Privacy Policy
Last updated: July 9, 2026
This policy explains what BowlSheet (“BowlSheet,” “we,” “us”) collects, how we use and store it, and the choices you have. It applies to the BowlSheet mobile apps (iOS, Android, macOS) and the BowlSheet web dashboard.
BowlSheet stores student-athlete performance data, often for minors in high-school programs. We treat that data as sensitive, and we design the product around the expectations that apply to schools and student records.
Data we collect
- Identity and contact — coach, assistant, analyst, and admin accounts, and the email addresses used for passwordless (magic-link) sign-in. Optional guardian or viewer contacts.
- Roster and athlete data — bowler names and profiles, and team and season membership.
- Performance data — scores, frames, ball throws, leaves, splits, equipment, targeting, notes, and event, location, and oil-pattern context.
- Operational data — audit logs and device and sync metadata used to keep offline scoring in sync and to diagnose errors. Billing, when enabled, is handled by our payment provider (Stripe); we store minimal references and never card data.
We do not collect precise device location, contacts, photos, or advertising identifiers, and the apps contain no third-party advertising or analytics tracking SDKs.
How we use data
We use the data to provide scoring, analytics, and team management to coaches and programs, to send magic-link sign-in emails, and to monitor and fix errors. We do not sell or rent personal or student data, we do not use it for advertising, and we do not track you across other apps or websites.
Where your data is stored
BowlSheet’s backend, database, and file storage are hosted on DigitalOcean in the United States. Data is encrypted in transit (HTTPS/TLS). Scores you enter are stored locally on your device so scoring works offline, and sync to our servers when a connection is available.
Third-party services we use
We share data only with the service providers (“subprocessors”) needed to run BowlSheet, each limited to that purpose:
- DigitalOcean — cloud hosting, database, and backups (United States).
- Cloudflare — DNS, TLS termination, and content delivery for our website and API, and routing of inbound email sent to our published addresses.
- Resend — delivery of transactional email, including magic-link sign-in messages.
- Sentry — application error and crash monitoring so we can find and fix problems.
- Stripe — payment processing for paid team plans, where billing is enabled. Stripe handles card data directly; we do not store it.
We do not sell data to, or allow advertising use by, any third party.
Legal frameworks we follow
- FERPA-like institutional expectations. When a school or college is the customer, the institution is the data controller and BowlSheet is a processor acting under its direction. A Data Processing Addendum (DPA) governs that relationship.
- COPPA. Athletes do not self-register. A coach or admin manages roster entries, and individual bowler login is gated behind institutional or guardian consent.
- State student-data-privacy laws. No advertising use, no sale of student data, and deletion on request.
Who can see athlete data
Access is role-based and authorization is enforced on the server:
- Owner / admin — full organization and team management, and billing.
- Coach / assistant — score games, manage roster and events, and view team analytics.
- Analyst — read analytics; no roster or billing changes.
- Bowler — view their own performance (login gated by institutional or guardian consent).
- Guardian / viewer — read-only access to a specific athlete’s data, granted by an admin or coach.
Every record is scoped to its organization, and access to athlete data is role-checked and audit-logged.
Consent
Institutions accept our Terms and DPA at onboarding. Guardian or athlete consent is captured before enabling an individual bowler’s login, following the institution’s process. BowlSheet records the consent state; the underlying consent documents stay with the institution.
Retention and deletion
- Active retention — performance and roster data is retained while the team’s account is active.
- Athlete removal — removing a bowler hides them from active views; an admin-triggered hard delete purges personal data, optionally retaining de-identified aggregate stats.
- Account closure — an export-then-delete window of 90 days applies, after which team data is purged from primary storage and ages out of backups per our backup policy.
- Deletion on request — institution or guardian deletion requests are honored within 30 days and recorded in audit logs.
Contact
For privacy questions, data requests, or to report a concern, email support@bowlsheet.com.