Privacy Policy

Introduction

Forged Sports, Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our venue management system platform and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

Personal Information

When you register for an account or use our Service, we may collect personal information including:

•Name and contact information (email address, phone number)
•Organization and venue details
•Account credentials and authentication data
•Communication preferences

Venue Operations Data

Our Service processes data related to venue operations, including:

•Customer and player information
•Bay and equipment usage data
•League and tournament information
•Waiver and document management data
•Integration data from connected services (Clover, Toast, SevenRooms, OpenTable)

Automatically Collected Information

When you access our Service, we automatically collect certain information:

•Device information (IP address, browser type, operating system)
•Usage data and analytics
•Cookies and similar tracking technologies
•Log files and error reports

How We Use Your Information

We use the information we collect for various purposes:

•
Service Provision: To provide, maintain, and improve our venue management platform
•
Account Management: To manage your account, authenticate users, and provide customer support
•
Communication: To send important updates, security alerts, and service-related notifications
•
Analytics: To understand usage patterns and improve our Service
•
Legal Compliance: To comply with legal obligations and enforce our terms of service
•
Integration Services: To facilitate connections with third-party services you choose to integrate

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

•Encryption of data in transit and at rest
•Regular security assessments and updates
•Access controls and authentication mechanisms
•Employee training on data protection
•Incident response and breach notification procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

You have certain rights regarding your personal information:

•
Access: Request a copy of the personal information we hold about you
•
Correction: Request correction of inaccurate or incomplete information
•
Deletion: Request deletion of your personal information, subject to legal obligations
•
Data Portability: Receive your data in a structured, machine-readable format
•
Opt-Out: Unsubscribe from marketing communications at any time
•
Cookie Preferences: Manage cookie settings through your browser

Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Retention periods vary based on:

•The nature of the information and why it was collected
•Legal, regulatory, and contractual requirements
•Legitimate business purposes
•Your account status and activity

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer information internationally, we implement appropriate safeguards including contractual obligations and technical measures to protect your information in accordance with this Privacy Policy.

Cookies and Tracking Technologies

Types of Cookies We Use

•
Essential Cookies: Required for the Service to function properly (authentication, security, preferences)
•
Functional Cookies: Remember your preferences and settings within the Service

Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling certain cookies may limit your ability to use some features of our Service.

Do Not Track

Our Service currently does not respond to "Do Not Track" signals from web browsers. We continue to work on ways to better protect your privacy.

Compliance and Regulations

GDPR (European Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

•The right to be informed about data collection and use
•The right of access to your personal data
•The right to rectification of inaccurate data
•The right to erasure ("right to be forgotten")
•The right to restrict processing
•The right to data portability
•The right to object to processing

CCPA (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

•The right to know what personal information we collect and how it's used
•The right to delete your personal information
•The right to opt-out of the sale of personal information (we do not sell data)
•The right to non-discrimination for exercising your privacy rights

Legal Basis for Processing

We process your personal information under the following legal bases:

•Consent: You have given explicit consent for specific purposes
•Contract: Processing is necessary to fulfill our contractual obligations
•Legal Obligation: We must process data to comply with legal requirements
•Legitimate Interests: Processing is necessary for legitimate business purposes

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

•Notify affected users within 72 hours of discovery
•Provide details about what information was compromised
•Explain the steps we are taking to address the breach
•Offer guidance on protecting yourself from potential harm
•Report to relevant regulatory authorities as required by law

Third-Party Data Processors

We work with trusted third-party service providers who process data on our behalf:

•
Cloud Infrastructure: Railway for application hosting and deployment
•
Database and Storage: Supabase for secure data storage and management
•
POS Integrations: Clover and Toast for payment processing (when connected by venue)
•
Reservation Systems: SevenRooms and OpenTable for reservation management (when connected by venue)
•
Background Jobs: Inngest for task processing and automation

All third-party processors are required to maintain appropriate security measures and are prohibited from using your data for their own purposes.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information from our servers immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

•Posting the new Privacy Policy on this page
•Updating the "Last Updated" date at the top of this policy
•Sending an email notification for significant changes

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

privacy@forgedsports.io

Data Protection Officer

dpo@forgedsports.io

We aim to respond to all privacy-related inquiries within 30 days.