Privacy Policy

Last updated: 17 May 2026

1. Introduction

From the Sideline (“we,” “us,” or “our”) is a youth sports management platform that helps coaches run their teams and keeps parents informed and connected. This Privacy Policy explains what personal information we collect, why we collect it, how we protect it, and what rights you have over it.

We take children's privacy seriously.

A large part of what we handle is information about children under 18. We apply extra care to that information at every step. We comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

2. Who We Are

Platform name:: From the Sideline
ABN:: 39 241 038 428
Website:: fromthesideline.com.au
Privacy contact:: privacy@fromthesideline.com.au
Support contact:: support@fromthesideline.com.au
Postal address:: 52 Fairbrother Street, Wanniassa ACT 2615
Data hosting:: Sydney, Australia (Supabase — ap-southeast-2)
Jurisdiction:: Australia

3. The Two Ways People Use This Platform

Team Mode is coach-led. A coach creates a team, invites parents to join, and uses the platform to manage sessions, track attendance, and communicate with families.

Solo Modeis parent-led. A parent registers independently — without a coach or team — to track their child's match statistics and season record.

This policy covers both modes. Where rules differ, we say so.

4. What Information We Collect

From coaches (Team Mode)

Name and email address
WhatsApp number (the number used for WhatsApp)
Team details: team name, age group, club affiliation, season dates
Session details: date, time, location, session notes
Player ratings and attendance records (entered by the coach)

From parents and contacts (Team Mode)

Your name and email address
Your WhatsApp number (the number you use for WhatsApp — used to send you session updates and RSVP requests)
Your child's first and last name, squad number, playing position
Your child's date of birth (used for age group verification and birthday recognition)
RSVP responses (attending / not attending)
Unavailability reasons where you choose to provide them (injury, holiday, school, other)

From Solo Mode parents

Your name and email address
Your WhatsApp number (optional — used if you choose WhatsApp as your preferred channel)
Your child's first and last name
Match statistics and season records you enter yourself

Information we collect automatically

Session timestamps (when you logged in, when you responded to an RSVP)
Attendance records (marked by the coach after each session)
Message delivery status (sent, delivered, read — via WhatsApp)
Authentication events (for account security)

What we do not collect

We do not collect payment card details — if payments are introduced, they will be handled by a certified payment processor and we will never see your card number
We do not track your behaviour outside our platform
We do not use advertising cookies or third-party tracking pixels
We do not collect location data from children
We do not collect photos without your explicit opt-in

5. Children's Data — Extra Protections

Who provides consent

Children do not create accounts and do not interact with the platform directly. All data about a child is provided by a parent, guardian, or carer, and managed by the adults connected to that child.

What we collect about children

First and last name, preferred name
Squad number, playing position, age group
Date of birth
Attendance records (present / absent / late)
Post-session ratings given by the coach (development feedback — not shared with other parents)
Match statistics (Solo Mode)

What we do not collect about children

Children cannot message through our platform
We do not collect photos of children without a separate, explicit opt-in
Children's data is never used for advertising, profiling, or marketing
We do not train AI models using children's personal data

Consent record

When a parent joins a team, the date of joining and the version of this privacy policy in effect at that time are recorded. This is your consent record. You can request a copy at any time by emailing privacy@fromthesideline.com.au.

Right to deletion

You can request deletion of all data we hold about you and your child at any time by emailing privacy@fromthesideline.com.au. We will delete all personal identifiers within 7 days of a verified request. Anonymised aggregate data (e.g., team-level attendance rates) may be retained.

6. How We Use Your Information

We use personal information only for the following purposes:

Purpose	Information used
Send session invitations and RSVP requests	Parent name, WhatsApp number or email
Send session reminders and attendance nudges	Parent contact details
Track attendance and generate team reports	Player name, attendance records
Display a child's progress to their parent	Player profile, ratings, attendance
Enable coaches to manage their team	All team and player data
Account security and fraud prevention	Login events, session tokens
Respond to support requests	Name, email, relevant account data
Comply with our legal obligations	As required by Australian law

We do not use your information to:

Advertise to you or target you with ads
Sell, rent, or share your data with third parties for their own purposes
Track you across other websites or apps
Build profiles for purposes unrelated to running your team
Train AI models on your children's data

7. Who Can See Your Data Within the Platform

Role	What they can see
You (parent/contact)	Your own information and your child's profile, attendance, and progress
Head coach	All team data, including all player records and parent contact details
Assistant coaches and managers	As configured by the head coach for that team
Other parents on the team	Cannot see your personal details or your child's individual records
Solo Mode parents	Can only see their own data and their own child's data

8. Third-Party Service Providers

We share data with the following service providers who help us operate the platform. These are processors — they act on our instructions and are not permitted to use your data for their own purposes.

