Privacy Policy

1. Introduction

Last updated: March 29, 2026.

Scouted ("we," "us," or "our") is a mobile application designed to help high school athletes organize and manage their college recruiting process. We are committed to protecting your privacy and being transparent about how we handle your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information.

Important: Scouted is designed for high school student-athletes ages 13 and older. Because many of our users are minors, we take extra care to collect only the data necessary to provide our service and to be transparent about how that data is handled. We encourage all users under 18 to review this policy with a parent or guardian.

By using Scouted, you agree to the practices described in this Privacy Policy. If you have any questions or concerns, please contact us at [email protected] or [email protected].

Geographic Scope: Scouted is designed for use in the United States. If you access Scouted from outside the United States, please be aware that your information may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

2. Information We Collect

We collect information that you provide directly to us, information imported from other services at your direction, and information generated automatically through your use of the app. We practice data minimization — we only collect information that is necessary to provide and improve our service. The types of information we collect include:

Information You Provide

Account Information

When you create an account, we collect:

• Email address
• Name
• Sport
• Gender category (e.g., men's or women's sports)
• Graduation year
• Home location (city/region, and optionally latitude and longitude coordinates). Location coordinates are voluntarily provided by you — we do not track your device location or use GPS. Coordinates are used solely for calculating distances to camps and schools.
• Device timezone (automatically detected)
• Referral code (if you were referred by another user or promotional campaign)

Recruiting Profile

You may optionally provide additional details about yourself to support your recruiting journey, such as academic information (e.g., GPA, test scores, intended major), athletic information (e.g., position, height, weight, club team), and external identifiers or links (e.g., NCAA ID, highlights video URL). All recruiting profile fields are optional and are only stored when you choose to provide them.

Recruiting Data

This is the core data you create and manage within the app to organize your recruiting process:

• Schools you are tracking
• Coach contact information and details (names, phone numbers, email addresses, roles)
• Advisor contact information (names, phone numbers, email addresses, organizations)
• Conversation logs and notes
• Camps and campus visit information (including locations and travel details)
• Follow-up reminders and deadlines
• Questions you want to ask schools
• Personal notes about each school

Email & Message Data

If you choose to connect your email account or import messages, we collect the following data at your direction:

• Outlook integration: When you connect your email account, we request broad read-only access to your mailbox (Outlook's Mail.Read scope) because the email API requires this permission to search for matching threads. However, we only retrieve and store email threads that match your recruiting contacts (coaches and advisors you have added to the app). We do not read, index, or store any other emails in your mailbox. Synced data includes sender and recipient email addresses, subject lines, email body text, and attachment metadata (we do not download attachments). Your email OAuth credentials are stored in encrypted form. Note: While the API permissions technically grant read access to your full mailbox, our application only queries for and processes threads involving your recruiting contacts. No other emails are accessed, read, or stored.
• Text message import: You can import text message conversations by uploading screenshots from your device's photo library. These screenshots are processed to extract message content, sender information, phone numbers, and timestamps. The screenshot images themselves are not permanently stored — they are processed and discarded.
• Call logs: You can manually log phone calls with coaches and advisors within the app.

Information Collected Automatically

Device Permissions & Data

Scouted may request access to certain device features. Each permission is optional and requested only when you use a feature that requires it:

• Contacts: If you import text message screenshots, the app may request access to your device contacts to match phone numbers to coach or advisor names. Contact data is used for matching only and is not stored on our servers.
• Photo library: Used to select screenshots for text message import. We access only the images you explicitly select.
• Biometric authentication (Face ID / fingerprint): If enabled, used to secure access to your Scouted account on your device. Biometric data is processed entirely on your device by the operating system and is never transmitted to or stored on our servers. We only store a preference flag indicating whether you have enabled biometric authentication — we never collect, transmit, or store biometric templates, fingerprints, facial geometry, or any other biometric identifiers.
• Push notifications: If you enable notifications, we store a device push token to send you reminders about follow-ups, camps, campus visits, and other recruiting events, as well as service-related notifications (such as subscription status updates).

