Privacy Policy
Last Updated: November 25, 2025
NOR/MAN PRIVACY POLICY
Version 1.0.0
Effective Date: November 25, 2025
Last Updated: November 25, 2025
1. INTRODUCTION
NOR/MAN ("NORMAN," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our track and field recruiting platform and related services (the "Services").
BY USING OUR SERVICES, YOU CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS POLICY.
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
Account Information:
- Name (first and last)
- Email address
- Password (stored encrypted)
- Phone number (optional)
- School/University affiliation
- Graduation year
- Date of birth or age verification
- Profile photo (optional)
Athlete-Specific Information:
- Athletic events and specializations
- Personal Records (PRs) and race times
- Meet results and competition history
- Training information
- Height, weight, and physical measurements (optional)
- Academic information (GPA, test scores) (optional)
- Recruiting preferences and target schools
- Coach contact history and notes
Coach-Specific Information:
- Coaching position and affiliation
- University/college employment verification
- Recruiting territory and event specializations
- Professional credentials
- Contact preferences
2.2 Information We Collect Automatically
Technical Data:
- IP address
- Device type, model, and operating system
- Browser type and version
- Screen resolution
- Cookies and similar tracking technologies
- Usage data (pages visited, features used, time spent)
- Session recordings and heatmaps (anonymized)
- Click patterns and navigation paths
Performance Data:
- We collect athletic performance data from publicly available sources including:
- Athletic.net profiles and results
- Race results from meet websites
- Cross country and track meet databases
- State association results
- Public ranking lists and performance databases
2.3 Information From Third-Party Sources
- Athletic performance data from public results databases
- School directory information from public sources
- Social media profile information (if you connect accounts)
- NCAA eligibility status from public records
- Meet results from timing system providers
2.4 Training Platform Data
When you connect third-party training platforms to your NORMAN account, we collect:
From Garmin Connect:
- Activity and workout data (distance, pace, heart rate, duration, elevation, etc.)
- Performance metrics and fitness statistics
- Training history, patterns, and trends
- GPS route data and location information (if enabled)
- Device and equipment information
- Sleep and recovery data (if available)
- Training load and stress metrics
From Strava:
- Activity and workout data (runs, rides, other activities)
- Performance metrics (pace, speed, heart rate, power, etc.)
- Route and segment data
- Training history and activity logs
- Kudos, comments, and social interactions (if public)
- Personal records and achievements
- Training patterns and frequency
From Coros:
- Activity and workout data
- Performance metrics and training statistics
- GPS and route information
- Device sensor data (heart rate, pace, elevation, etc.)
- Training load and recovery metrics
- Sleep and fitness tracking data (if available)
You authorize this data collection by connecting your training platform account(s) through our OAuth integration. You can revoke access at any time through your respective platform's privacy settings or through your NORMAN account settings.
3. HOW WE USE YOUR INFORMATION
3.1 Primary Service Functions
We use collected information to:
- Create and maintain user accounts
- Display athlete profiles to verified college coaches
- Calculate performance scores using our proprietary "Norman Method" algorithm
- Match athletes with appropriate college programs
- Facilitate communication between athletes and coaches
- Provide AI-powered chat assistance and recruiting guidance
- Track recruiting activity and interest levels
- Manage coach verification and authentication
3.2 Research and Analytics
We use athlete data for:
- Performance trend analysis and insights
- Recruiting pattern research
- Algorithm development and improvement
- Market research and competitive analysis
- Statistical modeling of athletic performance
- Predictive analytics for athlete development
- Training pattern analysis and optimization research
- Correlation studies between training data and competitive performance
IMPORTANT: Research uses anonymized and aggregated data. Individual athletes are not identifiable in research outputs.
3.3 Revenue Generation
We may monetize insights derived from platform data through:
- Aggregated reports on recruiting trends (sold to programs, organizations, or publications)
- Performance analytics and benchmarking tools
- Consulting services based on recruiting insights
- Partnerships with athletic organizations
Your individual data is NEVER sold to third parties. Only aggregated, anonymized insights are used for revenue generation.
