information, on behalf of an Organization, that Organization controls the data and is primarily responsible for responding to access, correction, deletion, and similar requests. If you contact Bravara directly about Organization-controlled data, we may refer your request to the relevant Organization, though we may also assist the Organization as required by law or contract.

B. Bravara-controlled data

For personal information Bravara controls directly, such as website visitor data, account-holder data, billing data, and support-contact data, you may submit requests to Bravara using the contact methods below.

C. How to exercise your rights

You may submit privacy requests by:

• emailing support@bravara.com
• writing to 1968 S. Coast Hwy #1194, Laguna Beach, CA 92651, United States

For sale, sharing, or targeted advertising opt-out requests relating to our public-facing website, you may also use the privacy choices tools or links we make available on the website, a supported Global Privacy Control signal, or the contact methods above.

We may need to verify your identity before processing certain requests. We may request information such as your name, email address, Organization name, or other information reasonably necessary to verify the request. We will not ask you for your password.

Where permitted by law, you may designate an authorized agent to make a request on your behalf. We may require proof of your identity and the agent's authority.

We will respond within the time required by applicable law. If we deny a request, in whole or in part, and an appeal right applies, you may appeal by replying to the denial or by emailing support@bravara.com with the word APPEAL and enough detail to identify the original request.

D. Promotional communications

You may opt out of promotional emails by using the unsubscribe link in the message or by contacting us. You may still receive transactional, service, and security communications.

12. Supplemental U.S. State Privacy Disclosures

This section provides supplemental disclosures for residents of states with applicable privacy laws, including California, to the extent such laws apply.

A. Categories of personal information collected in the preceding 12 months

Depending on how you interact with the Services, we may have collected the following categories of personal information in the preceding 12 months:

• identifiers, such as name, email address, postal address, IP address, account name, and similar identifiers
• personal information described in California Civil Code section 1798.80(e), such as contact information, billing records, participant registration data, and similar records
• commercial information, such as subscription, purchase, and transaction details
• internet or other electronic network activity information, such as usage logs, pages visited, clicks, and feature interactions
• geolocation data derived from IP address or network information, but not precise geolocation
• professional or employment-related information, such as Organization affiliation, title, and role
• communications content and related records when you contact us or use communications features for which we are the intended recipient or provider
• inferences, such as account preferences, product usage insights, or evaluation-related outputs where applicable
• sensitive personal information, to the limited extent we collect information such as account log-in credentials needed to secure accounts or other categories of sensitive personal information defined by applicable law

B. Sources of personal information

We collect personal information from:

• you
• the Organization you are associated with
• parents or guardians
• third-party registration, identity, or integration systems chosen by an Organization or user
• payment processors
• service providers acting on our behalf
• cookies, logs, and similar technologies
• our own interactions with you and your use of the Services

C. Purposes for collection, use, disclosure, sale, or sharing

We collect, use, disclose, and, where applicable, share personal information for the purposes described in Sections 3 through 6 of this Privacy Policy, including providing the Services, account management, preserving historical league records, billing, support, security, fraud prevention, analytics, legal compliance, and public-website marketing and measurement.

D. Categories of third parties to whom personal information is disclosed

We may disclose personal information to the following categories of recipients:

• Organizations and their authorized users
• service providers and contractors
• payment processors
• third-party integrations or identity providers at your direction
• professional advisors
• legal authorities or other parties as required by law
• transaction counterparties in a corporate transaction

E. Categories of personal information disclosed for a business purpose in the preceding 12 months

In the preceding 12 months, we have disclosed personal information to service providers and contractors that perform services on our behalf, such as hosting, infrastructure, authentication, payment processing, communications, analytics, customer support, and security.

The categories of personal information disclosed for these business purposes include: identifiers; contact and registration information; commercial information; internet or other electronic network activity; approximate geolocation derived from IP address or network information; Organization affiliation and user role information; communications content and support records; and inferences, where applicable.

These disclosures are limited to what is reasonably necessary for service providers to perform services for us. Service providers are contractually restricted from using personal information for their own purposes.

We do not disclose personal information to third parties for their own independent marketing purposes.

F. Categories of personal information sold or shared in the preceding 12 months

We do not sell personal information for monetary consideration.

On our public-facing website, we use third-party analytics and marketing measurement tools that may collect limited information such as identifiers, internet or other electronic network activity, and approximate geolocation derived from IP address or network information. We use this information to understand website usage and measure and improve our own marketing performance. Under certain privacy laws, these activities may be considered “sharing.”

In the preceding 12 months, we have only engaged in the activities described above, which may be considered “sharing” under applicable law, involving the following categories of personal information: identifiers; internet or other electronic network activity; and approximate geolocation derived from IP address or network information.

The categories of third parties that may receive such information include analytics and marketing measurement providers that act on our behalf.

We do not sell or share Organization-controlled participant data or authenticated application data for cross-context behavioral advertising.

We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

G. Sensitive personal information

To the extent we collect sensitive personal information as defined by applicable law, we do not use or disclose it for purposes other than providing the Services, securing accounts, preventing fraud, complying with law, or other purposes permitted by applicable law, unless we provide any additional notice and rights required by law.

13. Do Not Track and Global Privacy Control

Some browsers offer a "Do Not Track" setting. Because there is no uniform industry standard for responding to Do Not Track signals, we do not respond to those signals.

Where required by applicable law, we process supported opt-out preference signals, including Global Privacy Control signals, as requests to opt out of sale, sharing, or targeted advertising.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or business practices. The updated version will be indicated by the "Last updated" date above.

If we make a material change to this Privacy Policy, we may provide notice by posting an updated notice in the Services, sending an email, or by other appropriate means.

15. Contact Us

If you have questions about this Privacy Policy or would like to exercise applicable privacy rights, contact us at:

• Email: support@bravara.com
• Mail: 1968 S. Coast Hwy #1194, Laguna Beach, CA 92651, United States

For privacy requests, please include PRIVACY REQUEST in the subject line of your email or at the top of your written correspondence.