Recursive.
Log inStart free

Privacy Policy

Last updated: 2026-05-10

1. Who we are

Recursive is a sports-club operations platform built and operated by Recursive Creations, LLC. This Privacy Policy describes how Recursive Creations ("we," "us," "our") collects, uses, and protects information about people who use the Recursive platform ("you," "your," "members").

Operator contact information.

  • Recursive Creations, LLC
  • Mailing address: 17350 State Hwy 249, Ste 220 #27410, Houston, Texas 77064
  • Telephone: (512) 677-9632
  • Email: [email protected]

2. What information we collect

We collect only the information needed to operate Recursive as a sports-club platform. That includes: account details (name, email, password — passwords are stored as one-way hashes, never plaintext), club affiliation and role (player, coach, parent, referee, administrator), team and league memberships, schedules and game records, communications you send through the platform, and basic device and session metadata required to keep your account secure.

3. Why we collect it

We use your information to provide the platform's features — your roster, schedule, scoring, communication, and standings — and to keep your account secure. We do not use your data to train advertising models, and we do not share or sell your data to third-party advertisers.

4. What we do not do

Recursive does not embed third-party advertising trackers, social media pixels, or analytics SDKs that send data to ad networks. We do not sell, rent, or trade personal information. We do not use your data to train machine-learning models on behalf of third parties.

5. Children's data (COPPA compliance)

Recursive is designed for sports clubs whose members include children. We treat children's data with care that exceeds what's required for adult members. This section describes our practices in the structure recommended by the FTC's COPPA Six-Step Compliance Plan.

5.1 Operator identity

The operator collecting and maintaining children's personal information on Recursive is Recursive Creations, LLC. Full operator contact information is published in §1 above. For COPPA-related communication — questions, requests to review or delete a minor's information, consent withdrawal, or any other parental request — you may use any of the contact methods below:

  • Mail: Recursive Creations, LLC, 17350 State Hwy 249, Ste 220 #27410, Houston, Texas 77064
  • Telephone: (512) 677-9632
  • Email: [email protected] (subject line "COPPA Inquiry")

We respond to COPPA inquiries within 5 business days.

5.2 Who can hold an account

Every account on Recursive is held by a person who is at least 13 years old. The registration flow collects each new user's date of birth and rejects any registration that would create an account for a child under 13. Recursive does not support direct accounts for children under 13.

Minors aged 13 to 17 may hold their own accounts. The platform recognises that some account holders are minors and provides a parent-validation layer described in §5.6 below. Until a parent or legal guardian validates a minor's role through that layer, the minor's role assignments on teams and clubs are marked unverified and the minor's record carries the narrowest functional permissions the platform offers.

5.3 What information about minors enters the platform, and how

Two paths exist by which information about a minor (aged 13-17) enters Recursive.

Path one — the minor's own account. A 13-to-17-year-old who registers an account provides the same fields any account holder provides: name, email, password, date of birth. Once on the platform, the minor or those acting with their authorisation may add: dominant hand; emergency contact name and phone (typically the parent's contact); team and club affiliation; jersey number, playing position, sport; attendance and game participation; photographs uploaded to a team they belong to. Stats accumulate from games the minor plays in.

Path two — adult-supplied fields on the minor's record. Some fields about a minor are supplied by an adult on the minor's behalf — typically a parent through the guardian-relationship surface, or a coach through the roster-management surface. Examples: a parent fills in the minor's emergency contact information when establishing the guardian relationship; a coach assigns a jersey number when adding the minor to a team. These fields are persisted on the minor's account record and are visible to the minor in their account view.

In both paths, information is associated with the minor's own user record. The platform does not create or maintain separate records about under-13 children who have no account; an under-13 child does not currently appear in Recursive as a data subject.

5.4 How we use minors' information

We use minors' information solely to provide the platform's club-operations features: roster management, scheduling, scoring, standings, and parent-coach communication. We do not use minors' information to target advertising, build profiles for marketing, train external machine-learning models, or generate any output beyond providing the Service to the relevant club.

5.5 Sharing of minors' information

We do not sell, rent, or trade minors' information. We do not share it with third-party advertisers, data brokers, or analytics partners. The only third parties that may process minors' information are our infrastructure sub-processors — cloud hosting, transactional email delivery, error monitoring, encrypted backup storage — each of which is bound by data-processing agreements that prohibit independent use of the data and require equivalent security measures. The current list of sub-processors, including each provider's name, purpose, the categories of data they receive, the region of processing, and a link to their DPA where applicable, is published as part of this Privacy Policy at /sub-processors. When the list changes, we send notice to account holders per §11.

