PER|FORMTIE
ACHIEVEMOR · Per|Form

Privacy Policy

Last updated: 2026-04-22

REVIEW STATUS: Template reviewed by product owner. Not yet reviewed by outside counsel. Questions about how we handle your data: bpo@achievemor.io.

1. What we collect

When you submit via /tie/submit, we collect:

  • Submitter identity: email, role (player / school / team / agent / parent), organization.
  • Player identity: name, school/team, position, class year, height, weight, optional DOB.
  • Performance + combine + intangibles inputs you provide.
  • Consent flags: NIL disclosure · public visibility · transfer portal opt-in.
  • Anti-abuse: a hashed IP signal per submission (not the raw IP).

Public-domain player data (ESPN, NFL.com, Beast, etc.) shown on /draft/center, /players, and /players/cards is scraped from public sources and does not contain personal contact info.

2. How we use it

  • Compute your TIE grade via the canonical 40/30/30 engine.
  • Produce an NIL cohort comparable (median / P10 / P90 against peers).
  • Return the result to you; persist the submission so grades stay stable across views.
  • Aggregate statistics (tier distribution, NIL cohort curves) in non-identifiable form.

We do not sell your data. We do not use submissions to train third-party models.

3. Consent controls

  • NIL disclosure authorizes storage + NIL-cohort computation.
  • Public visibility authorizes the profile to be rendered on the public Per|Form surface.
  • Transfer portal authorizes matching against transfer-portal signals.

All three are required to complete a submission today. You can withdraw any consent by contacting us; withdrawal triggers deletion or de-identification within 30 days.

4. Retention + deletion + export

Per|Form keeps submissions in perform_submissions until you request deletion. You can request deletion or an export of your submitted data by emailing asg@achievemor.io. We respond within 30 days.

5. Third parties + infrastructure

  • Neon (Postgres) — primary database (encrypted at rest, TLS in transit).
  • Google Cloud Run — application runtime (encrypted at rest + in transit).
  • Hostinger myclaw-vps — Traefik routing layer (TLS via Let's Encrypt).
  • ESPN / NFL.com / The Athletic / NBA.com — public data sources (no identity exchange).

6. Security posture (§29 MIM)

  • HTTPS end-to-end.
  • Database credentials rotated via Cloud Run secret manager.
  • Admin access is SSH-key-only to myclaw-vps; no password auth.

7. Children

Prospects under 13 require a parent/guardian submitter role. High-school prospects (13–17) require parent/guardian authorization at the submitter step.

8. Changes

We may update this Policy; material changes carry a new "Last updated" date on this page.

9. Contact

ACHIEVEMOR · asg@achievemor.io

Template drafted under MIM v1.1 §45 + §35. Counsel review required before public launch.

BREAKINGLive feed loading...