ATHLETIC ESTATE

Privacy Policy

Effective May 22, 2026 · Last updated May 22, 2026

DRAFT · PRE-LAUNCH
This document is a working draft. It has not yet been reviewed by licensed counsel. Athletic Estate, Inc. will republish a final version executed by counsel before opening paid accounts to the public. Do not rely on this draft for legal, tax, or financial decisions.

1. Who we are

This Privacy Policy describes how Athletic Estate, Inc., a Delaware corporation (“AE,” “we,” “us”), collects, uses, and shares your personal information when you use athleticestate.com and related services (the “Platform”). Movement-pillar surfaces are co-operated with the Athletic Estate Association (“AEA”), a 501(c)(6) nonprofit; AEA processes member governance data on a separate legal basis described in Section 6.

2. Information we collect

Information you provide

  • Account. Name, email, password hash, optional profile photo, team and school history.
  • Athlete record. Number, Team, sport, position, eligibility years, hometown.
  • Verification. Pass-specific KYC documents and credentials — e.g. Family relationship proof, Pro license / bar / agent registration, Coach school affiliation, W-9 tax form (TIN), and any disclosures of conflicts or incidents.
  • Minor Athletes. Where a Guardian holds a Family Pass, we collect the minor’s name, date of birth, sport, and the Guardian’s identity and relationship documentation.
  • Financial. Stripe customer + Connect account identifiers, ACH/bank metadata for payouts, §409A election state. We do not store full card or bank account numbers.
  • User-generated content. Posts on the Floor, takes on legislation, comments, messages, media uploads, athlete profile content, shop listings, brand campaign briefs.

Information collected automatically

  • Cookies and similar. A first-party JWT session cookie (ae_session); an admin-bypass cookie (ae_admin); and short-lived analytic cookies for fraud / abuse prevention. We do not use third-party advertising cookies.
  • Device and log. IP address, user-agent, timestamps, referrer, paths visited, audit-log of platform actions you take (pass approvals, payouts, edits, etc.).
  • Geolocation. Coarse IP-derived geolocation only. We do not access precise device location.

Information from third parties

  • Stripe — payment + payout status, 1099-K reporting fields, fraud signals.
  • Players-association registries, state athlete-agent registries, state bar directories, SEC IAPD, NIPR — to verify Pro Pass credentials you submit.
  • Public athletic record sources — school SIDs, league rosters, news archives — to seed the Legacy Graph. Pre-2002 records are best-effort; we honor takedown / correction requests at privacy@athleticestate.com.

3. How we use information

  • Provide and operate the Platform — including issuing Passes, running the Money Engine, routing Pro Leads, and processing payouts.
  • Verify identity, eligibility, and credentials.
  • Send transactional emails (receipts, payout notices, AEA renewals, Floor approvals, Pro credential reviews, Back-in-stock notifications).
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of these Terms.
  • Comply with tax (Form 1099 issuance) and other legal obligations.
  • Improve the Platform — including measuring engagement, fixing bugs, and training internal-only AI Cast / AI Staff systems on de-identified or aggregated activity.

AE does not sell your personal information. AE does not use your personal information for cross-context behavioral advertising.

4. AI Cast & AI Staff

The Platform offers AI-driven companions (Bennett, Scout, Coach, Pop, Marcus, Lex, Maverick, Hattie, Sonny, Frankie, Gene, Vincent, Stu, Jerry, Wright, “J”). Conversations with AI Cast are logged server-side so they survive device resets and remain auditable. We may use prompts / responses to train internal AI systems on a de-identified basis. Internal AI Staff services (CFO AI, Tax AI, Triage AI, Policy AI, Editorial AI, AI Legal, Penalty Flag AI, Contract Review AI, Partnership AI, Outreach AI, Player Card AI, Up-Sell Engine) act on platform data to operate the Platform; they do not surface raw data to other users without your action.

5. How we share information

  • Publicly. Profile content you choose to publish — your Number, name, team, stats, and Trophy endorsements — is visible to other users. Floor takes and approved comments are visible to all AEA Members.
  • With Pros you connect to. When you request a Pro via GamePlan, the Pro receives your assessment answers and contact details so they can prepare and reach out.
  • With Brands you connect to. When a Brand engages you on a deal, the Brand receives the contact + deliverables data needed to execute that deal.
  • Service providers. Stripe (payments + payouts + KYB), Amazon Web Services (hosting, storage, email via SES, audit log retention via CloudTrail), Mux (video), Vercel (edge + serverless runtime), Anthropic (Claude models powering AI Cast), SendGrid / AWS SES (transactional email).
  • Legal. When required by law, regulation, valid legal process, or to protect the rights, property, or safety of AE, users, or the public.
  • Corporate transactions. In connection with a merger, acquisition, financing, or asset sale, with successor obligations equivalent to this Policy.

6. AEA member data

Membership records, policy filings authored by AEA members, and Floor activity (posts, comments, votes) are processed by AEA in its capacity as a 501(c)(6) trade association. AEA shares this data with AE Inc. only to the extent necessary to operate the Platform (e.g. issuing the Shield, running approval queues). AEA does not share member identities with outside organizations except as required by law.

7. Data retention

  • Account records: for the life of your account + 7 years after closure (financial record retention).
  • Tax records (W-9, 1099s, payout history): 7 years per IRS guidance.
  • Audit logs of platform actions: 7 years (also retained in CloudTrail with log-file validation).
  • Minor Athlete records: retained until conversion at 18 + 7 years.
  • Logs (IP, user-agent, paths): 90 days for security analytics, longer if implicated in an active investigation.

8. Your rights

Depending on where you live, you may have the right to: (a) access the personal information we hold about you; (b) correct inaccurate information; (c) delete information (subject to retention obligations above); (d) port your information to another service; (e) opt out of certain processing; and (f) appeal a denied request. To exercise any of these rights, email privacy@athleticestate.com. We will respond within 45 days. California, Colorado, Virginia, Connecticut, Utah, and other state residents have additional rights under their state privacy laws.

9. Children

The Platform is not directed to children under 13, and we do not knowingly collect personal information from a child under 13 except via the Family Pass / Minor Athlete flow, where a verified parent or guardian provides the information and controls the account. We comply with the Children’s Online Privacy Protection Act (COPPA).

10. Security

We protect your information with TLS in transit, server-side encryption at rest (AES-256), strict IAM scopes, a tamper-evident CloudTrail audit log with log-file validation, a strict Content Security Policy, and quarterly access reviews. No system is perfectly secure; report suspected vulnerabilities to security@athleticestate.com.

11. International users

The Platform is operated in the United States. If you access it from outside the U.S., you understand that your information will be transferred to, stored, and processed in the United States.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced at least thirty (30) days before they take effect via email and in-platform notice. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact

Privacy questions — privacy@athleticestate.com
Security disclosures — security@athleticestate.com
General — hello@athleticestate.com