Connected Performance Training LLC, an Ohio limited liability company doing business as Connect (“Connect,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy describes how we collect, use, share, and protect your information when you use the Connect platform, including our website, web application, mobile applications, and all related services (collectively, the “Platform”).
Connect provides a software-as-a-service platform for athletic training facilities, including but not limited to baseball and softball facilities. Your training facility, sports organization, or other entity that uses Connect (your “Facility”) is our customer. You may interact with our Platform as a facility administrator, coach, athlete, parent, or guardian.
By using the Platform, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Platform.
Privacy Point of Contact: Our designated privacy contact for all inquiries, including COPPA requests, is reachable at support@connected-performance.com.
1. Information We Collect
1.1 Information You Provide
We collect information you or your Facility provide directly, including:
- Account Information: name, email address, phone number, date of birth, role (admin, coach, athlete, parent/guardian), and account credentials.
- Profile Information: profile photo, physical attributes (height, weight, position), and sport-specific details.
- Performance Data: training metrics, assessment results, lesson notes, video recordings, progress tracking, and other athlete development data.
- Payment Information: when you make payments through the Platform, our third-party payment processor collects your payment card information. We do not store full card numbers. We may store the last four digits, card type, and billing address.
- Communications: messages sent through the Platform's communication tools, support requests, and feedback.
- Facility Information: for administrators, business name, address, tax identification number, and bank account information for payment settlements.
1.2 Information Collected Automatically
When you use the Platform, we automatically collect:
- Device Information: device type, operating system, browser type, unique device identifiers, and mobile advertising identifiers.
- Usage Data: pages viewed, features used, actions taken, timestamps, session duration, and clickstream data.
- Location Data: approximate location based on IP address. Precise GPS location is only collected through the Mobile App if you grant permission, and can be disabled in your device settings.
- Log Data: IP address, access times, error logs, and referring URLs.
- Cross-Device Data: if you access the Platform on multiple devices (e.g., web and mobile), we may link your sessions using your account login to provide a consistent experience. This allows us to sync your data, preferences, and activity across devices.
1.3 Biometric Data
Certain Platform features may process video recordings or motion data that could constitute biometric information under applicable state laws. This may include analysis of body geometry, movement patterns, or physical characteristics derived from athletic activity video (e.g., swing analysis, pitching mechanics). See our End User Terms of Service for full details on consent, retention, and your rights regarding biometric data.
1.4 Sensitive Data
Under certain state privacy laws, some information we collect may be classified as “sensitive data,” including:
- Children's data: personal information of children under 13 (collected with verifiable parental consent under COPPA).
- Precise geolocation: GPS location data (collected only with your affirmative opt-in through device permissions).
- Biometric data: as described in Section 1.3 (collected with your consent through use of applicable features).
- Health/fitness-related data: athletic performance metrics, physical measurements, and injury-related notes may be considered health-adjacent data in some jurisdictions. We process this data solely to provide the Platform's athlete development features. This data does not constitute “Protected Health Information” (PHI) under HIPAA or “Sensitive Health Information” under the FTC Health Breach Notification Rule. Connect is a performance analytics tool, not a medical or healthcare provider.
We obtain explicit opt-in consent before processing sensitive data categories that require it under applicable law.
1.5 Cookies and Similar Technologies
We use cookies, pixels, and similar tracking technologies. Here is what we use and how you can manage them:
| Type | Purpose | Can Disable? | Duration |
|---|---|---|---|
| Essential | Authentication, security, session management. Required for Platform to function. | No | Session / 1 year |
| Analytics | Understand usage patterns, diagnose issues, improve features (e.g., Google Analytics). | Yes | Up to 2 years |
| Functional | Remember preferences, settings, and customizations. | Yes | Up to 1 year |
We do not use advertising, retargeting, or behavioral tracking cookies.
