Privacy Policy

Design by Dialogue LLC ("DBD," "we," "us," or "our") operates the BCA EDU Platform (the "Platform") in collaboration with Bat City Archery ("BCA"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Platform, including special provisions for the privacy of children under 13 years of age.

As the operator of the Platform, Design by Dialogue LLC owns all personal information collected and processed through the Platform. DBD is the data controller responsible for your personal information.

This Privacy Policy is incorporated into and subject to our Terms of Service. By accessing or using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Platform.

1. PERSONAL INFORMATION WE COLLECT

1.1 Information You Provide

We collect information you provide directly when you create an account, subscribe, or interact with the Platform:

Account Registration: Name, email address, password, and (for Coach/Club subscription tiers) organization name and role.

Payment Information: Payment card details, billing address, and transaction history. Payment information is collected and processed by Stripe, Inc. and is not stored on our servers. See Section 5 for details.

Profile Information: Optional information such as archery experience level, age or age range, school or club affiliation, and coaching preferences.

Coach-Managed Roster Data: When a coach or school administrator adds archers to their roster, we collect the names and any additional information the coach provides for those managed accounts.

Communications: Information you provide when you contact us for support, submit feedback, or otherwise communicate with us.

1.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information:

Usage Data: Pages visited, features used, drill completion, diagnostic results, AI query history, time spent on content, and navigation patterns.

Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.

Log Data: IP address, access times, referring URLs, and error logs.

Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and analyze usage patterns. See Section 8 for details.

1.3 Information from Artificial Intelligence (“AI”) Features

When you use AI-powered features (Quick Coach AI, AI Coach Chat, Practice Generator, Diagnostic Router), we collect:

The queries and prompts you submit to AI features.

The AI-generated responses provided to you.

Metadata about AI interactions (timestamps, feature used, response quality signals).

AI queries are processed through Google’s Gemini API. See Section 5.3 for details about how your data is handled by this service.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

Provide and Operate the Platform: Deliver content, process subscriptions, authenticate users, and maintain your account.

AI Coaching Features: Process your queries through our AI system to generate coaching suggestions, practice plans, and diagnostic feedback. Your queries are matched against the indexed educational content to produce relevant responses.

Improve the Platform: Analyze usage patterns to improve content, features, user experience, and AI response quality.

Coaching Program Support: Provide coaches and school administrators with aggregate and roster-level data about their enrolled archers’ Platform usage for coaching purposes.

Billing and Payments: Process subscription payments, manage billing, and send payment-related communications.

Communications: Send you service-related notices, respond to support requests, and (with your consent) send promotional communications.

Safety and Security: Detect and prevent fraud, abuse, and security incidents. Enforce our Terms of Service.

Legal Compliance: Comply with applicable laws, regulations, legal processes, and governmental requests.

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We share information only in the following circumstances:

3.1 With BCA (Content Collaborator)

During our active collaboration, Bat City Archery receives access to: (a) aggregate subscriber metrics (subscriber counts by tier, growth trends, churn rates); and (b) roster-level data sufficient to identify which archers are using the Platform for coaching purposes. BCA does not receive raw email lists, payment data, or individual account credentials.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your information. See Section 5 for details about our specific service providers.

3.3 With Coaches and School Administrators

If your account is managed under a Coach Starter or Club Hub subscription, the subscribing coach or administrator may have access to your name, usage data, drill completion, progress data, and other Platform activity relevant to coaching. This access is limited to what is necessary for the coaching purpose.

3.4 For Legal Reasons

We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law; (b) protect our rights, property, or safety, or the rights, property, or safety of others; (c) investigate fraud or respond to a government request; or (d) enforce our Terms of Service.

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change by posting a notice on the Platform or by sending you an email.

3.6 Collaboration Changes

The Platform is operated by DBD in collaboration with BCA. If the collaboration between DBD and BCA terminates, DBD retains ownership and control of all Subscriber Data. BCA’s access to aggregate metrics and roster-level data will cease upon collaboration termination. DBD may continue to operate the Platform and process your information in accordance with this Privacy Policy.

