SelfRecruit.me Privacy Policy
Last updated: 2026-06-12 · Effective immediately
1. Who we are
SelfRecruit.me ("we," "us," "our") is a recruiting platform that helps high-school student athletes connect with NCAA college coaches. The platform is operated from the United States.
2. What information we collect
You provide directly:
- Email address (for sign-in)
- First and last name
- Graduation year, grade, primary sport, secondary sport (if applicable)
- Athletic stats, GPA, SAT/ACT scores (optional, you can leave blank)
- Highlight video URLs (optional)
- Phone number, ZIP code (optional)
- Schools you save, coaches you contact, messages you send
Collected automatically:
- Cloudflare Web Analytics — page views, country (from IP geo-lookup), browser type, referrer. No cookies are set, no cross-site tracking, and no personal identifiers are stored. We use this to understand which pages users find helpful.
- IP address and browser User-Agent — used for security (rate-limiting, abuse prevention) and never shared with third parties.
From third parties (only if you choose to connect):
- Google Sign-In or Microsoft Sign-In — your name, email, profile picture, and a refresh token to send recruiting emails on your behalf.
- Gmail or Outlook — read access to messages from coach domains so we can show coach replies in your Recruiting Inbox. We do not read or store unrelated emails.
3. Google API Services User Data Policy
If you sign in to SelfRecruit.me with your Google account, SelfRecruit.me requests the following Google OAuth scopes:
- openid, email, profile — Used to identify you (name, email, profile picture) when you sign in.
- https://www.googleapis.com/auth/gmail.send — Used to send coach-outreach emails on your behalf from your own Gmail account, so coaches receive messages from your real email address with replies routed back to your inbox. SelfRecruit.me only sends messages that you have explicitly drafted and approved inside the app; we never send mail without your action.
- https://www.googleapis.com/auth/gmail.modify — Used to surface coach replies in the in-app Recruiting Inbox view, and to apply the read/unread state and trash actions you take in the SelfRecruit.me inbox UI (so those actions stay in sync with your Gmail). We read only messages whose sender or thread matches a coach or school domain from the NCAA athletics directory, or threads that began as outreach you sent from SelfRecruit.me. We do not access, transmit, or store unrelated email content.
Limited Use: SelfRecruit.me's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- SelfRecruit.me uses Google user data only to provide and improve user-facing features of the platform — namely sending coach-outreach emails from your Gmail account and showing coach replies in your in-app Recruiting Inbox.
- SelfRecruit.me does not transfer Google user data to others except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- SelfRecruit.me does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- SelfRecruit.me does not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations subject to the Google API Services User Data Policy.
You may revoke SelfRecruit.me's access to your Google account at any time from inside the app (Profile → Connected accounts → Disconnect) or directly from myaccount.google.com/permissions.
4. How we use it
- To match you with NCAA programs that fit your sport, division, academic profile, and goals
- To send recruiting emails to coaches at your direction (you draft, we send)
- To show you coach replies in your Recruiting Inbox
- To improve the product (which features get used, where users get stuck)
- To prevent fraud, scraping, and abuse of the platform
We do not sell your data. We do not share it with NCAA programs without your explicit action (e.g. clicking "Send" on a coach email).
5. NCAA contact-period rules
The platform enforces NCAA recruiting contact-period rules. The first time you can email coaches is determined by your sport and grade level (typically June 15 after sophomore year, or September 1 of junior year for football, golf, and tennis). Outside of allowed periods, the system queues your messages and sends them when the period opens. This is a feature for compliance, not a tracking mechanism.
6. Data retention
- Active accounts: data retained while account is active
- Inactive accounts (no sign-in for 12 months): we may delete or anonymize
- Deleted accounts: 60-day soft-delete window for recovery, then permanent purge
- Backups: weekly snapshots retained for 8 weeks, then deleted
- Authentication tokens (sign-in sessions): 24 hours for regular users, 12 hours for admins, never longer
7. Your rights
- Access — view all data we have on you (Profile page in app)
- Edit — update or correct your data anytime
- Delete — request account deletion (60-day window then permanent purge)
- Export — request a copy of your data (email privacy@selfrecruit.me)
- Withdraw OAuth — disconnect Google or Microsoft anytime in Profile settings
8. Security
The platform uses Cloudflare for infrastructure, including DDoS protection, bot blocking, and TLS encryption end-to-end. Authentication is via email one-time codes or OAuth (Google/Microsoft). We never store passwords. Internal admin access is restricted to a fixed allowlist and uses tighter session limits.
9. Children's privacy (COPPA)
The platform is intended for student athletes age 13 and older. We do not knowingly collect personal information from children under 13. At account creation, every user must affirmatively confirm they are 13 or older; accounts cannot be created without this confirmation. If we learn that a child under 13 has provided information, we will delete it promptly. Parents and guardians may contact us at privacy@selfrecruit.me with any concerns or to request deletion of a child's information.
10. Changes to this policy
If we materially change this policy, we will notify active users via email and post a banner on the site. Material changes take effect 30 days after notice.
11. Contact
Questions about privacy: privacy@selfrecruit.me