Usage Data

Analytics data collection is disabled by default. If you choose to opt in through the app's settings, we collect information about how you interact with features (such as which screens you visit, which features you use, and actions you take), device information (such as device type, operating system, and app version), and general usage patterns. This data is associated with your anonymous user ID and helps us understand how athletes use Scouted so we can improve the experience. Analytics data is never shared with advertisers or data brokers. We also use feature flags to gradually roll out new features to subsets of users; your anonymous user ID may be used to determine which features are available to you.

3. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Scouted app. Specifically, we use your information to:

• Provide app functionality — Store and sync your recruiting data across your devices, manage your account, and deliver the core features you rely on to stay organized.
• Personalize your experience — Tailor content and features based on your sport, graduation year, and recruiting activity to make the app more relevant to your process.
• Power smart features — Generate personalized conversation summaries, suggest tailored questions to ask coaches, and provide other smart insights using your recruiting data. These features are designed to help you stay prepared and make the most of your interactions with coaches.
• Send notifications — Deliver push notifications for follow-up reminders, camp deadlines, campus visit reminders, and other time-sensitive recruiting events you have configured.
• Calculate distances — Use your home location to display distances to camps and schools, helping you plan visits and evaluate options.
• Enable family sharing — If you choose to use the family sharing feature, make your recruiting data visible in read-only form to a family member account you have explicitly invited. This is entirely optional and controlled by you.
• Analyze and improve the app — Use aggregated and anonymized usage analytics to understand how athletes use Scouted, identify issues, and prioritize new features and improvements.

Do Not Sell or Share My Personal Information

Scouted does not sell or share your personal information. We do not sell personal data to third parties as defined under the California Consumer Privacy Act (CCPA/CPRA) or any other applicable state privacy law. We do not share personal data with third parties for cross-context behavioral advertising. We do not use your personal information for targeted advertising. We do not share your data with data brokers or advertisers. This applies to all users, including minors.

4. Third-Party Services

We use a limited number of trusted third-party services to operate and improve Scouted. Each service only receives the minimum data necessary for its specific function. The specific providers we use may change over time; we will update this policy when material changes occur. Our current providers include:

• Cloud Infrastructure & Database — We use cloud database services to securely store your account information and recruiting data, handle user authentication, and run server-side functions. All data is stored with row-level security policies ensuring you can only access your own data.
• Analytics — We use a product analytics service to understand how the app is used. This service receives anonymized usage events and device information. It does not receive your personal recruiting data. Analytics data collection is disabled by default and requires you to opt in through the app's settings.
• Marketing Website Analytics — The scouted.me marketing website uses the same product analytics service to collect aggregated, anonymized traffic information — such as page views, referring sites, approximate location (country/region), and clicks on outbound links to the App Store. No persistent cross-site tracking cookies are set, no personal information is collected, and visitor profiles are not created. This is separate from the in-app analytics described above and helps us understand which pages and articles are useful so we can improve them.
• Authentication Providers — We support third-party sign-in providers (Apple, Google, and Microsoft) for secure account authentication. When you sign in with one of these providers, they share your email address (or a relay address) and basic profile information so you can create and access your Scouted account.
• AI Services — We use third-party AI services to power smart features such as personalized conversation summaries, question suggestions, school research, and text message screenshot parsing. When you use these features, the following data may be sent to AI services for processing: the text content of your email messages and text messages (for generating conversation summaries), your recruiting notes and school details (for generating question suggestions and insights), and screenshot images of text message conversations (for extracting message text). We never send your personal contact information (such as your email address, full name, or phone number) to these services. Our AI providers process data under zero data retention (ZDR) agreements, meaning your data is not stored after processing and is not used to train AI models. Screenshot images are processed in memory and are never saved to disk or stored permanently.
• Push Notification Service — We use a notification delivery service to send push notifications to your device. This service receives your device push token and notification content.
• Email Provider (Microsoft Outlook) — If you choose to connect your email account, we use OAuth to securely access your email threads. Your email credentials (refresh tokens) are stored in encrypted form. We only sync email threads that match your recruiting contacts; we do not read, index, or store any other emails. We do not modify, send, or delete emails on your behalf.
• Brand Assets (Logo.dev) — We use Logo.dev to display school and organization logos within the app. Logo.dev receives the domain name associated with a school or organization and returns a logo image. No personal user data is sent to this service.

