Privacy Policy

Last updated: 2026-05-06 · Effective on launch (June 15, 2026)

1. Who we are

SelfRecruit.me ("we," "us," "our") is a recruiting platform that helps high-school student athletes connect with NCAA college coaches. The platform is operated from the United States.

2. What information we collect

You provide directly:

Email address (for sign-in)
First and last name
Graduation year, grade, primary sport, secondary sport (if applicable)
Athletic stats, GPA, SAT/ACT scores (optional, you can leave blank)
Highlight video URLs (optional)
Phone number, ZIP code (optional)
Schools you save, coaches you contact, messages you send

Collected automatically:

Cloudflare Web Analytics — page views, country (from IP geo-lookup), browser type, referrer. No cookies are set, no cross-site tracking, and no personal identifiers are stored. We use this to understand which pages users find helpful.
IP address and browser User-Agent — used for security (rate-limiting, abuse prevention) and never shared with third parties.

From third parties (only if you choose to connect):

Google Sign-In or Microsoft Sign-In — your name, email, profile picture, and a refresh token to send recruiting emails on your behalf.
Gmail or Outlook — read access to messages from coach domains so we can show coach replies in your Recruiting Inbox. We do not read or store unrelated emails.

3. How we use it

To match you with NCAA programs that fit your sport, division, academic profile, and goals
To send recruiting emails to coaches at your direction (you draft, we send)
To show you coach replies in your Recruiting Inbox
To improve the product (which features get used, where users get stuck)
To prevent fraud, scraping, and abuse of the platform

We do not sell your data. We do not share it with NCAA programs without your explicit action (e.g. clicking "Send" on a coach email).

4. NCAA contact-period rules

The platform enforces NCAA recruiting contact-period rules. The first time you can email coaches is determined by your sport and grade level (typically June 15 after sophomore year, or September 1 of junior year for football, golf, and tennis). Outside of allowed periods, the system queues your messages and sends them when the period opens. This is a feature for compliance, not a tracking mechanism.

5. Data retention

Active accounts: data retained while account is active
Inactive accounts (no sign-in for 12 months): we may delete or anonymize
Deleted accounts: 60-day soft-delete window for recovery, then permanent purge
Backups: weekly snapshots retained for 8 weeks, then deleted
Authentication tokens (sign-in sessions): 24 hours for regular users, 12 hours for admins, never longer

6. Your rights

Access — view all data we have on you (Profile page in app)
Edit — update or correct your data anytime
Delete — request account deletion (60-day window then permanent purge)
Export — request a copy of your data (email privacy@selfrecruit.me)
Withdraw OAuth — disconnect Google or Microsoft anytime in Profile settings

7. Security

The platform uses Cloudflare for infrastructure, including DDoS protection, bot blocking, and TLS encryption end-to-end. Authentication is via email one-time codes or OAuth (Google/Microsoft). We never store passwords. Internal admin access is restricted to a fixed allowlist and uses tighter session limits.

8. Children's privacy

The platform is intended for student athletes age 13 and older. If we learn that a child under 13 has provided information, we will delete it. Parents and guardians may contact us at privacy@selfrecruit.me with any concerns.

9. Changes to this policy

If we materially change this policy, we will notify active users via email and post a banner on the site. Material changes take effect 30 days after notice.

10. Contact

Questions about privacy: privacy@selfrecruit.me