Back home

Privacy Policy

Last updated: May 6, 2026

This Privacy Policy explains what information LaxIQ.net collects, how we use it, who we share it with, and what rights you have. We try to write this in plain English. If something is unclear, email [email protected] and we will explain it.

1. Who We Are

LaxIQ.net (the "Service") is operated by Garret Manno (the "Operator," "we," "our," or "us") from Winter Park, Florida, United States. LaxIQ.net is currently a solo project, not an incorporated entity. The mailing and contact address for legal notices is the email below until a business entity is formed and announced.

2. Pre-Launch Status

LaxIQ.net is in active development and an early-access program. Features, data models, and integrations may change. Some features described on this site, in emails, or in blog posts are planned but not yet built. This Policy describes what we collect today and the categories of data we expect to collect as features ship. We aim to keep this Policy current as material changes occur. See the Early-Access Terms for the full forward-looking-statement framing.

How to read this Policy

This Policy describes our intent and our best-effort practices, not absolute guarantees. Where it says "we will," read it as "we intend to and will use reasonable efforts to." Where it lists timeframes (such as a 30-day response or a 90-day log retention), those are typical targets, not promises that bind us in every case, and we may take longer where the law allows or where circumstances reasonably require. If you believe we have fallen short, write to [email protected] and we will work in good faith to resolve it.

3. Information We Collect

Information you give us

  • Name, email address, role, and similar identifying information you provide when joining the waitlist, signing up, or contacting us.
  • Profile and platform information you fill in (age band, position, team, program, ZIP code, child age groups for parents, similar).
  • Quiz responses, answers, and self-described tags.
  • Survey responses and feedback you submit.
  • Support payment details you submit on the Support page, including amount, frequency, contact email, and Stripe transaction references. Full card numbers are handled by Stripe, not stored by us.
  • Communication you send us, including support emails and beta-program replies.

Information collected automatically

  • Device and browser information (user agent, screen size, language).
  • IP address (used for rate limiting, fraud prevention, and approximate region).
  • Usage information (pages viewed, links clicked, session duration).
  • Referrer URL and UTM parameters when you arrive via a link or campaign.
  • Cookies and similar storage. See Section 11.

Information we do not collect

  • We do not collect government-issued IDs, social security numbers, or biometric data.
  • We do not collect precise GPS location.
  • We do not run third-party advertising trackers, ad-pixel cookies, or behavioral profiling for advertising purposes.
  • We do not buy or sell personal information.

4. How We Use Your Information

  • To provide, operate, and improve the Service.
  • To create and manage your account, profile, or waitlist record.
  • To send you Service-related emails (waitlist confirmation, beta invites, account notices, password resets).
  • To send you optional updates about features, blog posts, and the launch, only if you opted in. You can unsubscribe at any time.
  • To answer your questions, provide support, and respond to feedback.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms.
  • To comply with legal obligations and enforce our agreements.
  • To run aggregated, de-identified analytics that help us understand product usage. These analytics cannot be linked back to you.
  • To power optional AI and machine-learning features when you opt in. See the AI section below.

Artificial intelligence and machine learning (AI features)

As LaxIQ.net evolves, we may offer AI-assisted features (for example, an AI coach, drill recommendations, content generation, or summarization). Our approach is the following.

  • Opt-in by default. AI features that process your personal information beyond basic account use will be opt-in. You can decline, and we will not penalize the rest of your experience for it.
  • Local-first preference. Where it is technically feasible, we prefer on-device or self-hosted AI so your data does not leave our infrastructure. We cannot guarantee local processing for every feature, especially as the AI landscape changes.
  • Hosted AI providers. When a coach enables AI features, our coaching-summary feature sends the session notes (and a participant's name) to a hosted AI model — currently OpenAI or Anthropic — to generate a written summary. These providers are listed in our Subprocessors section. We aim to minimize what we send and to choose the strongest available data-handling terms (for example, no use of your data to train their general models). We cannot guarantee any provider's internal practices, only the contractual terms we are able to obtain.
  • Audio recordings. When a coach uses the optional audio-summary feature, the uploaded session recording is sent to Modal for speech-to-text transcription and the resulting transcript to Anthropic for summarization. Audio and voice are not collected anywhere else on the Service.
  • Improving our own models. We may use your interactions with AI features (prompts, responses, feedback, ratings) to improve LaxIQ.net's own models, evaluation, and prompt design. If you opt out, we will not use your individual content for this. We may still use aggregated, de-identified statistics that cannot be linked back to you.
  • Under-13 protections. Information about players under 13 — including their name, age, and any audio — is not sent to any AI or transcription provider unless a parent gives separate, explicit AI consent in the player's settings, and is excluded from model-training pipelines.
  • AI is not perfect. AI output can be wrong, biased, or unsafe. AI features are educational and informational. They do not replace coaching, medical, legal, or financial advice. Do not rely on AI output for decisions that matter without checking with a qualified human.
  • Data leakage risk. Despite reasonable safeguards, hosted AI services have been the subject of bugs, data leaks, prompt-injection attacks, and emerging threats. Opting in to AI features means you understand and accept that residual risk.