4. CHILDREN’S PRIVACY

We take the privacy of children seriously. This section describes our practices regarding information collected from children under 13 years of age, in compliance with the Children’s Online Privacy Protection Act ("COPPA") and its applicable rules.

4.1 When We Collect Information from Children Under 13

We collect personal information from children under 13 only in the following circumstances:

Individual Accounts: A parent or legal guardian has provided verifiable parental consent through a method that satisfies COPPA requirements before the child’s account is created.

Coach/Club Accounts: The child’s account is created and managed by a coach, school, or club administrator as part of a school archery program. In this case, the coach, school, or club acts as the agent for parental consent in accordance with COPPA’s school consent exception. The coach, school or club consents to the collection of information solely for the educational purpose of the Platform.

4.2 Information Collected from Children Under 13

For children under 13, we limit the personal information we collect to what is reasonably necessary to provide the Platform’s educational services:

First name (or username/alias if provided by the coach).

Age or grade level.

Platform usage data (drills completed, progress, diagnostic results).

AI query content (when the child uses AI features).

We do NOT collect from children under 13:

Email addresses (unless provided by a parent for account recovery purposes).

Precise geolocation data.

Photographs, video, or audio recordings.

Payment information (payment is handled by the parent, coach, or club.

Persistent identifiers for behavioral advertising purposes.

4.3 How We Use Children’s Information

Information collected from children under 13 is used solely to:

Provide the Platform’s educational coaching services.

Track progress within the coaching curriculum.

Generate AI coaching responses to the child’s queries.

Provide usage data to the child’s coach or school administrator.

We do not use children’s personal information for marketing, advertising, or any purpose unrelated to the educational coaching services.

4.4 Parental Rights

Parents and legal guardians of children under 13 have the right to:

Review the personal information we have collected from their child.

Request deletion of their child’s personal information.

Refuse to permit further collection or use of their child’s information.

Request that their child’s account be removed from a coach’s roster.

To exercise any of these rights, please contact us at privacy@designbydialogue.ai. We will verify your identity as the child’s parent or guardian before processing your request.

4.5 Coach/School/Club Obligations Under COPPA

Coaches, schools, and club administrators who enroll children under 13 on the Platform are responsible for:

Ensuring that appropriate parental notice has been provided regarding the Platform’s data practices.

Obtaining or possessing the authority to provide consent on behalf of parents for the educational use of the Platform.

Promptly notifying us if a parent revokes consent or requests removal of their child from the Platform.

Using the Platform and any data accessible through it solely for legitimate educational coaching purposes.

4.6 Data Retention for Children’s Information

We retain personal information collected from children under 13 only for as long as is reasonably necessary to fulfill the educational purpose for which it was collected. When a child’s account is deactivated or removed from a coach’s roster, we will delete the child’s personal information within thirty (30) days, unless retention is required by law.

5. THIRD-PARTY SERVICES

The Platform relies on the following third-party services to operate. Each has its own privacy practices:

5.1 Stripe (Payment Processing)

We use Stripe, Inc. to process subscription payments. When you provide payment information, it is transmitted directly to and stored by Stripe in accordance with Payment Card Industry Data Security Standards (PCI DSS). We do not store your full credit card number on our servers. Stripe’s privacy policy is available at https://stripe.com/privacy.

5.2 Supabase (Authentication and Database)

We use Supabase for user authentication and database hosting. Your account credentials and Platform data are stored on Supabase’s infrastructure with encryption at rest and in transit. Supabase’s privacy policy is available at https://supabase.com/privacy.

5.3 Google Gemini (AI Features)

Our AI coaching features are powered by Google’s Gemini API. When you submit a query to an AI feature, your query (along with relevant educational content context) is transmitted to Google’s servers for processing. We use the Gemini API under Google’s data processing terms, which provide that:

Google does not use your API input or output data to train its models.

Input and output data are processed transiently and not retained by Google beyond what is necessary to provide the service.

Google’s API data processing terms are available at https://ai.google.dev/terms.

Our Semantic Bridge architecture is designed to minimize the personal information transmitted to the Gemini API. AI queries are matched against indexed educational content; your personal information (name, email, payment data) is not included in API calls.