5.6 Parents' rights and the guardian-validation layer

Recursive provides parents with two complementary instruments. The first is the guardian-validation layer — a structural feature of the platform itself. The second is a set of rights you can exercise at any time by contacting us directly.

Guardian validation. When a minor (aged 13-17) holds an account on Recursive, their role assignments on teams and clubs begin in an unverified state. To move into a verified state — which is what permits the minor to be displayed in regular team views, included in standings, surfaced in search results, and otherwise treated as an active platform participant — a parent or legal guardian must approve the relationship through the guardian dashboard. Approving the relationship is the parent's affirmative consent to the platform's processing of information about the minor in connection with that team and club context. Approval also grants the parent administrative authority over the minor's account record, including the ability to read, correct, and delete information.

The rights you can exercise directly. Independent of the validation layer, a parent or legal guardian of a minor whose information appears on Recursive has these rights, regardless of who originally entered that information:

  • Right to review. Request a copy of the information held about your minor child. We respond within 30 days.
  • Right to correct. Request corrections to inaccurate information. We update within 7 days.
  • Right to delete. Request deletion of all information about your minor child. We complete deletion within 7 days, retaining only the limited categories described in §8.
  • Right to refuse further collection. Instruct us to stop further collection or use of your minor child's information. Withdrawing consent in this way also halts further team or roster additions until consent is restored.
  • Right to remove from a club. Request removal from a specific club's roster without affecting any other use of the data.

To exercise any of these rights, email [email protected] with subject line "COPPA Parental Request," identifying the minor by name and the relevant club. We will verify your relationship to the minor before acting on the request.

5.7 Public game pages and passive collection

Game pages (URLs starting with /game/) display live scoring information that may include a minor's first name and jersey number. These pages are not gated by authentication — anyone with the URL can view the page. Clubs and parents should be thoughtful about who receives a game URL. When any visitor — including a child — opens a public game page, our servers receive standard technical information (IP address, user-agent, request path). We do not link this information to a personal identity, do not use it for advertising or profiling, and retain server logs no longer than 30 days. Parents who do not want a minor's first name or jersey number visible can ask the club to omit those fields from the roster, or contact us to request redaction.

5.8 Security of children's data

Children's information receives the same security treatment as adult information: encrypted in transit and at rest, access-controlled by the role-based permission system described in §6, audit-logged for privacy-significant lifecycle events (deletion requests, consent changes, anonymization), and stored on infrastructure that meets our security standards. The guardian-validation layer described in §5.6 is itself a security boundary — until a parent validates the relationship, the minor's role assignments carry the narrowest permissions and are hidden from the team-level discoverability surfaces that the verified state opens up. We retain children's data only as long as reasonably necessary to provide the Service or as required by law. On account deletion, the child's personal information is removed from the platform per the seven-day deletion process and anonymisation model in §8.

6. How we protect your data

Recursive's data foundation was designed by a security and compliance engineer. Specific protections include: data in transit is encrypted using TLS; data at rest is encrypted at the database layer; access to user data is gated by a granular permission model with audit logging; identifiers exposed via our public API are non-sequential UUIDs to prevent enumeration. We are pursuing SOC 2 Type I attestation and will publish the attestation report on this page when complete.

7. Your rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at the email below. For California residents, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we have collected and the right to opt out of any sale of personal information (we do not sell personal information).

8. How long we keep your data, and how to delete it

Recursive keeps your account and the data attached to it for as long as your account is active. When you decide you no longer want an account, you can delete it from your account settings — and we mean delete it. This section explains exactly what happens.

Requesting deletion. Account holders can request deletion at any time from settings. Guardians can request deletion of a minor's account from the guardian dashboard. We honor requests from any source (parents, adult users, ourselves on your behalf when required by law) under whichever legal frame applies — COPPA for children, GDPR for EU residents, CCPA for California residents, or our standard self-service path for everyone else.

The seven-day window. When a deletion request is submitted, two things happen immediately. First, your account is locked: you can't sign in, your data is hidden from search and rosters, and any active sessions are revoked. Second, a seven-day countdown starts. During that window, the request can be cancelled with one click — useful if a deletion was submitted in error (a parent deleting the wrong child's account, an account holder who changes their mind). The cancellation restores the account immediately; sessions need a fresh sign-in.

