Privacy Policy

Last updated: July 18, 2025

1. Introduction

At Pennant Cards ("we," "us," or "our"), we are committed to protecting your privacy and the privacy of the young athletes whose information you entrust to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading card creation service. Please also review our Terms of Use for additional information about your rights and responsibilities.

By using our service, you agree to the collection and use of information in accordance with this Privacy Policy. If you disagree with any part of this policy, please do not use our service.

2. Information We Collect

We collect several types of information to provide and improve our service:

Account Information

  • Your name, email address, and account credentials
  • League name and organization details
  • Communication preferences and marketing consent
  • Payment information (processed securely through Stripe)

Trading Card Information

  • Project and team names
  • Player names, photos, and custom card details
  • Parent/guardian email addresses for form distribution
  • Order and shipping information

Technical Information

  • Device information, IP addresses, and browser details
  • Usage data, including pages visited and features used
  • Session information and authentication tokens
  • Error logs and diagnostic information

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

  • Creating and managing your trading card projects
  • Processing orders and coordinating with printing partners
  • Providing customer support and technical assistance
  • Sending transactional emails and service notifications

Communication

  • Distributing player information forms to parents/guardians
  • Notifying you about order status and project updates
  • Responding to your inquiries and support requests
  • Sending marketing communications (with your consent)

Service Improvement

  • Analyzing usage patterns to improve our platform
  • Troubleshooting technical issues and bugs
  • Developing new features and card designs
  • Ensuring security and preventing fraud

4. Protection of Minors (COPPA Compliance)

We take the privacy of children very seriously. Our service is designed for use by coaches, team managers, and parents who are creating trading cards for youth sports teams.

Age Restrictions

  • Our service is not intended for direct use by children under 13
  • We do not knowingly collect personal information directly from children under 13
  • All player information must be submitted by a parent, guardian, or authorized adult

Parental Consent

  • You are responsible for obtaining proper parental consent before uploading any child's information
  • Parents can request to view, update, or delete their child's information at any time

Limited Data Collection

  • We collect only the minimum information necessary to create trading cards
  • Player photos are used solely for card creation and are not shared publicly
  • We do not use children's information for marketing purposes

5. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following limited circumstances:

Service Providers

  • Printing partners who fulfill your card orders (with minimal necessary information)
  • Payment processors (Stripe) for secure payment handling
  • Cloud storage providers (DigitalOcean) for secure file storage
  • Email service providers for transactional communications

Legal Requirements

  • When required by law, court order, or government regulation
  • To protect our rights, property, or safety, or that of our users
  • To investigate potential fraud or security breaches

Business Transfers

  • In connection with a merger, acquisition, or sale of assets
  • Users will be notified of any such transfer via email

6. Data Security

We implement robust security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

  • All data is encrypted at rest using industry-standard encryption
  • Secure HTTPS connections protect data in transit
  • Access controls limit who can view sensitive information
  • Regular security audits and vulnerability assessments
  • Secure authentication with session management
  • Private file storage with no public CDN access

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention and Deletion

We retain your information only as long as necessary to provide our services and comply with legal obligations:

  • Project data, including player information and photos, will be automatically deleted after a configurable period
  • You can set your preferred retention period in your account settings
  • Account information is retained until you delete your account
  • Payment records are retained for tax and legal compliance purposes
  • Audit logs are retained for security and compliance purposes

Upon deletion, data is securely removed from our systems and cannot be recovered. Some information may persist in backups for up to 30 days before being permanently deleted.

8. Your Rights and Choices

You have several rights regarding your personal information:

Access and Portability

  • Request a copy of your personal information
  • Export your project data in a portable format
  • View your account information and settings

Correction and Updates

  • Update your account information at any time
  • Correct player information and photos
  • Modify your communication preferences

Deletion

  • Delete individual players, teams, or entire projects
  • Close your account and request deletion of all data
  • Request deletion of a child's information (parental requests)

Marketing Communications

  • Opt out of marketing emails at any time
  • Unsubscribe links are provided in all marketing communications
  • Update your communication preferences in account settings

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage patterns:

Essential Cookies

  • Session cookies to keep you logged in
  • Security cookies to prevent fraud
  • Preference cookies to remember your settings

Analytics

  • Usage analytics to improve our service
  • Performance monitoring to ensure reliability
  • Error tracking to identify and fix issues

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of our service.

10. Third-Party Services

Our service integrates with several third-party providers:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • DigitalOcean Spaces: Secure file storage
  • Email Service Providers: Transactional and marketing emails
  • Printing Partners: Card fulfillment services

These services have their own privacy policies. We share only the minimum information necessary for these services to function.

11. International Users

Our service is primarily designed for users in the United States. If you are accessing our service from outside the US, please be aware that your information may be transferred to, stored, and processed in the United States.

By using our service, you consent to the transfer of your information to the United States and acknowledge that US privacy laws may differ from those in your country.

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Provide details about what information was involved
  • Explain the steps we are taking to address the breach
  • Recommend actions you can take to protect your information
  • Comply with applicable data breach notification laws

Notifications will be sent to the email address associated with your account and may also be posted on our website or service.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to request deletion of your personal information
  • Right to opt out of the sale of personal information (we do not sell information)
  • Right to non-discriminatory treatment when exercising your privacy rights

To exercise these rights, please contact us at privacy@pennant.cards. We will verify your identity before processing requests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Sending an email to the address associated with your account
  • Posting a prominent notice on our website
  • Updating the "Last updated" date at the top of this policy

Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Information

If you have any questions about this Privacy Policy, your personal information, or our privacy practices, please contact us at:

Privacy Officer
Pennant Cards Inc.
Email: privacy@pennant.cards
Support: support@pennant.cards

For parental requests regarding children's information, please clearly identify yourself as the parent or guardian and provide sufficient information for us to verify your relationship to the child.