1.6 Cookie Consent and Management
When you first visit the Platform, you will be presented with a cookie preference center that allows you to accept or decline non-essential cookies. You can update your preferences at any time through the cookie settings link in the Platform footer or in your account settings. You may also manage cookies through your browser settings. Disabling cookies may affect Platform functionality. For California residents, declining analytics cookies constitutes an opt-out of “sale” or “sharing” to the extent any analytics cookies could be deemed to share data with third parties.
1.7 Information from Third Parties
We may receive information from your Facility (e.g., when they add you), from payment processors (transaction confirmations), and from third-party integrations your Facility has enabled.
2. How We Use Your Information
| Purpose | Description | Legal Basis |
|---|---|---|
| Provide Platform | Operate, maintain, and deliver features including scheduling, performance tracking, communication, and payments. | Contract performance |
| Process Payments | Facilitate payment transactions between you and your Facility through our Payment Processor. | Contract performance |
| Communications | Send service notifications, respond to inquiries, facilitate Facility communications. | Contract / Legitimate interest |
| Analytics / AI | Generate performance insights, training recommendations, and AI-powered features. | Consent / Legitimate interest |
| Improve Platform | Analyze usage, diagnose issues, develop features. Uses anonymized/aggregated data. | Legitimate interest |
| Security | Detect/prevent fraud, abuse, security incidents; enforce Terms of Service. | Legitimate interest / Legal obligation |
| Legal Compliance | Comply with legal obligations, respond to lawful requests, protect rights. | Legal obligation |
We do not sell your personal information. We do not use your identifiable personal information to train AI models that are made available to third parties.
3. How We Share Your Information
3.1 With Your Facility
Your Facility's administrators and coaches can access your account information, performance data, scheduling information, and communications. The level of access is determined by your Facility.
3.2 Service Providers (Sub-Processors)
We share information with third-party service providers who process data on our behalf. These providers are contractually required to protect your information and may only use it to provide services to us. Our current categories of sub-processors include:
| Category | Provider(s) | Purpose |
|---|---|---|
| Cloud Hosting | DigitalOcean (US) | Primary infrastructure, application hosting, database, backups |
| Payment Processing | Rate Tracker | Transaction processing, PCI compliance |
| Analytics | Google Analytics | Usage analytics (anonymized) |
| Email Delivery | Google Workspace (Gmail) | Transactional and service emails |
| SMS Delivery | GoHighLevel | Text message notifications |
| Customer Support | HelpScout | Ticket management, in-app chat |
| File Storage | Amazon Web Services S3 (US) | Secure file and media storage |
| Auth / Messaging | Google Firebase | Push notifications, authentication services |
| Error Monitoring | Sentry | Application error tracking (no PII transmitted) |
A current list of sub-processors is maintained at a dedicated page on our website (URL to be published) and is updated at least thirty (30) days before any new sub-processor is engaged.
3.3 Payment Processor
When you make payments, your payment information is shared with our Payment Processor. Their handling of your information is governed by their own privacy policy.
3.4 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect rights, safety, or security.
3.5 Business Transfers
If Connect is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email or prominent Platform notice before your information becomes subject to a different privacy policy.
3.6 With Your Consent
We may share information with third parties when you give explicit consent.
3.7 Aggregate Data
We may share anonymized, aggregated data that does not identify any individual for research, analytics, benchmarking, and industry reporting.
4. Children's Privacy (COPPA Compliance)
We take children's privacy seriously. The Platform may be used by children under 13 in connection with youth athletic training programs.
4.1 How We Handle Children's Data
- We do not knowingly collect personal information from children under 13 without verifiable parental consent.
- Your Facility is responsible for obtaining verifiable parental consent before a child under 13 uses the Platform.
- We collect only information reasonably necessary for the child to participate: name, date of birth, performance data, and parent/guardian contact information.
- We do not condition participation on providing more information than necessary.
- We do not use children's personal information for advertising or marketing.
- We do not share children's personal information with third parties except service providers who need it to operate the Platform.
- We do not use children's identifiable data to train AI models.
4.2 Parental Rights
Parents and guardians have the right to: review collected information; request deletion; refuse further collection; and revoke consent at any time. Contact us at support@connected-performance.com with “COPPA Request” in the subject line. We will verify your identity and relationship to the child before processing.
