Data ethics

Your Data.
Your Choice.

Plan.Set.Goal was built around one commitment — the athlete owns their journey. We help measure it, verify it, protect it, and use it to create opportunities. Never to sell it.

Section 1

What we collect

Here's the full list — no marketing framing, just what actually lives in our database and why it's there.

  • Account information. Name and email. Required for the app to work — we need to know who's signing in.
  • Athletic performance. Workouts, sets and reps, personal records, measurable results (verticals, sprints, throws, etc.). Required for the training and MetriX features to function.
  • Sport context. Team, position, class year, school. Required so benchmarks and recruiting features can compare like-to-like.
  • Health-adjacent. Height, weight, body metrics, profile photos. Only if the athlete or parent enters them. Skippable everywhere.
  • Coach-verified data. Session summaries, coach-verified stats, drill results. Created by the athlete's coach; the athlete or parent controls who else sees them.
  • Date of birth. Required for age-based safety defaults (under-13, 13-15, 16+ recruiting-profile rules). We never share DOB with any third party — it's used internally to compute age.

We do not collect social security numbers, government IDs, precise location, biometric fingerprints, or anything unrelated to training and recruiting.

Section 2

Who can see it

Every piece of athlete data has a small, well-defined audience. There is no data broker, no advertiser, no third-party model training on identifiable data.

  • The athlete. Sees everything about themselves.
  • Their parent or guardian (under 16). Sees everything the athlete sees, plus supervisor tools to help set the profile up and control visibility.
  • Their coach at their gym or team. Sees the performance data the athlete or parent has approved sharing at that specific gym or team. Tenant-scoped, not global.
  • Plan.Set.Goal staff. Minimal access, only when responding to a support request from the athlete or parent. Every internal look is logged.
  • College coaches. Only through a recruiting profile the athlete (or their parent) has explicitly chosen to make publicly discoverable. When a coach finds an athlete on /find-an-athlete, it's because that athlete opted in to being searchable — not because we sent their profile to recruiters.
  • Nobody else. No data brokers. No advertisers. No lead sales. No third-party model training on identifiable data.
Section 3

How we use AI

Two AI features are live on Plan.Set.Goal today. A third — a large-scale learning pipeline — is on the roadmap but not built yet. Here's exactly what runs today and what doesn't.

  • Coach recaps + themes — available today. We use an open-source language model (Qwen 2.5) running on our own infrastructure to generate weekly workout recaps and coaching-theme summaries. It reads only that athlete's own logged data, writes a summary, and forgets it. Your athlete's data never leaves our infrastructure to reach a third-party AI provider, and the model doesn't “learn” from it — it's inference-only against a pre-trained open-source model.
  • Peer benchmarks with a group-size gate — available today. When your athlete compares themselves to peers at their sport, position, and class year, we only show the comparison when the peer group has at least 20 athletes — a hard limit encoded directly in the code (PEER_MIN_COHORT_N in lib/benchmarks.ts). Below that, we hide the benchmark rather than risk identifying individuals. Coming soon (target Q3 2026): raising this floor to 100+ per cohort as more athletes join the platform.
  • Cited position benchmarks — available today. Position benchmark thresholds (“D2 running back 40-yard target: 4.65s”) come from published sources — NCAA guidelines, NFHS records, recruiting-service methodology. Every benchmark carries its citation, visible in the UI. No black-box numbers.
  • Cross-athlete ML training — not yet, target Q3 2026. We have not trained any models on aggregated athlete data yet. We don't have enough athletes on the platform for it to make sense, and we'd rather not pretend otherwise. When we do build cross-athlete models — for training suggestions, projection confidence, cohort insights — they will follow these rules, which we're committing to now:
    • · Aggregate patterns only, never individual-athlete training data
    • · Identifiers stripped mechanically at the pipeline level before any aggregation runs, not by policy
    • · The same group-size gate that hides small-cohort benchmarks today
  • Recruiter-facing profiles use only what the athlete authorized. The MetriX score exists at /metrix/[id] and is only publicly viewable when the athlete has opted into a public recruiting profile. It shows only verified inputs — unverified self-reported stats stay in the athlete's private workspace. External college-coach recruiting workflows at scale are still in development. More on verification tiers →
Section 4

What we will never do

Explicit list, blunt language. If any of these ever changes, we will tell you before it takes effect — with time to export your athlete's data and leave.

