Privacy Policy
Last updated: 2026-04-27
The short version
You and the coach you bind are the only people who see your skater's data. Raw videos auto-delete after 7 days. We don't sell or share with anyone. You can delete everything from Settings → Danger zone.
What we collect
- Account: email, password (bcrypt-hashed), language preference.
- Skater profiles: name (or nickname), age range, USFS level. Optional family PIN (bcrypt-hashed if you set one).
- Lessons & videos: uploaded clips, AI-generated annotations, milestones, coach recaps.
- Usage: standard server logs (IP, page, timestamp) for 30 days for security and debugging.
Who can see your skater's data
- You — the parent / account holder.
- Any coach you have actively bound to that skater. Unbinding removes their access immediately; past milestones they authored stay attributed to them but no new data flows.
- Anthropic (Claude API) receives video frames and lesson text only for AI analysis. Anthropic does not train on this data per their commercial terms.
- No one else. We do not sell your data, share it with advertisers, or send it to third parties beyond the AI provider above.
How long we keep videos
- Raw video files: 7 days from upload, then auto-deleted from S3. This is enforced by a scheduled job, not a manual process.
- Extracted keypoints, AI annotations, milestones, recaps: kept for the life of the account. These are small text records, not the video itself.
- Public sample profiles (e.g. our demo dossier) use synthesized example data, not real skater clips.
How to delete your data
- One skater: Settings → Family → Skaters → Delete. Removes profile, lessons, milestones for that skater.
- Whole account: Settings → Danger zone → Delete account. 30-day grace window, then full purge.
- By email: [email protected] — we respond within 7 days.
Children's privacy (COPPA)
SkateMarks is built for parents and coaches to manage data about minor skaters. The skater themselves does not create an account or interact with the app — the parent or legal guardian is the consenting party. If you believe a child created their own account, contact [email protected] and we will delete it.
Security
- Passwords and family PINs are stored as bcrypt hashes — we cannot read them.
- All traffic is HTTPS. Cookies are
Secure and SameSite=Strict.
- Admin access is rate-limited and behind credentials never embedded in code.
Contact
Questions: [email protected].