FlagSketch Logo

Legal

Privacy Policy

Last updated: April 15, 2026

FlagSketch ("we," "us," or "the app") helps flag football coaches design plays, build practices, and share playbooks. This policy explains what data we collect, why we collect it, and the limited ways we use and share it. The app is operated as a sole proprietorship by Austin Wang, based in the United States.

We wrote this in plain language. If anything is unclear, email privacy@flagsketch.com and we'll answer directly.

Who this policy covers

This policy applies to the FlagSketch website at flagsketch.com and the FlagSketch iOS and Android mobile apps. FlagSketch is offered to coaches in the United States and is not directed at users outside the US.

What we collect

We only collect what the app needs to work. Specifically:

  • Account information. When you sign up, we store your email address and display name. If you sign in with Google or Apple, we receive the email and name from that provider and nothing else. We never see your password — authentication is handled by Supabase, which stores password hashes we cannot read.
  • Content you create. Playbooks, plays, practices, drills, sharing invitations, and related data you enter into the app. This content belongs to you.
  • Usage analytics. We record anonymized events about which features are used (for example, "user opened a play" or "user created a practice") so we can improve the product. These events are linked to a user ID but do not include the contents of your playbooks.
  • Error reports. If the app crashes or hits an error, we capture a stack trace and the URL where it happened, along with your user ID, to fix bugs. Error reports do not include your playbook contents.
  • Payment information. If you subscribe to Pro, Stripe processes your payment. We only store a Stripe customer ID and subscription status; we never see your card number.
  • Push notification tokens. On the mobile app, if you opt in to push notifications, we store a device token from Firebase Cloud Messaging so we can send you alerts (for example, when someone shares a playbook with you). You can revoke this at any time in your device settings.
  • Device platform. On the mobile app we record "iOS" or "Android" alongside your push token so notifications route correctly.

How we use it

  • To provide the service: authenticate you, sync your playbooks across devices, and render the app you're paying for.
  • To send transactional emails you expect — sharing invitations, password resets, and receipts.
  • To send push notifications you've opted into on the mobile app.
  • To understand which features work and which don't, so we can improve the product.
  • To detect and fix bugs and abuse.
  • To process Pro subscription payments through Stripe.

We do not sell your personal information, and we do not use it for advertising outside of FlagSketch.

Who we share it with

FlagSketch runs on third-party services ("sub-processors"). Each one only receives the data it needs to do its job:

  • Supabase — stores your account, playbooks, practices, and handles authentication.
  • Vercel — hosts the website and mobile web content; handles request routing.
  • Google and Apple — if you choose Sign in with Google or Apple, they authenticate you and pass your email and name to us.
  • Firebase Cloud Messaging (Google) — delivers push notifications on the mobile app.
  • Stripe — processes Pro subscription payments.
  • PostHog — receives anonymized usage analytics events.
  • Sentry — receives error reports and stack traces.
  • Resend — sends transactional emails (invitations, password resets).

We share data with these services only to operate FlagSketch. We do not sell your data to anyone, and we do not share it with advertising networks or data brokers.

We may disclose information if legally required — for example, in response to a valid subpoena or court order. If that happens we'll push back where we can.

Sharing features inside the app

If you share a playbook with another coach, that person receives an email invitation and gains access to the playbook's contents with the permission level you choose. Your email address is visible to people you've shared with or who've shared with you. You can revoke access at any time from the playbook's Sharing settings.

Public playbooks

If you mark a playbook as public, its plays are visible to anyone who browses the template library. Your display name is shown as the author. Do not mark a playbook public if it contains information you don't want shared.

Your choices

  • Access and correction. You can view and edit your account data inside the app at any time.
  • Deletion. You can delete individual playbooks and plays inside the app. To delete your entire account and all associated data, email privacy@flagsketch.com. We'll purge your data within 30 days, except where we are legally required to keep payment records (Stripe retains transaction records for tax and accounting purposes).
  • Data export. Email privacy@flagsketch.com and we'll send you a copy of your data.
  • Push notifications. You can turn these off in your device settings at any time.
  • Analytics opt-out. Email us and we'll disable analytics for your account.

Data retention

We keep your account data for as long as your account is active. If you delete your account, we remove your data within 30 days. We retain payment records for seven years to comply with US tax law, and we keep anonymized aggregate usage data indefinitely to understand long-term product trends.

Security

All traffic to FlagSketch is encrypted with TLS. Playbook data is protected by row-level security policies in our database — you can only see playbooks you own or have been granted access to. Passwords are hashed by Supabase and never stored in plaintext. OAuth tokens are short-lived. No system is perfectly secure, but we take reasonable measures to protect your data.

Children

FlagSketch is intended for coaches, not children. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has created a FlagSketch account, email privacy@flagsketch.com and we'll delete the account promptly.

Where your data is stored

FlagSketch is operated from the United States and all data is processed and stored on US-based servers. By using FlagSketch, you understand that your data will be processed in the US.

Changes to this policy

If we update this policy, we'll change the "Last updated" date at the top. For material changes (new kinds of data collection, new sub-processors in categories not listed here), we'll notify active users by email before the change takes effect.

Contact

Privacy questions, data requests, account deletion: privacy@flagsketch.com

General support: support@flagsketch.com

If you need a physical mailing address (for example, for a legal notice), email privacy@flagsketch.com and we'll provide one.