← League OS

Privacy Policy

What data we collect, why we collect it, and how we protect it.

Last updated: April 5, 2026 | Primal Global Consulting S.A., Panama

This Privacy Policy explains how Primal Global Consulting S.A. (“we”, “us”, “our”) collects, uses, and protects information when you visit the League OS marketing website (leagueos.ai) and when you use the League OS platform as a league operator, administrator, player, guardian, or official. League OS is a product of Primal Global Consulting S.A., a company registered in Panama.

This policy covers both this marketing website and the League OS platform. The platform operates under a data processing agreement with each league operator. League operators are the data controllers for their members. Primal Global Consulting S.A. acts as data processor on their behalf.

If you have questions about this policy, contact us at hello@leagueos.ai or via WhatsApp at +507-6586-2245.

1. Who We Are

Controller: Primal Global Consulting S.A., Panama.

Product: League OS (leagueos.ai) is a white-label sports league operations platform built and operated by Primal Global Consulting S.A.

Contact: hello@leagueos.ai / WhatsApp: +507-6586-2245

2. Data We Collect via the Contact Form

When you submit the contact form on this website, we collect the following information:

  • Your name
  • Your email address
  • Your league name
  • Approximate team count
  • Sport type
  • Whether you have historical data to import
  • IP address and timestamp of submission (logged by the server)

Why We Collect It

We use this information solely to evaluate your inquiry and, if there is a fit, to set up a pilot environment for your league. We do not use it for advertising, profiling, or any purpose unrelated to your inquiry.

Legal Basis

The legal basis for processing this data is legitimate interest in responding to a pre-contractual inquiry. By submitting the form, you are initiating contact and reasonably expect a response.

How It Is Stored

Contact form submissions are delivered to us by email via our email provider (Resend, SendGrid, or equivalent, depending on configuration). We do not store form submissions in a database. The data exists in email only.

How Long We Keep It

We retain contact form submissions for 12 months after last contact, after which the email record is deleted. If a business relationship develops, data is retained as part of that relationship for its duration.

Third-Party Processing

Your submission passes through our email delivery provider (Resend, SendGrid, Amazon SES, Mailgun, or Postmark, whichever is configured). These providers process the message in transit and may log delivery metadata. They do not use your data for their own purposes beyond delivering the email.

3. Data the Platform Stores on Behalf of Leagues

When a league operates on League OS, the platform stores and processes data about that league's members on behalf of the league operator. The league operator determines what data is collected and is responsible for obtaining any necessary consents from their members.

Player Identity and Registration

The platform stores player identity records that persist across seasons: name, date of birth, contact information, jersey number, position, and eligibility status. Each season produces a separate registration record linked to the player's persistent identity. This design allows leagues to track player history without re-entering data each year.

Guardian Records and Minor Player Consent

For leagues with minor players (under 13 or under applicable local age threshold), the platform includes COPPA-aware workflows. Guardian records store the relationship between a guardian and a minor player. Guardian consent tokens are single-use, time-limited, and invalidated once used. Waiver signatures include a content hash, submission timestamp, IP address, user agent string, and an identity token. A PDF receipt is generated for each signed waiver and retained on behalf of the league.

Officials and Referees

Official profiles store name, contact information, certification level, and availability. Background check status is linked to official records and updated by the league's designated background check provider.

Background Check Data

Leagues that enable background checks use their own credentials with one of four supported providers: Verified Volunteers, RecCheck, Sterling, or Certn. League OS stores the check status, result code, and timestamp returned by the provider. The platform does not store raw background check reports. The full report remains with the provider and is accessible only through the provider's own system.

Payments

Registration fees and other league payments are processed via Stripe. League OS stores the payment amount, currency (three-character ISO code), status, and a reference to the Stripe payment record. Payment card numbers and full card data are never stored on League OS infrastructure. Stripe is the payment data controller for card data.

Roster Privacy Controls

Roster data is subject to a visibility matrix. At launch, full roster details are accessible only to league staff and team staff. Players can see their own record. Public-facing pages display only the information the league administrator has configured for public visibility.

Game and Schedule Data

The platform stores game schedules, results, game sheet events (goals, penalties, roster selections), and standings. This data is owned by the league and is available for export at any time.

