Welcome to Team Bloom (“we,” “us,” or “our”). We operate the Team Bloom platform — a software-as-a-service product that helps sports clubs manage their teams, events, communications, and membership. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our website at teambloom.app and our associated services (collectively, the “Service”).
By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the Service.
Your privacy matters. We are committed to being transparent about how we collect and use data. If you have questions at any time, please reach out to us at privacy@teambloom.app.
1. Information We Collect
We collect information you provide directly to us, information generated when you use the Service, and in some cases information from third parties.
1.1 Information You Provide
- Account information — When you create an account, we collect your name, email address, and a hashed password. Club administrators may also provide a club name and subdomain.
- Profile information — You may optionally add a profile photo, phone number, position, or jersey number to your member profile.
- Payment information — When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed directly by our payment processor, Stripe. We do not store full card numbers on our servers.
- Communications — Any messages you send through our in-app messaging feature, or emails you send to our support team.
- User-generated content — Event details, announcements, availability responses, documents, and any other content you create or upload within the platform.
1.2 Information Collected Automatically
- Usage data — Pages visited, features used, clicks, session duration, and actions performed within the Service.
- Device & browser data — IP address, browser type and version, operating system, device identifiers, and time zone.
- Log data — Server logs that record requests made to our servers, including timestamps and response codes.
- Cookies & similar technologies — See the Cookies section below for details.
1.3 Information from Third Parties
- Authentication providers — If you sign in using Google SSO, we receive your name and email address from that provider.
- Payment processor — Stripe may share transaction status and billing details with us to confirm your subscription.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing and improving the Service — To create and manage your account, process transactions, send notifications, and deliver the features you have requested.
- Communications — To send transactional emails (account confirmations, password resets, subscription receipts) and, with your consent, product updates and newsletters.
- Support — To respond to your questions, troubleshoot issues, and provide customer service.
- Analytics & product improvement — To understand how users interact with the Service and identify areas for improvement. We use aggregated, anonymized data wherever possible.
- Security & fraud prevention — To detect, investigate, and prevent fraudulent transactions and other illegal activities.
- Legal obligations — To comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms of Service.
We do not use your personal information for automated decision-making or profiling that produces significant legal effects on you.
3. Information Sharing
We do not sell, rent, or trade your personal data. We share information only in the following limited circumstances:
3.1 Within Your Club
Information you provide — such as your name, profile photo, and availability — is shared with other members and administrators of your club, as that is the purpose of the Service. Club administrators have access to member data within their organization.
3.2 Service Providers
We work with trusted third-party vendors who help us operate the Service. These providers only access your data as necessary to perform their services and are contractually bound to protect it:
- Stripe — Payment processing
- Cloudflare — Cloud infrastructure and CDN
- Resend — Transactional email delivery
3.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Team Bloom, our users, or the public.
3.4 Business Transfers
If Team Bloom is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to such a transfer.
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes (typically up to 7 years for financial records).
Aggregated, anonymized data (e.g., usage statistics) may be retained indefinitely as it can no longer identify you.
5. Security
We take reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- TLS/HTTPS encryption for all data in transit
- AES-256 encryption for data at rest
- Hashed and salted passwords (bcrypt)
- Regular security audits and penetration testing
- Role-based access controls for Team Bloom employees
- SOC 2 compliant infrastructure (via Cloudflare)
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you within 72 hours of becoming aware of it, in accordance with applicable law.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users, regardless of jurisdiction.
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Correction | Ask us to correct inaccurate or incomplete data. |
| Deletion | Request erasure of your personal data ("right to be forgotten"). |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to certain processing activities, including direct marketing. |
| Restriction | Ask us to limit how we use your data while a dispute is resolved. |
| Opt-out (CCPA) | California residents may opt out of the sale of personal information (we do not sell data, but this right is acknowledged). |
To exercise any of these rights, please email us at privacy@teambloom.app or use the data controls available in your account settings. We will respond within 30 days. We may ask you to verify your identity before processing your request.
If you believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your EU supervisory authority).
7. Cookies
We use a minimal set of cookies to operate and improve the Service:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| session_id | Necessary | Keeps you logged in during your session | Session |
| csrf_token | Necessary | Protects against cross-site request forgery attacks | Session |
| remember_me | Necessary | Keeps you logged in across browser sessions if selected | 30 days |
We do not use advertising or tracking cookies. You can disable cookies in your browser settings; however, disabling necessary cookies may affect your ability to log in and use the Service.
8. Third-Party Services
The Service may contain links to third-party websites or integrate with third-party tools (such as calendar apps or payment processors). This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.
9. Children's Privacy
Team Bloom is designed for use by sports clubs, many of which include youth athletes. We recognize the sensitive nature of children's data and take additional care with it.
- The Service is not directed at children under 13. Children under 13 may only use the Service with the explicit consent of a parent or guardian, granted through the club administrator account.
- Club administrators who add youth members (under 18) are responsible for obtaining any necessary parental consent under applicable law (e.g., COPPA in the USA, GDPR in the EU/UK).
- We do not knowingly collect personal data directly from children under 13 without verified parental consent. If you believe a child's data has been collected without consent, please contact us immediately at privacy@teambloom.app.
- Profiles for minor members should not include photos of the child without parental permission.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Send an email notification to all registered users
- Display a prominent notice within the app for at least 14 days
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.
Previous versions of this policy are archived and available upon request.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Mailing address: Team Bloom Inc., 123 Main Street, Suite 400, San Francisco, CA 94105, United States