Skip to main content
BALLANTIR AIThe Gold Standard in Basketball Intelligence
Live feed: 7 headlines
Live Feed
Intelligence feed: 7 headlines
Intelligence

Legal · Privacy Policy

Privacy Policy

Privacy at Ballantir is architecture, not prose. This draft documents the consent ledger, audit trail, and permission system the platform is actually built on — all of it inspectable in the Trust Center.

Draft v0.9 · All persons referenced in platform demos are fictional

Draft — pending review by counsel. Not yet binding.

This draft states the privacy architecture as built. It becomes the operative policy only after legal review and formal publication with an effective date.

Staged — Wired, Awaiting Activation

01 · Data We Collect (By Role)

Collection is scoped to role. We collect what the role requires — nothing ambient.

  • Player / Family — profile identity, sport and position data, uploaded film, verified statistics, evaluation history, consent grants.
  • Guardian — verified identity (via FTC-recognized consent verification), guardian–ward link, consent decisions, access-history views.
  • Coach / Program — organizational identity, board configurations, athletes followed (within granted permissions), report purchases.
  • Scout / Analyst — attributed evaluations, film annotations, provenance metadata on every contribution.
  • All roles — account credentials, session and security logs, billing records for paid products.

02 · Youth/AAU Athlete Data

Minors are the most protected data subjects on the platform. The consent ledger — not a settings checkbox — is the system of record.

  • COPPA posture: no Youth/AAU Athlete data is collected or processed without verifiable parental consent obtained through FTC-recognized methods. The compliance program is being finalized with counsel prior to commercial launch.
  • The consent ledger is append-only. Grants and revocations are immutable events; current consent state is derived, never edited.
  • Guardian rights: review all data held on the ward, review the full access history, revoke any grant at any time, and request deletion.
  • Revocation propagates immediately — dependent reports are unpublished in the same transaction.
  • AI-training consent is always a separate grant. It is never bundled with evaluation, sharing, or any other consent, and it is independently revocable.

03 · Biometrics

None. Ballantir uses no facial recognition and no automated biometric identification on any athlete, of any age. Identity confirmation on film is performed by human reviewers. This is a governance decision enforced in the schema, not a feature toggle.

04 · Provenance & Audit Trail

Every access to a minor's data is written to an append-only audit table — who accessed what, when, and under which consent grant. Guardians can inspect this trail at any time.

Provenance metadata (source, contributor, method) is attached to every evaluation and report claim. This is a privacy control as much as a quality control: it makes data lineage inspectable rather than asserted.

05 · Retention & Deletion

Data is retained while the account is active and consent is in force. On deletion request or consent revocation:

  • Athlete profile data and film are deleted or de-identified; dependent reports are unpublished.
  • The consent ledger and audit trail are retained in append-only form — they are the proof that consent and deletion were honored, and they contain events, not athletic data.
  • Billing records are retained as required by tax and accounting law.
  • Concrete retention periods per data class will be published with the counsel-reviewed final policy.

06 · Sharing & Permission-Aware Exports

Ballantir does not sell personal data. Sharing happens only along permission edges you configure: a report is visible to a program because the athlete (or guardian) granted it, and every export re-checks permissions at generation time — a revoked grant means the export excludes that data, immediately.

Service providers (hosting, payments, consent verification) process data under contract, scoped to their function.

07 · International Users

The platform launches on a US compliance footing (COPPA for minors). A GDPR/UK-GDPR track is planned for EU and UK availability — including lawful-basis mapping, data-subject rights tooling, and transfer mechanisms — and will be completed with counsel before the platform is offered in those markets.

08 · Contact

Privacy questions, guardian requests, and deletion requests: [privacy contact placeholder — a dedicated privacy contact and postal address will be published with the final policy]. Guardians can exercise most rights directly in-product via the Trust Center.

See the consent ledger and audit trail live, or read the contractual terms these protections operate under.