5.4 Vercel (Hosting)

The Platform is hosted on Vercel’s infrastructure. Vercel may process server logs, IP addresses, and request metadata in the course of hosting the Platform. Vercel’s privacy policy is available at https://vercel.com/legal/privacy-policy.

6. DATA SECURITY

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/HTTPS) and at rest.

Secure authentication through Supabase with password hashing and session management.

Access controls limiting who within our organization can access personal information.

Regular security reviews of our platform code and infrastructure.

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law.

7. DATA RETENTION

We retain your personal information for as long as your account is active or as needed to provide you with the Platform’s services. Specific retention periods:

Account Data: Retained for the duration of your active account, plus twelve (12) months after account deletion to handle any billing disputes or legal obligations.

Payment Records: Transaction records are retained by Stripe for seven (7) years for tax and accounting compliance.

Usage Data: Retained in identifiable form for twenty-four (24) months, then aggregated and anonymized.

AI Query History: Retained for twelve (12) months to improve AI response quality, then deleted or anonymized.

Children’s Data (Under 13): Deleted within thirty (30) days of account deactivation or roster removal. See Section 4.6.

Server Logs: Retained for ninety (90) days for security and debugging purposes, then deleted.

Our written data retention policy is maintained in compliance with the COPPA rule and is available upon request.

8. COOKIES AND TRACKING TECHNOLOGIES

We use the following types of cookies and similar technologies:

Essential Cookies: Required for Platform functionality, including authentication, session management, and security. These cannot be disabled.

Functional Cookies: Remember your preferences (such as language settings, display preferences, and subscription tier features). These enhance your experience but are not strictly necessary.

Analytics Cookies: Help us understand how users interact with the Platform, which features are most used, and where users encounter issues. We use this data to improve the Platform.

We do NOT use cookies for:

Third-party behavioral advertising or ad targeting.

Cross-site tracking.

Selling data to advertisers or data brokers.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain Platform features.

9. YOUR RIGHTS

9.1 Texas Data Privacy and Security Act (TDPSA)

If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act:

Right to Access: You may request confirmation of whether we are processing your personal data and access to that data.

Right to Correction: You may request correction of inaccuracies in your personal data.

Right to Deletion: You may request deletion of your personal data.

Right to Data Portability: You may request a copy of your personal data in a portable and usable format.

Right to Opt Out: You may opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects.

We do not sell personal data, engage in targeted advertising, or profile users in a manner that produces legal or similarly significant effects.

9.2 COPPA Rights (Children Under 13)

See Section 4.4 for parental rights regarding children’s personal information.

9.3 Exercising Your Rights

To exercise any of the rights described in this section, please contact us at privacy@designbydialogue.ai. We will respond to verified requests within forty-five (45) days. If we need additional time, we will notify you of the extension and the reason. We will not discriminate against you for exercising your privacy rights.

9.4 Right to Appeal

If we decline your request, you may appeal our decision by contacting us at the email address above. We will respond to your appeal within sixty (60) days. If you are not satisfied with our response, you may contact the Texas Attorney General’s Office.

10. DO NOT TRACK SIGNALS

The Platform does not currently respond to "Do Not Track" (DNT) browser signals. However, as described above, we do not engage in cross-site tracking or behavioral advertising.

11. INTERNATIONAL USERS

The Platform is operated from the United States. If you access the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform, you consent to such transfer, storage, and processing.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Platform and updating the "Last Updated" date. For material changes that affect how we collect or use children’s personal information, we will provide direct notice to parents (or to the coach/school for managed accounts) and obtain new consent where required by COPPA.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. CONTACT INFORMATION

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle personal information, please contact us:

Design by Dialogue LLC

Email: legal@designbydialogue.ai

Data Privacy Inquiries: privacy@designbydialogue.ai

Platform: https://masteryourshot.com

For complaints regarding children’s privacy, you may also contact the Federal Trade Commission at https://www.ftc.gov or the Texas Attorney General’s Office at https://www.texasattorneygeneral.gov.