How Platform Data Is Stored

All league data is stored on Supabase infrastructure in EU West (Ireland). Data is encrypted at rest using AES-256 and encrypted in transit using TLS 1.2 or higher. Every table is isolated by league identifier, enforced at the database level by row-level security policies. No league can access another league's data.

Access Controls

Access to platform data is role-based. Roles include platform operator, league admin, team staff, scorekeeper, player, and guardian. Each role has access only to the data required for its function. The Supabase service role key is never exposed to client-side code. All server actions verify the requesting user's role before accessing data.

Data Retention and Export

League data is retained for the duration of the league's contract plus a 30-day read-only window after termination. During this window, administrators can export their data in CSV and JSON formats. After 30 days, data is permanently deleted unless a written extension is requested. Full details are in the Trust Infrastructure document.

4. Cookies and Tracking

We use Vercel Analytics to understand how visitors use this website. Vercel Analytics is privacy-friendly: it does not set cookies, does not collect personally identifiable information, and does not build user profiles. It tracks aggregate page view counts only.

We also use Google Analytics 4 for more detailed usage analytics. GA4 is only loaded if you accept cookies via the consent banner shown on your first visit. If you decline, no GA4 cookies are set and no data is sent to Google.

  • Analytics cookies are consent-gated and never set without your permission.
  • No advertising, remarketing, or third-party tracking cookies are used.
  • No user identifiers are stored or transmitted to third parties for tracking purposes.

For a complete list of cookies, local storage keys, and how to manage your preferences, see our Cookie Policy.

5. Third-Party Services Used by This Website

This marketing website uses the following third-party services:

Vercel

This website is hosted on Vercel's global edge network. Vercel processes requests, serves pages, and provides the analytics described in Section 4. Vercel may log standard web server data (IP address, browser type, page requested, timestamp) as part of normal hosting operations. See Vercel's Privacy Policy for details.

Email Provider

Contact form submissions are delivered via an email provider (Resend, SendGrid, Amazon SES, Mailgun, or Postmark, whichever is currently configured). These services process email delivery on our behalf and are bound by their own privacy policies and data processing agreements.

Note: Supabase, Stripe, and Sentry are used by the League OS product for active leagues. They are not used by this marketing website and do not receive any data from visitors here.

6. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate data.
  • Right to erasure: You can request that we delete your data.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interest.

To exercise any of these rights, email hello@leagueos.ai with your request. We will respond within 30 calendar days.

These rights extend to all visitors regardless of location. We do not discriminate based on where you are in the world.

7. Children's Data

This marketing website does not knowingly collect personal data from children under 13. If you believe we have inadvertently collected information from a child, contact us at hello@leagueos.ai and we will delete it promptly.

The League OS platform includes COPPA-aware guardian workflows for leagues with minor players. Guardians provide verifiable consent before any minor player data is activated. These workflows are described in Section 3. The league operator is responsible for configuring and using these workflows correctly for their jurisdiction.

8. International Scope

This website and platform serve visitors from the United States, Canada, and internationally. Data may be processed in the following locations:

  • Panama: Where Primal Global Consulting S.A. is registered and where we receive and process inquiries.
  • Ireland (EU West): Where all platform league-member data is stored on Supabase infrastructure.
  • United States:Where Vercel's edge network, most email providers, and Stripe operate.

By submitting your information or using the platform, you acknowledge that it may be transferred to and processed in these locations.

9. WhatsApp Contact

We list WhatsApp (+507-6586-2245) as an alternative way to reach us. If you choose to contact us via WhatsApp, that conversation is subject to Meta's Privacy Policy. We do not control how Meta handles data transmitted through their platform.

We use WhatsApp for direct, real-time communication only. We do not use it for marketing broadcasts, automated messages, or data collection.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page with an updated “Last updated” date.

For material changes that significantly affect how we handle your data, we will post a notice on the website. Continued use of the website after a policy change constitutes acceptance of the updated policy.

Contact

For any questions about this policy or to exercise your data rights:

  • Email: hello@leagueos.ai
  • WhatsApp: +507-6586-2245
  • Company: Primal Global Consulting S.A., Panama

League OS is a product of Primal Global Consulting S.A., Panama. This policy was last updated April 5, 2026. The current version is always available at leagueos.ai/privacy.