CoachAI is a complete team management platform designed for youth sports coaches. It helps manage rosters, track substitutions, plan practices, and ensure fair play time for all players.

How does the substitution tracker work?

The AI-powered substitution tracker monitors playing time in real-time during games, suggests optimal substitution patterns, and ensures every player gets fair play time based on your team rules.

Can I use CoachAI for any sport?

Yes! CoachAI works for soccer, basketball, baseball, hockey, and many other team sports. The platform adapts to your specific sport and league requirements.

CoachAI

Data Processing Agreement

Last updated: March 13, 2026 — GDPR Article 28 compliant

1. Parties

This Data Processing Agreement ("DPA") is entered into between:

Data Controller

Name: Jason Stoudt
Operating as: CoachAI / putmein.co
Contact: privacy@putmein.co

Data Processor

When you use CoachAI as a coach or organization, you act as a Data Controller and CoachAI acts as a Data Processor with respect to personal data entered about your team members. This DPA governs that relationship.

2. Subject Matter and Duration

This DPA applies to all personal data processed by CoachAI on behalf of the Controller in connection with the CoachAI services. The DPA remains in effect for the duration of the service agreement and until all personal data is deleted or returned.

3. Nature and Purpose of Processing

CoachAI processes personal data for the following purposes:

Youth sports team management (roster management, scheduling, attendance)
Player performance tracking and fair play analytics
Parent/guardian communication and consent management
AI-generated drill and coaching suggestions
Payment processing for subscription services
SMS-based team invitations
Error tracking and application performance monitoring

4. Categories of Data Subjects and Personal Data

Data Subject	Categories of Personal Data
Coaches / Administrators	Name, email, password hash, team affiliations, subscription status
Players (minors)	Name, date of birth, jersey number, position, medical notes, allergies, medications, emergency contacts, playing time statistics
Parents / Guardians	Name, email, phone number, consent records
Team Members	Name, email, role, RSVP responses, notification preferences

5. Sub-Processors

CoachAI uses the following sub-processors to deliver the service. The Controller hereby authorizes the use of these sub-processors, subject to GDPR Article 28 requirements being met with each.

Sub-Processor	Purpose	Location	Transfer Mechanism
Supabase Inc.	Database hosting, authentication, file storage	US (AWS us-east-1)	Standard Contractual Clauses
Stripe Inc.	Payment processing, subscription management	US	Standard Contractual Clauses
Twilio Inc.	SMS delivery for team invitations	US	Standard Contractual Clauses
Sentry (Functional Software Inc.)	Error tracking and performance monitoring	US	Standard Contractual Clauses
Vercel Inc.	Application hosting and deployment	US / EU (configurable)	Standard Contractual Clauses
Anthropic PBC	AI drill generation (anonymized jersey numbers only)	US	Standard Contractual Clauses
Resend Inc.	Transactional email delivery	US	Standard Contractual Clauses

6. Obligations of the Processor (GDPR Article 28)

CoachAI, acting as Processor, shall:

Process personal data only on documented instructions from the Controller
Ensure that persons authorized to process personal data are bound by appropriate confidentiality obligations
Implement appropriate technical and organizational security measures (Article 32)
Not engage sub-processors without prior written authorization from the Controller (this DPA constitutes such authorization for listed sub-processors)
Assist the Controller in fulfilling data subject rights requests (access, deletion, portability, rectification)
Delete or return all personal data at the end of the service relationship
Provide all information necessary to demonstrate compliance with this Article and allow audits
Notify the Controller without undue delay (within 72 hours) after becoming aware of a personal data breach

7. Security Measures (Article 32)

CoachAI implements the following technical and organizational security measures:

Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256 via Supabase)
Client-side encryption for sensitive PHI (medical notes, allergies) using AES-GCM
Row-Level Security (RLS) policies enforced at the database layer
Access controls and audit logging for PHI access
Rate limiting on all API endpoints
Multi-factor authentication option for account holders
Regular security reviews and dependency updates
Automated data retention and deletion policies

8. Data Transfers

Data transfers to third countries (outside the EEA/UK) are made under Standard Contractual Clauses (SCCs) as approved by the European Commission. Copies of applicable SCCs and sub-processor agreements are available upon request at privacy@putmein.co.

9. Contact and Complaints

For questions about this DPA or to exercise data subject rights, contact:

Email: privacy@putmein.co
Subject line: "DPA / GDPR Inquiry"

If you are in the EEA/UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.