5. Family Sharing

Scouted Pro subscribers may use the optional family sharing feature to grant designated family members read-only access to their recruiting profile. This section describes how that data sharing works and the protections in place.

How It Works

The athlete generates a secure, time-limited invite link within the app and shares it with a person of their choice. The recipient must download the app, create a separate family account, and attest that they are 18 years of age or older before accepting the invitation. Once accepted, the family member can view — but not modify — the athlete's recruiting data.

What the Family Member Can See

A family member with active access has read-only visibility into the athlete's full recruiting profile, including:

• School list, status, and notes
• Coach and advisor contact information and notes
• Conversation logs, including synced email threads and imported text message threads
• AI-generated conversation summaries and smart suggestions
• Camp and campus visit details
• Follow-up reminders and recruiting calendar events

The athlete controls what is shared by deciding who to invite. Because the full recruiting profile is shared, athletes should only invite people they trust with all of their recruiting communications and notes.

What the Family Member Cannot Do

• Modify, add, or delete any of the athlete's data
• Trigger AI processing or generate new smart features on the athlete's behalf
• Export the athlete's data

Athlete Control & Revocation

The athlete can view the names of all family members with active or pending access and can revoke any invitation at any time. Revocation is immediate — the family member loses access to the athlete's data the moment access is removed and will see a message indicating no accounts are shared with them. A family member may be linked to more than one athlete at a time; each athlete's data remains isolated and independently controlled.

Subscription Dependency

Family sharing requires an active Scouted Pro subscription on the athlete's account. If the athlete's Pro subscription becomes inactive, the family member's access is suspended until the subscription is renewed. The family member's account is not deleted; access resumes if the athlete reactivates Pro.

Age Requirement & Verification

Family sharing is intended for use with adults. The athlete is informed at the time of invite creation that they should only share with someone who is 18 years of age or older. The family member must affirmatively attest that they are 18 or older before accepting the invitation. This attestation is self-reported — Scouted does not independently verify the family member's age or identity. The athlete is responsible for ensuring they share only with appropriate individuals.

Minor Athletes

When a minor athlete (ages 13–17) uses family sharing, their full recruiting profile — including communication logs, notes, and AI-generated content — becomes visible to the invited family member. Parents and guardians of minor users have the right to review who their child has shared their data with and may request revocation of any active link by contacting us at [email protected]. We will verify the parent or guardian's relationship to the minor before acting on such requests. We encourage parents of minor athletes to discuss family sharing with their child so that both understand who can view the recruiting profile.

State Privacy Law Considerations

Family sharing involves the disclosure of your personal recruiting data to another user account at your direction. This is not a sale of personal data, is not used for advertising or profiling, and occurs solely because you choose to invite that person. Under applicable state privacy laws, this constitutes a user-directed disclosure of personal information rather than a third-party sale or share. You may withdraw this consent at any time by revoking the family link.

6. Data Security

We take the security of your data seriously and implement industry-standard measures to protect your information. All data is transmitted over HTTPS using TLS encryption, ensuring that your information is encrypted in transit between your device and our servers. We use secure authentication methods that leverage modern security protocols. Your data is stored in secure, encrypted cloud infrastructure with row-level security policies that ensure you can only access your own data. Sensitive credentials such as email OAuth tokens are stored in encrypted form.

We maintain a formal information security program that includes regular evaluation of privacy and security risks, deployment of appropriate safeguards, and periodic review and testing of our security practices. While no method of electronic transmission or storage is 100% secure, we continuously review and update our security practices to protect your personal information to the best of our ability.

Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will notify affected users via email within 30 days of discovering the breach (or sooner where required by applicable state law). Our notification will include a description of the breach, the types of information involved, the steps we are taking to address it, and recommended actions you can take to protect yourself. We will also notify relevant state authorities as required by law.

7. Children's & Minors' Privacy

Scouted is designed for high school athletes ages 13 and older. We recognize the importance of protecting the privacy of younger users and are committed to complying with the Children's Online Privacy Protection Act (COPPA) and applicable state laws regarding minors' data.

Users Under 13

Scouted is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a user under 13, we will promptly delete that information and terminate the associated account. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at [email protected].

Users Ages 13–17

Users must be at least 13 years old to use Scouted. We encourage all users under 18 to review this Privacy Policy and our Terms of Service with a parent or guardian before using the app.

How we obtain consent: Before any data is collected or any account is created, every new user is presented with a consent screen. Users must either (1) confirm that they are 18 years of age or older, or (2) confirm that they are at least 13 years old and that a parent or legal guardian has reviewed this Privacy Policy and our Terms of Service. The user must open and review both documents before the agreement button becomes available. No data collection occurs until this consent is provided. This consent is based on self-attestation. We rely on the user's honest representation regarding their age and parental review. We do not independently verify the user's age or confirm that a parent or guardian has actually reviewed these documents.

Parents and guardians of minor users have the right to:

• Review the personal information we have collected from their child
• Request deletion of their child's personal information and account
• Refuse to permit further collection or use of their child's information
• Request that their child's data not be shared with third parties (except as necessary to provide the service)

To exercise any of these rights, parents or guardians may contact us at [email protected]. We will verify your identity and relationship to the minor before processing your request.

How We Protect Minor Users

• We do not sell minors' personal information to third parties
• We do not use minors' personal information for targeted advertising
• We do not share minors' personal information with data brokers
• We do not profile minors for purposes unrelated to providing the service
• We collect only the information necessary to provide the app's functionality
• Analytics data collection is disabled by default for all users, including minors. Users may choose to opt in through the app's settings.
• When AI-powered smart features process minor users' data, the same protections apply as for all users: no personally identifying information (such as email address or full name) is sent to our AI service providers, and all AI processing occurs under zero data retention agreements, meaning no minor's data is stored or used for AI model training
• We conduct Data Protection Impact Assessments (DPIAs) to evaluate and mitigate privacy risks to minor users, in accordance with applicable state age-appropriate design requirements
• We do not use manipulative design patterns (sometimes called "dark patterns") to obtain consent, encourage data sharing, or discourage the exercise of privacy rights
• Privacy settings are set to their most protective levels by default for all users, including minors

8. Your Rights

You have control over your personal information. Depending on your jurisdiction, you may have the following rights:

• Access your data — You can view all of the recruiting data you have entered directly within the app at any time.
• Export your data — All users can request a portable copy of their data by contacting [email protected]. Scouted Pro subscribers can additionally export their recruiting data directly from within the app as a ZIP file containing CSV files.
• Delete your account — You can delete your account and all associated data using the account deletion feature within the app, or by emailing [email protected]. We will process your request within 45 days and confirm once your data has been removed. Upon deletion, we also remove your data from our third-party service providers.
• Opt out of analytics — You can opt out of analytics data collection through the app's settings. Opting out will not affect the core functionality of the app.
• Disconnect email — You can disconnect your Outlook account at any time through the app's settings. Upon disconnection, your stored email credentials are deleted.

Non-discrimination: We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not result in a different level of service quality, different pricing, or denial of access to the App.

Universal Opt-Out Signals: We recognize and honor Global Privacy Control (GPC) signals and other universal opt-out mechanisms as valid requests to opt out of the sale or sharing of personal information, as required by applicable state laws. Since Scouted does not sell or share personal information, these signals are acknowledged but do not change our data practices, as no sale or sharing occurs.

We will respond to all data access, correction, and deletion requests within 45 days of receiving a verified request. If we need additional time, we will notify you of the reason and the expected completion date.