4.3 Discovery of Unauthorized Collection
If we discover that we have collected information from a child under 13 without proper consent, we will promptly delete it. If you believe this has occurred, please contact us immediately.
4.4 Annual Review
Connect conducts an annual review of its data collection practices with respect to children's personal information to ensure continued compliance with COPPA and to verify that collection remains limited to what is reasonably necessary. The results of this review are documented internally and are available to Facilities upon request.
5. Data Security
We implement commercially reasonable safeguards to protect your information, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256-CTR);
- Role-based access controls limiting data access to authorized personnel;
- Periodic security assessments and continuous monitoring;
- Intrusion detection and prevention systems (fail2ban) with automatic IP banning;
- Web application firewall with rate limiting and DDoS protection;
- Security headers enforcement (HSTS, CSP, X-Frame-Options, X-Content-Type-Options);
- Secure hosting on DigitalOcean infrastructure in the United States;
- Domain-based access isolation between organizations;
- Incident response procedures with documented escalation protocols; and
- Employee security training and background checks for personnel with data access.
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Data Retention
We retain information based on the category and purpose. The following table describes our retention practices:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Information | Duration of account + 90 days after deletion | Service delivery; post-termination export window |
| Performance Data | Duration of account + 90 days after deletion | Service delivery |
| Payment Records | 7 years from transaction date | Financial regulations; tax compliance; dispute resolution |
| Communication Logs | Duration of account + 90 days | Service delivery |
| Children's Data (under 13) | Duration of account. Deleted within 30 days of consent revocation or account deletion. Inactive accounts: 9 months. | COPPA data minimization |
| Biometric Data | 3 years from last interaction or duration of account, whichever is shorter | BIPA compliance; data minimization |
| Usage/Analytics Data | 26 months (anonymized) | Product improvement; industry standard |
| Log Data | 12 months | Security; troubleshooting |
| Backup Copies | Deleted within 90 days of primary data deletion | Disaster recovery |
| Aggregate/Anonymized Data | Indefinite (cannot identify individuals) | Product improvement; benchmarking |
7. Your Rights and Choices
7.1 All Users
Regardless of where you live, you can:
- Access and update your account information through Platform settings;
- Delete your account by contacting support or through Platform settings;
- Opt out of non-essential communications;
- Disable location services and push notifications through device settings;
- Manage cookie preferences through our cookie preference center; and
- Request a copy of your data in a portable format.
7.2 California Residents (CCPA/CPRA)
If you are a California resident:
- Right to Know: Request the categories and specific pieces of personal information we have collected, sources, business purposes, and categories of third parties we share with.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
- Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (biometric data, precise geolocation, children's data) for the purposes disclosed in this policy.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
CCPA Categories of Personal Information Collected:
| CCPA Category | Examples | Disclosed To |
|---|---|---|
| Identifiers | Name, email, phone, IP address | Facility, service providers |
| Customer Records | Payment info, billing address | Payment processor |
| Internet/Electronic Activity | Usage data, device info, logs | Analytics providers |
| Geolocation | IP-based; GPS if opted in | Service providers |
| Professional Info | Facility role, coaching credentials | Facility |
| Education-Related | Athletic performance data | Facility |
| Biometric | Video-derived movement data | Service providers (processing only) |
| Sensitive (Children) | Under-13 personal info | Facility, service providers |
| Inferences | Performance analytics, AI insights | Facility |
7.3 Virginia, Colorado, Connecticut, and Texas Residents
If you reside in these states, you may have similar rights including access, correction, deletion, data portability, and the right to opt out of certain processing. You also have the right to appeal a denial of a privacy request. To exercise these rights or appeal a decision, contact us as described in Section 13.
7.4 How to Exercise Your Rights
Contact us at support@connected-performance.com or the address in Section 13. We will verify your identity before processing. For parents exercising rights on behalf of a child, we will verify the relationship. We respond within forty-five (45) days, with a possible 45-day extension. If we deny your request, we will explain the basis and your appeal rights.