  • We will never sell your athlete's data. Not to any third party. Not aggregated in a way that could be re-identified. Not at any tier of our business.
  • We will never sell 'leads' to college recruiters. College coaches don't pay us for athlete access. When a coach finds your athlete — through /find-an-athlete or a shared recruiting link — it's because your athlete (or their parent) chose to make their profile publicly discoverable. We never sell contact info, never send unsolicited profiles to recruiters, and never charge coaches for access.
  • We will never expose identifiable data in AI features. The group-size gate above is a hard rule. If a peer benchmark would identify an individual, we hide the benchmark. Silence over exposure, every time.
  • We will never share your data without your explicit consent. Not with a partner, not with a “sponsor,” not with anyone. Consent is captured with a specific timestamp and a specific version of these commitments.
  • We will never quietly change these commitments. If we ever need to change what's on this page in a way that matters, we will email every account and give at least 30 days notice before it takes effect — with a one-click export of everything we have on your athlete.
Section 5

Your controls

Real controls the athlete or parent can use today. Anything not yet built is marked below with a target date, not hidden.

  • Recruiting profile visibility. Toggle whether the recruiting profile is publicly discoverable. Under 13 → always private. 13-15 → requires explicit parent consent. 16+ → athlete controls it directly. Manage in /recruiting/edit →
  • Coach + tenant access. Each gym or team an athlete joins only sees what they need for that context. Leaving a tenant (via /family & Tenant Settings controls) revokes their access to future data going forward.
  • Family supervisor tools. Parents managing a family member can revoke that member's login access, deactivate the profile, or hand off management. Family page →
  • Data export — coming soon (Q3 2026). Individual athlete download of everything we have on them (JSON + CSV bundle, GDPR-style right-to-portability). Not yet built for individual athletes — gym owners can already export tenant-scoped data. Until this ships, reach out and we'll offer a way to export your athlete's data.
  • Account deletion. Reach out and we'll close your account. Age 13+ accounts go inactive for 180 days (restorable if you change your mind); after that, all identifying information is permanently deleted, and the training data itself stays only with no name attached. Under-13 accounts hard-delete everything on day 30. A self-serve close button ships Q3 2026 alongside automated enforcement of this schedule. Full details in the “What if I close my account?” answer below.
Section 6

What happens if…

The questions parents actually ask. Straight answers.

What if I close my account?

Nothing on the platform is gone the day you ask — we hold your account inactive for 180 daysfirst, in case you change your mind. Reach out during that window and we'll restore it in full.

After 180 days (age 13+): we permanently delete anything that could identify your athlete — name, email, date of birth, photos, uploaded film. The training data itself (workouts, PRs, measurables) stays in our database with no name attached. That way, when a future athlete at the same sport and position looks at how their training compares, the benchmarks they see have more real data behind them. We only include these no-name records in a benchmark when at least 100 similar athletes are contributing — so no rare combination of stats can point back to any one person.

Under 13 is different. Younger athletes get the stricter path per COPPA: on day 30 (not 180) we hard-delete everything — training data included. Nothing is kept, with or without a name attached.

Automated enforcement of this schedule ships Q3 2026 alongside a self-serve close button. Until then, we handle each account closure by hand on this same schedule.

Encrypted database backups age out over the following weeks; formal retention windows publish Q3 2026. Records held by the payment and auth services we use (Stripe, Clerk) follow their own policies plus any legal requirements — for example, Stripe is legally required to retain payment history for tax compliance. We don't keep more than those third parties need to comply.

What if my athlete turns 18?

Age-of-majority is an unlock moment, not an audit. The recruiting profile controls fully transfer to the athlete themselves. Parent supervisor access becomes read-only, unless the athlete keeps them added. Nobody is surprised — the athlete gets a heads-up email before their 18th birthday.

What if Plan.Set.Goal is acquired?

These commitments transfer to any acquirer. If an acquirer wants to change them in a way that matters (data selling, weaker AI anonymity, sharing without consent), every account gets at least 90 days notice plus a one-click export of all athlete data before anything changes. You get the runway to leave with everything.

What if a college coach contacts me because I appear on your platform?

If your recruiting profile is set to publicly discoverable, college coaches can find you through /find-an-athlete and reach out — that's the point of a public recruiting profile. If your profile is private (the default for anyone under 16 without parent consent), they shouldn't be able to find you. Getting contact when your profile isn't public? Let us know and we'll investigate.

What if I want to see everything you have on my athlete?

Today: reach out and we'll offer a way to export your athlete's data. Soon (Q3 2026): a self-serve export button on the athlete's profile that downloads a complete JSON + CSV archive.

What if you get breached?

We'll tell you within 72 hours of learning about it, per the strictest breach-notification standards we're held to. We use Neon Postgres (encrypted at rest), Clerk for auth (never see or store passwords), and Stripe for payments (never see or store card numbers). Card numbers, government IDs, and passwords are never in our database in any form.
Section 7

Why we made these commitments

We know how much trust parents put in platforms that touch their kids' lives. We believe trust is earned through what we don't do as much as through what we do — which is why the list of things we will never do is on this page, in plain language, before you sign up.

Last updated: 2026-07-06. This page reflects our commitments as of today. When they change, we'll tell you.