Privacy Policy

Account information. When you create an account we collect your name, email address, and password (hashed — never stored in plain text).

Athlete profile. Information you enter about yourself: sport, position, graduation year, GPA, test scores, high school, travel team, athletic metrics, intended major, target schools, and recruiting goals.

Email content. Subject lines and body text of outreach emails you compose or approve through NextPlay. This content is stored so we can track your outreach history and generate follow-up emails.

Phone number. If you choose to register your phone number for the N.I.K.K.I. voice assistant feature, we store it to identify you on inbound calls. This is optional.

Usage data. Standard server logs including IP address, browser type, pages visited, and timestamps. We use this for debugging and improving the service.

Google account data. If you connect Gmail or Google Calendar, we store OAuth access and refresh tokens. We never store your Google password. See Section 4 for details.

We use the information we collect solely to provide NextPlay's recruiting assistance service:

• ▸Generating personalized outreach emails to college coaches
• ▸Tracking your school pipeline and follow-up schedule
• ▸Providing AI-powered recruiting advice through N.I.K.K.I.
• ▸Syncing events to your Google Calendar
• ▸Sending scheduled emails through your connected Gmail account
• ▸Detecting coach replies to stop automated follow-up sequences

We do not use your data for advertising, profiling, or any purpose unrelated to your recruiting journey.

When you connect your Google account, NextPlay requests the following permissions:

• ▸gmail.send — Send emails to coaches on your behalf
• ▸gmail.readonly — Detect when coaches reply so we can stop automated follow-ups
• ▸calendar — Add recruiting events to your Google Calendar

We store your OAuth tokens securely in our database. Tokens are used only to perform actions you explicitly authorize within NextPlay. We never read, index, or store the full content of your emails. We access only message metadata (sender address) to detect coach replies.

You can revoke access at any time from myaccount.google.com/permissions or by disconnecting from your NextPlay Settings page.

NextPlay's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Your data is stored on secure, industry-standard cloud infrastructure. We use row-level security policies so each user can only access their own data.

Passwords are hashed using industry-standard algorithms. OAuth tokens are stored encrypted at rest. We use HTTPS for all data in transit.

No security system is perfect. If you discover a vulnerability, please contact us.

We use trusted third-party service providers to help operate our platform, including cloud hosting, payment processing, voice communication, and analytics services. These providers are bound by confidentiality agreements and may only use your data to perform services on our behalf.

We share only the minimum data necessary for each service to function. We do not sell data to any of these partners.

To delete your account and all associated data, contact us with the subject line "Delete My Account" and the email address associated with your account.

We will permanently delete your account, athlete profile, email history, school pipeline, calendar events, and any connected OAuth tokens within 30 days. Some anonymized, non-identifiable aggregate data may be retained for service improvement.

For privacy-related questions or requests, please contact us at NextPlay Stars LLC.