Provider	What they process	Location
Supabase	Stores all platform data (database and file storage)	Sydney, Australia
Vercel	Hosts the web application and processes all web requests	USA (Sydney edge)
Meta / WhatsApp	Delivers WhatsApp messages — receives phone numbers and message content	USA
Resend	Delivers email messages — receives email addresses and message content	USA
Stripe	Processes payments if you subscribe — we never see your card number	USA

Overseas disclosure (APP 8)

Vercel, Meta, Resend, and Stripe are headquartered in the United States. When we send data to these providers, we remain responsible for ensuring it is handled to Australian Privacy Act standards. Each provider operates under a Data Processing Agreement that includes appropriate privacy protections.

We do not share your data with any other third party unless required by law.

9. Data Storage and Security

Where your data lives

All primary data is stored in Sydney, Australia via Supabase (ap-southeast-2 region). Your data stays in Australian jurisdiction for storage purposes.

How we protect it

Encryption in transit: All data encrypted using TLS 1.3
Encryption at rest: Database and file storage encrypted by Supabase
Access control:Row Level Security enforced on every database table — a parent can only ever query their own family's data
Authentication tokens: Magic links expire automatically when the relevant event date passes; session cookies are cryptographically signed and expire after 7 days
Webhook security: All incoming WhatsApp messages verified using HMAC signature before processing
No secrets in code: All API keys and credentials stored as environment variables, never written into the codebase
Private file storage: All uploaded files stored in private buckets — no publicly accessible URLs
Rate limiting: Authentication endpoints are rate-limited to prevent brute-force attacks

10. Data Retention

We keep personal information only for as long as it is needed for the purpose it was collected.

Data category	How long we keep it
Active player and contact records	While the team is active
Records for players who have left a team	2 years after departure, then deleted
Pending join requests not approved	90 days, then deleted
Session and attendance records	3 years (sports duty-of-care purposes)
Authentication and security event logs	30 days
Payment records (when applicable)	7 years (Australian tax law)
Data following an account deletion request	Personal identifiers deleted within 7 days; anonymised aggregate data may be retained

11. When We Must Disclose Data

We may disclose personal information without your consent only in the following circumstances:

Legal obligation — court order or subpoena under Australian law
Child safety — mandatory reporting obligations where we believe a child is at risk of harm
Fraud or security investigation — where required to protect the platform or its users

We will notify affected individuals of any disclosure where we are legally permitted to do so.

12. Your Rights Under the Australian Privacy Act

You have the following rights. To exercise any of them, email privacy@fromthesideline.com.au. We will respond within 30 days.

Access — Request a copy of all personal information we hold about you or your child
Correction — Request correction of any information that is inaccurate, out of date, or incomplete
Deletion— Request deletion of your account and your child's data. We will delete all personal identifiers within 7 days of a verified request.
Withdraw consent — You may withdraw consent for data collection at any time. This may limit platform functionality but does not affect the lawfulness of processing before withdrawal.
Complaint — If you believe we have not handled your information appropriately, please contact us first. If you are not satisfied with our response, you can escalate to the OAIC (see Section 14).

13. Data Breach Notification

Australia's Notifiable Data Breaches scheme applies to us. If a data breach occurs that is likely to result in serious harm to any affected individual, we are required to:

Notify the Office of the Australian Information Commissioner (OAIC)
Notify all affected individuals directly

We will do both within 30 days of identifying an eligible breach, or sooner where possible. Notification will be via email or WhatsApp depending on your contact preferences.

14. Cookies and Tracking

We use cookies only for essential platform operation:

Session cookie — keeps you logged in (cannot be disabled — the platform cannot function without it)
Security token — prevents unauthorised form submissions (CSRF protection, cannot be disabled)

We do not use:

Advertising cookies
Analytics that track you across sites
Social media pixels
Third-party tracking of any kind

15. Links to Other Websites

The platform may include links to external websites — for example, a map link for a session location. We are not responsible for the privacy practices of those external sites. Please read their privacy policies separately.

16. Changes to This Policy

When we make material changes to this policy, we will update the “Last updated” date above, notify existing users via email or WhatsApp before the change takes effect, and record the change below.

Date	Change
17 May 2026	Initial published version

17. Contact Us

Privacy questions, data access or deletion requests: privacy@fromthesideline.com.au — we respond within 30 days

General support: support@fromthesideline.com.au

Postal address: 52 Fairbrother Street, Wanniassa ACT 2615, Australia

Complaints

If you are not satisfied with our response to a privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC): oaic.gov.au/privacy/privacy-complaints · Phone: 1300 363 992

In plain English: We collect only what we need to run the platform. We store it in Australia. We encrypt it. We never sell it. You can access, correct, or delete your data any time by emailing us. Children never create accounts — their data is managed by the adults who care for them. No ads. No tracking. No sharing with strangers.