8. AI Features and Automated Processing
- What data is used: AI Features process performance data, training history, and usage patterns to generate personalized insights.
- How we train AI: Only anonymized/aggregated data. We never use identifiable personal information to train general-purpose AI models.
- Children's data: We do not use identifiable data from children under 13 for any AI training purposes.
- Opt out: You or your Facility can opt out of AI Features through Platform settings.
- No automated decision-making with legal effects: We do not use AI to make decisions that produce legal or similarly significant effects without human involvement.
- Profiling: AI Features may create profiles based on your athletic performance for the purpose of providing personalized training insights. This profiling is used solely within the Platform and is not shared with third parties for their own purposes.
9. Mobile Application Privacy
Our Mobile App may request the following device permissions:
| Permission | Purpose | Required? | Background? |
|---|---|---|---|
| Camera | Capture training video for swing/pitching analysis; profile photos | No (optional feature) | No |
| Photo Library | Upload existing photos/videos to the Platform | No (optional feature) | No |
| Location (GPS) | Facility check-in; location-based features | No (optional feature) | No |
| Push Notifications | Lesson reminders, schedule changes, payment alerts | No (recommended) | N/A |
| Contacts | Not requested | N/A | N/A |
| Microphone | Audio in training videos (if camera enabled) | No (optional feature) | No |
We do not collect data in the background when the app is not in active use. You can revoke any permission at any time through your device settings. The app will continue to function with reduced features if optional permissions are denied.
Apple App Privacy Labels: Our App Store privacy labels accurately reflect the data collection described in this Privacy Policy. If you notice any discrepancy, please contact us.
10. Data Breach Notification
In the event of a security incident involving unauthorized access to, acquisition of, or disclosure of your personal information, we will:
- Notify affected individuals as required by applicable state and federal breach notification laws, typically within the timeframes required by each applicable jurisdiction (generally 30–60 days from discovery);
- Provide notification via email to the address associated with your account, and if email is unavailable, through alternative means such as prominent Platform notice, postal mail, or phone;
- Include in the notification: a description of the incident, the types of information involved, steps we are taking, and steps you can take to protect yourself;
- For incidents involving children's data, notify the parent or guardian at the contact email on file;
- Notify your Facility, as our subscriber, within seventy-two (72) hours of discovery; and
- Cooperate with regulatory authorities and law enforcement as required by applicable law.
11. International Data Transfers
The Platform is hosted and operated in the United States. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have different data protection standards than your country of residence.
By using the Platform from outside the United States, you expressly consent to the transfer of your information to the United States. We will take reasonable steps to ensure your information is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
Connect does not currently offer the Platform for use outside the United States and does not target users in the European Economic Area, United Kingdom, or other jurisdictions with comprehensive data protection regimes. If you are located in such a jurisdiction and choose to use the Platform, you do so at your own discretion and risk.
12. Do Not Track and Global Privacy Control
We honor Global Privacy Control (GPC) signals as opt-out requests under applicable state laws, including the CCPA/CPRA. When we detect a GPC signal, we will treat it as a valid opt-out of any “sale” or “sharing” of personal information (to the extent any such activity occurs).
We do not currently respond to Do Not Track (DNT) browser signals, as there is no uniform industry standard for DNT. If a standard is adopted, we will update this policy accordingly.
13. Contact Us
If you have questions, wish to exercise your rights, or have concerns about our data practices:
Connected Performance Training LLC
d/b/a Connect
Email: support@connected-performance.com
COPPA Requests: support@connected-performance.com (subject line: “COPPA Request”)
DMCA Notices: support@connected-performance.com
Address: 1964 Columbus Road, Cleveland, OH 44113
If you are not satisfied with our response, you may file a complaint with your state attorney general or the Federal Trade Commission (FTC).
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on the Platform or sending a notification at least thirty (30) days before the changes take effect. We will not materially reduce your rights without your explicit consent. The “Effective Date” at the top indicates when it was last updated. Prior versions of this Privacy Policy are available upon request.