State-Specific Privacy Rights

Depending on your state of residence, you may have additional privacy rights. The following is a summary of rights under state privacy laws that are most relevant to our users. In all cases, we do not sell or share your personal information, we do not use your data for targeted advertising, and we do not profile users for purposes unrelated to providing the Scouted service.

• California (CCPA/CPRA): You have the right to know what personal information we collect, use, and disclose; the right to request deletion; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights. We do not sell or share personal information as defined under the CCPA/CPRA. We do not use personal information of users under 16 for targeted advertising, sale, sharing, or profiling. For users ages 13–15, we do not sell or share personal information and no affirmative opt-in authorization is needed because no such activity occurs.
• Connecticut (CTDPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling.
• Virginia (VCDPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling.
• Texas (TDPSA): You have the right to access, correct, delete, and obtain a copy of your personal data. You also have the right to opt out of the sale of personal data, targeted advertising, and profiling. Additional protections apply to data of users under 18.
• Oregon (OCPA): You have the right to access, correct, delete, and obtain a copy of your personal data. Processing personal data of users ages 13–15 for targeted advertising or profiling is prohibited — we do not engage in either activity.
• New Jersey (NJDPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling. Additional consent requirements apply to users under 17.
• New Hampshire (NHPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling.
• Maryland (MODPA): You have the right to access, correct, delete, and obtain a copy of your personal data. Maryland law includes heightened protections for minors' data, including restrictions on data collection beyond what is strictly necessary for the service.
• Utah (UCPA): You have the right to access and delete your personal data, and the right to opt out of the sale of personal data and targeted advertising.
• New York (CDPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling. Processing of minors' data requires parental or teen consent where applicable.
• Colorado (CPA): You have the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data, targeted advertising, and profiling. Colorado law includes minor-specific data handling provisions.
• Arkansas (CTOPPA): Arkansas extends COPPA-like protections to teens under 17. You have the right to access, correct, and delete personal data, and additional parental consent requirements apply for users under 17. Effective July 1, 2026.

To exercise any of your state-specific privacy rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

9. Data Retention

We retain your data only as long as reasonably necessary to provide the service. Our retention policy is based on your subscription status and account activity:

Retention by Subscription Tier

• Standard plan: Your account and all associated data will be automatically deleted after 1 year of inactivity. Activity includes logins and data updates. You will be notified 30 days and 7 days before scheduled deletion so you have the opportunity to log in, export your data, or resubscribe.
• Pro plan: Your account and data are retained while your subscription is active. If your subscription ends, the Standard plan retention policy applies.

Immediate Deletion

All users may delete their account and all associated data at any time using the account deletion feature within the app or by contacting [email protected]. This right is available regardless of your subscription tier or the retention schedule above.

What Happens When Your Account Is Deleted

Whether initiated by you or triggered by the retention policy, account deletion removes your account and all associated data from our active systems within 45 days. This includes deletion of your data from our third-party service providers. Some data may be retained in encrypted, inaccessible database backups for up to 90 days as part of our standard infrastructure disaster-recovery practices, after which it will be permanently removed as backups are rotated.

Retention by Data Category

The following table describes retention periods by data category within an active account:

Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytics and product improvement purposes.

This data retention schedule serves as our written data retention policy in compliance with applicable federal and state privacy laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or legal requirements. When we make material changes, we will notify you through the app so you are always aware of how your information is being handled. We encourage you to review this policy periodically.

The "Last updated" date at the top of this policy indicates when the most recent changes were made. Your continued use of Scouted after any updates constitutes your acceptance of the revised policy. If you are a minor user, we encourage you to review any changes with a parent or guardian.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please don't hesitate to reach out to us:

Operator: Scouted

Privacy inquiries: [email protected]

General support: [email protected]

We aim to respond to all inquiries within 45 days and are happy to help with any privacy-related questions or data requests. Parents and guardians of minor users are especially encouraged to contact us with any questions about how we handle their child's data.