3.4 Platform Improvement
- Enhancing user experience and interface design
- Developing new features and functionality
- Debugging and resolving technical issues
- Conducting A/B testing for feature optimization
- Training AI models for better recommendations
3.5 Communication
- Sending account notifications and updates
- Delivering recruiting messages from verified coaches
- Providing platform updates and new feature announcements
- Sending marketing communications (with consent)
- Responding to support requests
3.6 Security and Compliance
- Preventing fraud and unauthorized access
- Enforcing our Terms of Service
- Complying with legal obligations
- Responding to legal requests and preventing harm
4. HOW WE SHARE YOUR INFORMATION
4.1 With College Coaches (Athlete Data)
Verified college coaches can access:
- Athlete profiles including name, school, graduation year
- Performance data and personal records
- Contact information (email, phone if provided)
- Academic information (if provided)
- Notes and recruiting status (that coaches create themselves)
- Training platform data (if you have connected Garmin, Strava, or Coros and enabled sharing)
Athletes understand and consent that profile information is shared to facilitate recruiting opportunities. Training platform data sharing can be controlled through your privacy settings.
4.2 Service Providers
We share data with trusted third-party service providers who assist with:
- Cloud hosting and data storage (AWS, Google Cloud, etc.)
- Email delivery services
- Analytics platforms (Google Analytics, etc.)
- Customer support tools
- Payment processing (if applicable)
- AI/ML model hosting (Vertex AI)
These providers are contractually obligated to protect your data and use it only for specified purposes.
4.3 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify individuals with:
- Research institutions
- Athletic organizations
- Marketing partners
- Industry publications
- Business partners
4.4 Legal Requirements
We may disclose information when required to:
- Comply with legal obligations or court orders
- Respond to lawful government requests
- Protect rights, property, or safety of NORMAN, users, or the public
- Enforce our Terms of Service
- Investigate fraud or security issues
4.5 Business Transfers
If NORMAN is involved in a merger, acquisition, or sale of assets, user information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
4.6 With Your Consent
We may share information in other ways with your explicit consent.
5. DATA RETENTION
We retain your information for as long as necessary to:
- Provide Services to active users
- Comply with legal obligations (tax records, legal disputes)
- Resolve disputes and enforce agreements
- Conduct legitimate business operations and research
Specific retention periods:
- Active accounts: Retained indefinitely while account is active
- Deleted accounts: Personal identifiers removed within 90 days; anonymized performance data retained for research
- Legal acceptance records: Retained permanently for legal compliance
- Communication logs: Retained for 7 years
- Anonymized research data: Retained indefinitely
6. YOUR PRIVACY RIGHTS
6.1 Access and Portability
You have the right to:
- Access personal information we hold about you
- Request a copy of your data in a portable format
- Review acceptance records and audit trails
6.2 Correction and Updates
You may:
- Update profile information at any time
- Correct inaccurate performance data
- Request correction of erroneous information
6.3 Deletion and Erasure
You may request deletion of:
- Your account and profile
- Specific personal information
- Historical communication logs
- Connected training platform data
LIMITATIONS: We may retain:
- Anonymized performance data for research
- Legal acceptance records (required for compliance)
- Data necessary for legal obligations
- Information in backup systems (purged per retention schedule)
When you disconnect a training platform integration:
- We stop collecting new data immediately
- Existing historical data may be retained according to our retention policy
- You can request deletion of all training platform data separately
6.4 Objection and Restriction
You may object to or request restriction of:
- Use of data for research purposes (anonymized data may still be used)
- Marketing communications (opt-out available)
- Certain data processing activities
6.5 California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if information is sold or disclosed
- Right to opt-out of sale of personal information (Note: We do not sell personal information)
- Right to non-discrimination for exercising privacy rights
6.6 European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under GDPR including:
- Right to access, correction, and deletion
- Right to data portability
- Right to object to processing
- Right to restrict processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Legal basis for processing:
- Contract performance (providing Services)
- Consent (for optional features and marketing)
- Legitimate interests (research, platform improvement, security)
6.7 Exercising Your Rights
To exercise privacy rights, contact us at:
Email: privacy@normandata.xyz
Subject: "Privacy Rights Request"
We will respond within 30 days (45 days for complex requests).
7. DATA SECURITY
7.1 Security Measures
We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL) and at rest
- Secure password storage (bcrypt hashing)
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Intrusion detection and monitoring
- Regular backups with encryption
- Employee training on data protection
7.2 Coach Verification Security
Coach accounts undergo verification to prevent unauthorized access to athlete data:
- Employment verification required
- Manual review of credentials
- Periodic re-verification
- Activity monitoring for suspicious behavior
7.3 Limitations
No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
8. COOKIES AND TRACKING TECHNOLOGIES
8.1 Types of Cookies We Use
Essential Cookies:
- Session management and authentication
- Security and fraud prevention
- Load balancing and performance
Functional Cookies:
- User preferences and settings
- Language preferences
- Feature customization
Analytics Cookies:
- Google Analytics (usage patterns, popular features)
- Performance monitoring
- Error tracking
Marketing Cookies (with consent):
- Advertising campaign tracking
- Social media integration
- Retargeting (if applicable)
8.2 Managing Cookies
You can control cookies through:
- Browser settings (block or delete cookies)
- Opt-out links in our cookie banner
- Privacy settings in your account
Note: Disabling essential cookies may limit platform functionality.
