Security & Data Protection

1. Infrastructure

RackStat is hosted using Firebase and Google Cloud infrastructure. Platform data is stored and transmitted using cloud-hosted services designed for secure application operation.

• Firebase Hosting for secure web delivery
• Google Cloud / Firebase infrastructure for application services
• HTTPS/TLS encrypted connections
• Managed authentication and database services

2. Authentication

RackStat uses Firebase Authentication to manage user login and account access. Users are assigned roles such as athlete, coach, parent, or administrator.

• Authenticated account access required for protected areas
• Role-based application experiences
• School-specific user assignments
• Administrative access limited to authorized platform administrators

3. Access Controls

RackStat applies role-based and school-based access controls to limit who can view or manage student-athlete information.

• Athletes can access their own profile, workout, nutrition, and performance data
• Coaches can access athlete data associated with their assigned school or program
• Parents can access read-only information only for approved linked athletes
• Admins can manage platform-level operations as needed for support and security
• Firestore security rules restrict unauthorized cross-school or cross-user access

4. Student Data Protection

RackStat does not sell student data, does not use student data for advertising, and does not knowingly disclose student information except as directed by authorized school personnel or required by law.

• No sale, rental, or monetization of student data
• No targeted advertising or behavioral advertising
• Student information used only for athletic performance tracking, program management, account access, and platform security
• School-controlled access to student-athlete records

5. Application Protections

RackStat uses application-level protections intended to reduce unauthorized access and misuse.

• Firebase App Check protection for production application requests
• Firestore database rules limiting read and write permissions
• Separate development and production environments
• Role-specific onboarding and help documentation
• Controlled parent access approval workflow

6. Audit Logging

RackStat may log selected sensitive actions to support security review, accountability, troubleshooting, and appropriate use.

• Parent access activity
• Coach review and approval actions
• Administrative actions
• Account or data access events where applicable

7. Data Retention & Deletion

Schools, parents, guardians, eligible students, or authorized users may request deletion of records. Requests are processed within a reasonable administrative timeframe, subject to applicable legal, security, backup, or school-retention obligations.

Deletion and support requests may be submitted to support@rackstatapp.com or privacy@rackstatapp.com.

8. Incident Response & Breach Notification

RackStat maintains an incident response process for identifying, reviewing, containing, and responding to suspected unauthorized access, disclosure, misuse, loss, or compromise of protected student information or school-related data.

If RackStat confirms that a security incident has resulted in unauthorized access to protected student information or school data, RackStat will notify affected educational institutions without unreasonable delay and in accordance with applicable legal requirements.

• Notification Method: RackStat will provide notice by email to the school or district contact on file. For significant incidents, RackStat may also attempt additional contact by phone or other available communication methods.
• Timeframe: RackStat aims to notify affected schools within seventy-two (72) hours after confirming that a reportable security incident involving school or student data has occurred, unless a shorter timeframe is required by applicable law or delayed notification is requested by law enforcement.
• Notice Contents: When available, notifications may include a summary of the incident, categories of data involved, approximate date or timeframe, steps taken to contain the issue, recommended actions, and RackStat contact information for follow-up.
• Internal Escalation: Suspected incidents are reviewed by authorized RackStat personnel and escalated as appropriate for containment, investigation, school notification, remediation, and post-incident review.
• Security Contact: Schools, parents, guardians, or users may report security concerns to security@rackstatapp.com.

RackStat will document confirmed incidents, response actions, and follow-up steps as part of its security and compliance process.

9. Third-Party Infrastructure

RackStat uses Firebase and Google Cloud services to provide hosting, authentication, database storage, application security, and cloud functions. These services support technical operation of the platform.

Contact