We aim to update this Policy and the Subprocessors list when material AI integrations change. If you opted in and we add a new hosted AI provider that materially changes how your data is processed, we will use reasonable efforts to tell you and give you a chance to opt out before sending your data to the new provider.

5. Subprocessors

We rely on a small set of trusted third-party services to operate LaxIQ.net. Each one only receives the data needed for its job, and each one is bound by its own privacy and security commitments. As of the date above, the active subprocessors are:

  • Render (application hosting and infrastructure).
  • Neon (managed PostgreSQL database).
  • Resend (transactional and broadcast email delivery).
  • Stripe (payment processing for any future paid subscriptions and donations once enabled). Stripe handles card data directly. We never see or store full payment card numbers.
  • Sentry (error monitoring; receives stack traces and limited request context).
  • Cloudflare (DNS, edge caching, and bot protection).
  • OpenAI and Anthropic (hosted AI models that generate coaching summaries from session notes — only when a coach enables AI features).
  • Modal (serverless speech-to-text transcription of uploaded coaching-session audio — only when a coach uses the audio-summary feature).

AI and audio features are off by default and only send data to the AI providers above when a coach explicitly turns them on. For players under 13, no information is sent to any AI or transcription provider unless a parent gives separate, explicit consent. See the AI section above for details.

We may add or change subprocessors as the Service evolves. Material changes will be reflected here. If you would like to be notified by email when this list changes, write to [email protected].

6. How We Share Information

We share personal information only in the limited circumstances below. We do not sell your data and we do not "share" it for cross-context behavioral advertising as those terms are defined under California or other state laws.

  • With subprocessors as listed in Section 5, only as needed for them to perform their function.
  • Within your team or program. If you join a team, your coach and program manager can see the profile and performance information your role exposes inside that team. This is core to how the Service works.
  • To meet legal obligations, valid law-enforcement requests, court orders, or to protect rights, property, or safety.
  • In a business transfer. If LaxIQ.net is acquired, merged, or its assets are transferred, your information may transfer with the Service. We will notify you and your rights will continue under the successor's policy.
  • With your explicit consent in any case not listed above.

7. Data Retention

We keep personal information only as long as we need it for the purposes described above, plus a reasonable period for legal, accounting, or dispute resolution requirements.

The targets below are typical retention periods we aim for. Actual retention may be shorter or longer where reasonably required (for example, during an active investigation, a legal hold, or a backup-rotation cycle).

  • Account information: kept while your account is active. Targeted for deletion within roughly 30 days of your account-deletion request, subject to legal retention obligations and backup-rotation timing.
  • Waitlist records: kept while you remain on the waitlist. Removed when you unsubscribe, with a small audit trail (timestamp + email hash) preserved to honor your unsubscribe request.
  • Quiz and survey responses: retained as part of your profile while your account is active. De-identified aggregates may be kept indefinitely.
  • Support payment records: kept as long as reasonably needed for accounting, tax, fraud-prevention, dispute, and legal obligations. Early access donation records may be retained for audit context unless you ask us to delete them and no legal retention duty applies.
  • Server logs (IP, user agent, request URLs): typically rotated within around 90 days unless a security incident or legal hold requires longer retention.
  • Email logs (delivery, open, click events): typically retained for up to about 1 year for deliverability and abuse prevention.

8. Security

We protect personal information with reasonable technical and organizational measures: HTTPS in transit, encryption at rest where supported by our subprocessors, least-privilege access, and routine secret rotation.

Evolving threat landscape. The security environment for internet services, including AI-assisted services, gets harder every year. Bots, automated attackers, prompt-injection techniques, and AI-generated attacks improve constantly. We make a best-effort commitment, not a guarantee. No internet service is 100% secure. By using LaxIQ.net you acknowledge this residual risk.

If you believe your account or data has been compromised, email [email protected] immediately.

Breach notification

If we discover a security incident that materially compromises your personal information, we aim to notify affected users by email without unreasonable delay, in line with applicable law. Where feasible, the notice will explain what happened, what data was affected, what we have done in response, and what you can do.

9. Payments

The Support page can process voluntary one-time or recurring payments through Stripe. Stripe handles payment-method collection under Stripe's own privacy policy. We store transaction metadata such as amount, frequency, status, receipt email, Stripe identifiers, and related support notes. We never store full card numbers.

10. Children's Privacy (COPPA)

LaxIQ.net is designed for users 13 and older. Children under 13 may not create their own accounts or directly submit personal information to the Service.