What happens at day seven. Your personal information is deleted: your name, email, password, date of birth, and any profile fields you provided. We do this by clearing those fields from your account record. Your account itself is kept as an anonymous shell so that historical records of your past activity — games you played in, teams you were on, stats you accumulated — stay accurate. Records of your past play are not erased, but they no longer identify you. We chose this approach deliberately: deleting one person's history shouldn't corrupt everyone else's, and a team that won a championship two seasons ago should still show that they won it.

What this means in practice. A teammate viewing an old game record after your account is deleted will see the game results unchanged, but where your name once appeared they'll see an anonymous label like "Player a3f2" — a stable but meaningless identifier. They will not see your name, your photo, your contact information, your email, or any other data tied to you. Stats stay accurate to the player, even though the player is now anonymous: if you scored 10 goals in a season, the record still shows 10 goals attributed to "Player a3f2," and another deleted player's 5 goals stay distinctly attributed to a different anonymous label, not merged with yours. To anyone outside Recursive, the record is anonymous; to anyone inside Recursive, your account is gone.

What we retain after deletion, and why. A small number of records persist beyond your account. Each retained category serves a specific business purpose, in keeping with the COPPA Rule's data-retention requirements:

  • Audit log of the deletion event. Retained indefinitely. Business purpose: demonstrating to regulators (FTC under COPPA, state attorneys general under CCPA, EU data protection authorities under GDPR) that a specific deletion request was received and honored within the committed window. The audit log uses your former external account identifier (a meaningless UUID), not your name.
  • Financial records of past transactions. Retained for the period required by U.S. federal and state tax law — typically seven years. Business purpose: satisfying IRS and state revenue-department record-retention obligations that bind any commercial operator.
  • Security incident logs. Retained while an active investigation is open, plus one year. Business purpose: incident response, forensics, and any related legal proceeding. Once the retention window closes, these are purged.

Each category is retained for a defined period and no longer. None of these categories is used for marketing, profiling, or any purpose beyond the business need named above.

Timing commitment. We complete deletion requests within seven days of receipt. The seven-day window exists to allow undo, to ensure any in-flight game scoring or roster updates complete cleanly, and to align with the timing of our payment-recovery and backup-retention systems so that a deletion can never be silently undone by a backup restore. If we ever miss this window, you will hear from us — at the email address you provided when you registered, kept on file solely for compliance contact and never used for marketing — explaining the delay and the corrective action.

Children's deletion requests. Parents and guardians of children under 13 can request deletion of the minor's account at any time, with the same seven-day flow. Per §5.6, deletion of a minor's account is honored regardless of whether other account holders (a co-parent, a club admin, the team's coach) object — the requesting parent's authority over their child's data takes precedence. The same anonymization protects the minor's former teammates from history corruption.

Cancellation policy reaffirmed. During the seven-day window, anyone with the original deletion authority (the account holder for an adult account; the guardian who initiated for a minor account; an admin acting on the user's behalf) can cancel from the same surface that initiated the request. After day seven, deletion is final and cannot be reversed — your data is gone except for the legal-retention records described above. If you change your mind after day seven, you'll need to register a fresh account; we cannot recover the previous one.

How to escalate. If you believe a deletion request has not been honored, or you have a question about retained records, contact us at [email protected]. We respond within 5 business days. If you're not satisfied with our response and you're a California resident, you can contact the California Office of the Attorney General; if you're an EU resident, you can contact your national data protection authority; if your concern relates to a child's data under COPPA, you can file a complaint with the Federal Trade Commission.

9. Cookies and local storage

Recursive uses browser local storage to keep you signed in across sessions. We do not use third-party tracking cookies. The first-party storage is limited to authentication tokens and a small number of UI preference values; clearing your browser storage signs you out but does not affect your account.

10. International data transfers

Recursive is operated from the United States. If you access the platform from outside the U.S., your data will be transferred to and processed in the U.S. By using Recursive, you consent to this transfer. Enterprise customers may discuss data residency options under the Association tier.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders and posted on this page with an updated date. Continued use of Recursive after a change constitutes acceptance of the updated policy.

12. How to contact us

Questions about this policy, requests to exercise your rights, or any privacy concern: email [email protected]. We respond within 5 business days.