This Privacy Policy explains how RosterLedger ("RosterLedger," "we," "us") collects, uses, discloses, stores, and protects personal information when you use our website and team-treasury software (the "Service"). We are committed to handling personal information responsibly and in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the EU/UK General Data Protection Regulation (GDPR).
1. Our role: controller and processor
RosterLedger plays two different roles depending on the data:
- For your own account information (the email address you sign in with), we are the controller.
- For the team data you enter — your roster, contributions, sponsors, reimbursements, and ledger — the team and/or its sports association is the controller, and RosterLedger acts as a processor handling that data on your behalf and under your instructions.
2. Information we collect
- Account information:your email address (used for passwordless "magic link" sign-in) and your role on a team.
- Team and financial information you enter: team and season details, player names, parent/guardian names, emails and phone numbers, fees and payment status, sponsors, staff honoraria, reimbursements, game-day cash records, and ledger entries.
- Children's information: because youth-sports rosters include minors, the player names you enter may be those of children. See Section 6.
- Receipt files: images or PDFs you upload, which may contain personal information.
- Payment information: handled entirely by our payment processor, Stripe. We do not see or store your full card number.
- Essential technical data: a secure session cookie to keep you signed in, and standard server logs. We do not use advertising or third-party tracking cookies.
3. How we use information
- To provide, operate, and secure the Service.
- To authenticate you and keep your session active.
- To process subscription payments and manage your access.
- To send you transactional emails (such as sign-in links).
- To respond to support requests and to meet legal obligations.
We do notsell personal information, and we do not use your team's data for advertising.
4. Legal basis for processing
Where PIPEDA applies, we rely on your consent and on the reasonable purposes of operating the Service you have asked us to provide. Where the GDPR applies, our legal bases are the performance of our contract with you, our legitimate interests in operating and securing the Service, your consent, and compliance with legal obligations.
5. Sharing and sub-processors
We share information only with the service providers that help us run the Service. Each is bound by contractual data-protection obligations:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and content delivery.
- Stripe — subscription billing and payment processing.
- Resend — delivery of transactional email.
We may also disclose information if required by law, or to protect the rights, safety, and security of our users and the Service.
6. Children's information
RosterLedger is a tool for adult volunteer treasurers; it is not directed to children and children do not use it. However, the rosters you enter may contain the names of minors. By entering this information you confirm that you are authorized by your team or association to do so. We process children's information only to provide the Service, never for marketing, and we apply the same security protections to it as to all other personal information. We encourage treasurers to enter only the minimum information needed (for example, a player's name and a parent contact).
7. Where your data is stored
Your team's primary database — your roster, contributions, sponsors, receipts, and ledger — is hosted in Canada. Certain supporting services (such as application hosting, payment processing, and email delivery) may process limited data outside Canada, including in the United States. Where data is transferred internationally, it remains protected by appropriate contractual and technical safeguards, and may be subject to the laws of the country in which it is processed.
8. Data retention
We keep your team's data for as long as your subscription is active, so that financial history carries over from season to season. If your free trial ends or your subscription lapses, we keep your team's data for 12 months so you can pick up exactly where you left off if you return. After 12 months without an active subscription, the team and all of its data — including uploaded receipts — are permanently deleted.
You can export or permanently delete your team's data yourself at any time from the Settings page. When you delete a team, its records and uploaded receipts are permanently removed.
9. Your rights
Depending on where you live, you have rights to access, correct, export, and delete your personal information, and to withdraw consent. You can:
- Access and exporta complete copy of your team's data from the Settings page.
- Correct any information by editing it directly in the app.
- Delete your team and all its data from the Settings page.
- Contact us at support@getrosterledger.com for any other request.
10. Security
We protect your data with encryption in transit, encrypted storage, row-level access controls that isolate each team's data, and passwordless authentication. No system is perfectly secure, but we work to protect your information using industry-standard measures.
11. Cookies
We use only strictly necessary cookies — primarily a secure session cookie that keeps you signed in. We do not use advertising or analytics tracking cookies.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, take reasonable steps to notify you.
13. Contact us
Questions or privacy requests: support@getrosterledger.com. If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.