Privacy Policy

Last updated: 2026-06-14

About LeagueForge

LeagueForge is a scholastic esports platform used by schools, school districts, and league administrators to organize student esports competitions. We act as a school official with a legitimate educational interest under FERPA, and as a school service provider under SOPIPA, NY Ed Law 2-d, IL SOPPA, and comparable state laws.

What we collect

• Account information: name, email, password (hashed), date of birth, role
• School affiliation: school, team membership, jersey number, in-game name
• Optional profile data: display name, avatar, graduation year, linked gaming accounts
• Activity: match check-ins, scores, messages in team/league channels
• Technical: IP address, browser/device info, timestamps, for security and abuse prevention

Why we collect it

Solely to run the esports program for the school or league that owns your account. We use the minimum data required for the platform's features (roster management, scheduling, scoring, communication).

What we do NOT do

• We do not sell, rent, or trade personal information.
• We do not use student data for targeted or behavioral advertising.
• We do not build profiles of students for any purpose other than running the school's esports program.
• We do not allow private 1-to-1 messages between student players (by design — all student messaging happens in team or league channels with a coach or admin present).

COPPA (under 13)

For users under 13, we obtain verifiable parental consentbefore activating the account, using the FTC's "email plus" method: we email the parent, the parent reviews the data we collect, signs an electronic consent form, and receives a confirmation email with a withdraw link. Parents may withdraw consent at any time.

FERPA (education records)

We treat student data as education recordsunder FERPA. Schools retain ownership and control. We only access or disclose records to fulfill the service they've contracted us to provide. We log every access to student records and surface that log to the student (and on request, to a parent) under Privacy & data.

State laws

We comply with state student-data privacy laws including:

• New York Education Law 2-d & Parents' Bill of Rights
• California AB 1584 / SOPIPA
• Illinois SOPPA
• Texas Education Code §32
• Colorado Student Data Transparency & Security Act

Your rights

• Access: view your data and recent access log at any time via Privacy & data.
• Export: download a JSON copy of everything we store about you.
• Correction: contact us to correct inaccurate data.
• Deletion: request deletion; we process within 30 days.
• Parental rights: parents of minors may exercise any of the above on their child's behalf.

Data retention

We retain account data for the duration of the school's contract with us, plus 30 days. Deletion requests are honored within 30 days and override the contract default. Backups are purged within 90 days.

Security

All data is encrypted in transit (TLS) and at rest. We use Supabase (PostgreSQL with Row Level Security) and follow least-privilege principles for staff access. We log every administrative action.

Breaches

If we discover a security breach affecting student data, we notify the affected school within 72 hours and follow each affected state's notification timeline (NY: 7 days; CA & IL: "most expedient" without unreasonable delay; FTC for COPPA-relevant incidents).

Subprocessors

We use Supabase (database / auth hosting), Cloudflare (CDN / DDoS protection), and Resend (transactional email). Each is bound by a data processing agreement that meets our COPPA / FERPA standards.

Contact

Privacy questions: privacy@leagueforge.gg. For COPPA, FERPA, or state-law requests, reply to any email from us or write to us at the address above.