8.3 Do Not Track Signals
We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for compliance.
9. CHILDREN'S PRIVACY
9.1 Age Restrictions
- Minimum age: 13 years old
- Users aged 13-17 require parental/guardian consent
- We do not knowingly collect data from children under 13
9.2 Parental Rights
Parents/guardians of users under 18 may:
- Review their child's information
- Request deletion of their child's account
- Refuse further collection of data
- Contact us at privacy@normandata.xyz with concerns
9.3 Special Protections
For users under 18:
- Additional privacy protections applied
- Marketing communications disabled by default
- Sensitive information collection minimized
- Enhanced security monitoring
10. INTERNATIONAL DATA TRANSFERS
NORMAN is based in the United States. If you access our Services from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from your country.
By using our Services, you consent to such transfers.
For EU users, we implement appropriate safeguards such as:
- Standard Contractual Clauses
- Adequacy decisions where applicable
- Additional security measures
11. THIRD-PARTY LINKS AND SERVICES
Our Services may contain links to third-party websites (e.g., athletic.net, college websites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
Integrated Third-Party Services:
- Google OAuth (for login)
- Vertex AI (for AI chat features)
- Athletic.net (for performance data)
- Garmin Connect API (for training data)
- Strava API (for training and activity data)
- Coros API (for training and fitness data)
Each has its own privacy policy governing data use.
11.1 Training Platform Integrations
When you connect Garmin Connect, Strava, or Coros:
- You grant NORMAN permission to access your training data through OAuth
- Data is collected in accordance with each platform's API terms
- You can revoke access at any time through your platform settings or NORMAN account
- We do not store your training platform login credentials
- API access tokens are encrypted and stored securely
Privacy Policies for Training Platforms:
- Garmin: https://www.garmin.com/en-US/privacy/
- Strava: https://www.strava.com/legal/privacy
- Coros: https://www.coros.com/privacy.php
11.2 Data Sharing with Training Platforms
We only receive data that you authorize. We do NOT:
- Send data back to training platforms
- Modify your training platform data
- Access private activities you've marked as private on those platforms (subject to API capabilities)
- Share your NORMAN data with training platforms beyond standard OAuth authentication
12. AUTOMATED DECISION-MAKING
12.1 AI Scoring and Rankings
We use automated algorithms to:
- Calculate athlete performance scores
- Generate rankings and ratings
- Recommend college matches
- Provide recruiting predictions
These automated decisions are based on objective athletic performance data and statistical models.
12.2 Right to Human Review
You may request human review of:
- Score calculations you believe are inaccurate
- Automated recommendations
- Account decisions based on automated systems
13. BETA TESTING AND RESEARCH
During closed beta testing:
- We may collect additional feedback and usage data
- Features and data collection practices may change
- We may conduct user research interviews (with consent)
- Aggregated beta insights may be shared publicly
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in:
- Legal requirements
- Platform features and functionality
- Data practices and procedures
- Business operations
Material changes will be communicated via:
- Email notification to registered users
- Prominent notice on the platform
- Required re-acceptance for significant changes
Continued use after changes constitutes acceptance for non-material updates.
15. CONTACT INFORMATION
For privacy-related questions, concerns, or requests:
Email: privacy@normandata.xyz
Legal: legal@normandata.xyz
Support: support@normandata.xyz
Mailing Address:
NOR/MAN
[INSERT BUSINESS ADDRESS]
[City, State, ZIP]
Data Protection Officer: [INSERT IF APPLICABLE]
16. ACKNOWLEDGMENT
BY USING OUR SERVICES, YOU ACKNOWLEDGE:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and disclosure of your information as described
- You understand athlete data will be shared with coaches and used for research
- You understand how we generate revenue from aggregated insights
- You are at least 13 years old (or have parental consent)
- If you connect training platforms (Garmin, Strava, Coros), you authorize collection of training data
- You can disconnect training platform integrations at any time
Last Updated: November 23, 2025
Version: 1.0.0
© 2025 NOR/MAN. All rights reserved.