Player profiles for children under 13

Parents and coaches may create and manage limited player profiles for children under 13 through the parent's or coach's own verified adult account. In these cases:

  • The parent or coach is the account holder and controls the child's profile.
  • The child does not log in directly.
  • We collect only the information needed to support participation in a team or program: name (or initials), age band, position, and similar.
  • We do not collect or display photos, contact information, or precise location for users known to be under 13.

Verifiable parental consent

For under-13 player profiles, we require the adult account holder to explicitly confirm that they are the parent or legal guardian of the child, or that they are the team's coach acting with the parent's permission. Coaches are responsible for confirming with the parent before adding a child's profile. We may add additional verification mechanisms (such as credit-card-based VPC or signed consent forms) before any feature that collects more sensitive information is launched.

Parent rights

  • Review the personal information we have about your child.
  • Refuse further collection or use of that information.
  • Request deletion of your child's profile and data at any time.

Email [email protected] with the subject line "COPPA request" to exercise any of these rights. We aim to respond within roughly 30 days.

Accidental collection

If we learn that we have collected personal information directly from a child under 13 without proper parental consent, we will delete it promptly. If you believe this has happened, contact us immediately.

11. Cookies, Tracking, and Privacy Signals

We use a small set of cookies and similar storage:

  • Essential: keep you logged in, remember CSRF tokens, and route requests. The Service does not work without these.
  • Preferences: remember small settings (timezone, role, last filter).
  • First-party analytics: a privacy-respecting, in-house analytics layer that records aggregate usage without third-party trackers.

We do not load third-party advertising or behavioral-tracking cookies.

Global Privacy Control (GPC) and Do Not Track (DNT): when your browser sends a GPC signal, we treat it as an opt-out of "sale" and "sharing" for cross-context behavioral advertising in the rare case any such sharing is added. We do not currently engage in such activity. We honor GPC and DNT for analytics where technically feasible.

12. Your Rights

You can exercise the following rights at any time by emailing [email protected]. We aim to respond within roughly 30 days, and sooner where the law requires.

  • Access: a copy of the personal information we hold about you.
  • Correction: fix inaccurate or incomplete information.
  • Deletion: delete your account and personal information, subject to legal retention obligations.
  • Portability: receive your data in a machine-readable format.
  • Opt-out of marketing: unsubscribe from any non-essential email at any time using the unsubscribe link in the email or by writing to us.
  • Object or restrict processing: ask us to stop or limit certain uses of your data.
  • Non-discrimination: we will not deny you the Service, charge you a different price, or provide a lower level of service for exercising any of these rights.

We may need to verify your identity before fulfilling certain requests (typically by confirming control of the email associated with your account).

13. State-Specific Disclosures (United States)

California (CCPA / CPRA)

California residents have the rights listed in Section 12, plus the right to know what categories of personal information we have collected, sold, or shared in the past 12 months. We have not sold and have not shared personal information for cross-context behavioral advertising in the past 12 months and have no plans to do so. We do not knowingly collect or sell the personal information of consumers under 16. You may submit a verifiable request by emailing [email protected]. You may designate an authorized agent.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)

Residents of these states have similar rights to access, correct, delete, obtain a portable copy, and opt out of "sale" or targeted advertising. We do not engage in either. Submit requests to [email protected]. If we deny a request, you may appeal by replying to the denial email; we will reconsider within 60 days.

Florida (FDBR)

LaxIQ.net is operated from Florida. The Florida Digital Bill of Rights currently applies only to large operators ($1B+ revenue), which we are not. We honor the FDBR's spirit voluntarily and provide Florida residents the same access, correction, deletion, portability, and opt-out rights described above.

14. International Users (GDPR / UK GDPR baseline)

LaxIQ.net is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

If you are in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases for processing are: (a) performance of a contract with you (providing the Service), (b) our legitimate interests (operating, securing, and improving the Service), (c) your consent (for optional marketing emails), and (d) compliance with legal obligations. You have the right to lodge a complaint with your local data-protection supervisory authority.

15. Links to Other Sites

The Service may link to third-party websites we do not control. Their privacy practices are their own. Read their policies before sharing information with them.

16. Changes to This Policy

We may update this Policy as the Service evolves or to reflect changes in law. When we make a material change, we will update the "Last updated" date and, for registered users, send a notice email. Continued use of the Service after changes take effect means you accept the updated Policy.

17. Contact

Privacy or legal questions: [email protected].
Operator: Garret Manno, Winter Park, Florida, USA.

This Policy is provided in good faith to describe our actual practices. It is not legal advice. If you have concerns specific to your situation, consult an attorney.

Lacrosse IQ — Early Access

I'm a... (check all that apply)

Select every role that describes you