Rallo Privacy Policy

Effective date: June 23, 2026

Rallo ("Rallo," "we," "us," or "our") is a team-management and coaching app operated by Totem Works Studio LLC. This Privacy Policy explains what information Rallo collects, how we use it, who can see it, and the choices you have. By creating an account or using Rallo, you agree to this policy.

If you have questions, contact us at studio@thetotemworks.com.

Plain-language summary. Rallo is built for coaches, players, and parents on a sports team. We collect the information needed to run a team: accounts, schedules, rosters, coach-entered notes (including injury status a coach records), practice plans, film clips coaches share, and basic player development logs. Your team's data is visible only to members of your team. We do not sell your data, we do not use it for advertising, and we do not use third-party advertising networks. You can delete your account and its data from inside the app at any time.

// 1 · Who can use Rallo (age requirement)

Rallo accounts are for users 13 years of age or older. We do not knowingly allow anyone under 13 to create an account. A coach may list a younger athlete's name on a roster for team-management purposes, but younger athletes are not given app logins and do not create accounts.

If we learn that we have collected account-level personal information of a child under 13, we will delete it. If you believe a child under 13 has created an account, contact studio@thetotemworks.com and we will remove it.

// 2 · Information we collect

Account information you provide:

Name (display name), email address, and a password (passwords are handled by our authentication provider and stored in hashed form; we never see your plaintext password).
Your role on a team (coach, player, or parent) and the team(s) you belong to.

Team and coaching content:

Roster details a coach enters: jersey number, position, graduation year, dominant hand, and contact information.
Injury status that a coach records — such as an availability status (active / limited / out), an injury type, and an estimated return date. This information is entered by a coach for team-management purposes only. It is not medical advice and is not collected from a medical provider. Coaches control whether a parent can see their own athlete's status.
Schedules, events, attendance, and RSVPs.
Practice plans and drills.
Film clips, images, drawings (telestration), voice recordings, and comments that coaches and players create or upload to share with their team.
Player development logs such as wall-ball counts and lifting entries, and the personal records derived from them.
Messages and broadcasts sent within a team.

Information collected automatically:

A device push-notification token, so we can deliver team notifications you've opted into.
We do not use third-party advertising, marketing, or analytics SDKs, and the app does not collect crash or usage analytics. Our infrastructure providers keep standard operational server logs needed to run and secure the service.

We do not collect precise location, contacts from your address book, health data from Apple Health or other medical sources, or financial/payment information through the app. (Team subscriptions, where applicable, are handled separately on our website, not inside the app.)

// 3 · How we use information

We use the information above to:

Create and secure your account and authenticate you.
Operate core features: schedules, rosters, practice planning, film sharing, messaging, and player development.
Send notifications you've enabled (event reminders, assignments, broadcasts).
Maintain an audit trail on sensitive edits (for example, who changed an injury status and when) for team accountability.
Keep the service reliable, secure, and free of abuse.
Respond to your support requests.

We do not sell personal information, and we do not use it to serve third-party advertising.

// 4 · Who can see your information

Team-scoped by default. Your team's data is visible only to members of that team, enforced at the database level (row-level security). A coach sees their team; a player sees their own team content and personal data; a parent sees only their own athlete's information that the coach has chosen to make visible.
Injury status visibility is controlled by the coach, who can toggle whether parents see their own athlete's status.
Public community content (if you opt in). If you choose to publish content to a public catalog (for example, a publicly shared play or drill), that content and your coach handle become visible to other Rallo users. You control this per item.
We do not make your personal information public except content you deliberately choose to share publicly.

// 5 · Service providers

We rely on a small number of infrastructure providers to run Rallo, including:

Supabase (database, authentication, and file storage), hosted on cloud infrastructure in the United States.
Apple Push Notification service / the platform push service to deliver notifications.

These providers process data on our behalf under their own security and privacy commitments and only to provide their services to us. We do not authorize them to use your information for their own purposes.

// 6 · Data retention and deletion

We keep your information for as long as your account or team is active, or as needed to provide the service.

You can delete your account from inside the app (Settings → Account → Delete Account). Deleting your account removes your profile and personal data associated with it. Some content may persist where another team depends on it (for example, a message you sent to a team, or content you contributed to a public catalog), and we may retain limited records as required for security, dispute resolution, or legal compliance. Backups are purged on a rolling schedule.

You may also request deletion by emailing studio@thetotemworks.com.

// 7 · Security

We protect data in transit using encryption (HTTPS/TLS) and restrict access to team data using database-level row-level security and access controls. No system is perfectly secure, but we work to protect your information and to limit access to those who need it.

// 8 · Your choices and rights

Access and correction: You can view and edit much of your information directly in the app, or contact us for help.
Notifications: You can turn push notifications off in the app or in your device settings.
Deletion: Use in-app account deletion or email us.
Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA) or the EU/UK GDPR, including rights to access, correct, delete, or port your data, and to not be discriminated against for exercising them. To exercise these, contact studio@thetotemworks.com. We do not sell or "share" personal information as those terms are defined under CCPA.

// 9 · International users

Rallo is operated from the United States and stores data on U.S.-based infrastructure. If you use Rallo from outside the United States, you understand your information is processed in the United States.

// 10 · Changes to this policy

We may update this policy as the product evolves. We'll revise the "Effective date" above and, for material changes, provide a more prominent notice. Continued use after an update means you accept the revised policy.

// 11 · Contact us

Totem Works Studio LLC
Privacy questions: studio@thetotemworks.com