Privacy Policy

Last updated: April 10, 2026

1. Introduction

837 Software Solutions LLC ("we", "us", or "our") operates the Drop the Puck platform ("the Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and how we protect it. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Information you provide directly:

  • Account information — name, email address, phone number, and password when you create an account
  • Profile information — skill level, preferred position, and other hockey-related preferences
  • Payment information — billing details processed through Stripe; we do not store your full credit card number on our servers
  • Organization information — if you are an organizer, details about your organization such as name, location, and payout bank account information (collected via Stripe Connect)
  • Communications — messages you send to us, such as support requests

Information collected automatically:

  • Usage data — pages visited, features used, and actions taken within the Service
  • Device information — browser type, operating system, and device identifiers
  • Log data — IP address, access times, and referring URLs

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Operate and maintain the Service, including scheduling drop-in sessions, managing rosters, and processing payments
  • Send you transactional communications such as game reminders, roster confirmations, waitlist notifications, payment receipts, and roster invitations via SMS and email
  • Verify your identity and maintain account security
  • Process payments and facilitate organizer payouts through Stripe
  • Respond to your support requests and communications
  • Improve and optimize the Service based on usage patterns
  • Enforce our Terms of Service and protect against misuse

4. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

  • Stripe — payment card details, billing information, and organizer payout details are shared with Stripe to process transactions. Stripe acts as our payment processor and handles your payment data under their own privacy policy.
  • Twilio — your phone number and message content are shared with Twilio to deliver SMS notifications (game reminders, roster updates, invitations). Twilio processes this data under their own privacy policy.
  • Resend — your email address and message content are shared with Resend to deliver email notifications. Resend processes this data under their own privacy policy.
  • Supabase — your account data is stored in a Supabase-hosted PostgreSQL database. Supabase acts as our infrastructure provider and processes your data under their own privacy policy.
  • Vercel — the Service is hosted on Vercel, which processes request data (IP addresses, log data) as part of serving the application.
  • Organizers — when you join a drop-in session or an organization roster, the organizer can see your name, position, and attendance history for their sessions. Organizers do not have access to your email, phone number, or payment details.
  • Legal requirements — we may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena or court order.

5. Data Security

We implement the following measures to protect your information:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Passwords are hashed and never stored in plain text
  • Payment card data is handled entirely by Stripe and never touches our servers
  • Database access is restricted through row-level security policies, ensuring users can only access data they are authorized to see
  • Authentication sessions are managed with secure, HTTP-only cookies
  • Administrative access to production systems is limited to authorized personnel

While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain it for legal or regulatory purposes (such as payment records for tax compliance).

7. Your Rights and Choices

  • Access and update — you can view and update your profile information at any time through your account settings
  • SMS opt-out — you can opt out of non-essential SMS messages through your notification preferences; transactional messages required for the operation of the Service (such as payment confirmations) may still be sent
  • Account deletion — you may request deletion of your account by contacting us at the email address below
  • Data export — you may request a copy of your personal data by contacting us

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by other reasonable means. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at dev@dropthepuckapp.com.