PRIVACY POLICY

Effective Date: May 27, 2026 | MyNextOffer, LLC

MyNextOffer, LLC (“MyNextOffer,” “we,” “us,” or “our”) operates the MyNextOffer platform located at mynextoffer.io (the “Service”). This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the Service. Please read it carefully. By using the Service you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you create an account or use the Service, including:

Account information: name and email address
Athlete profile data: sport, position, graduation year, high school name, city, state, GPA, SAT/ACT scores, intended major, height, weight, athletic stats, highlight video links, social media handles
Recruiting activity: schools saved, coaches contacted, outreach log entries, messages generated, follow-up notes
Payment information: billing name, email, and payment method details processed by Stripe (we do not store full card numbers)
Gmail connection data: if you connect your Gmail account, we store your Gmail address, AES-256-GCM encrypted OAuth access and refresh tokens, and a daily send counter. We do not store the content of any emails in your Gmail inbox.
Communications: messages you send to our support team

1.2 Information Collected Automatically

When you use the Service we automatically collect:

Usage data: pages visited, features used, AI generations requested, session duration, click patterns
Device and technical data: IP address, browser type and version, operating system, device identifiers, referring URLs
Cookies and similar technologies: session cookies used to maintain your authenticated state (see Section 8)
Email delivery data: when you send a recruiting email through the Service, we embed a tracking pixel in that email. If the recipient opens the email, we record the open timestamp, open count, the recipient’s IP address, and user-agent string. We also track link clicks within sent emails. This data is used to show you whether a coach opened or engaged with your email. See Section 5 for more detail.

1.3 Information from Third Parties

We may receive limited information from third-party services you connect. When you connect Gmail, Google provides us with your Gmail address and OAuth tokens. When you pay, Stripe confirms your payment status. We do not purchase data from data brokers.

2. How We Use Your Information

We use your information for the following purposes:

Purpose	Description
Providing the Service	Creating and managing your account, generating AI content, enabling recruiting tools, sending emails on your behalf via connected Gmail, and delivering all features described in our Terms of Service.
Personalization	Using your athlete profile data to personalize AI-generated emails, strategy recommendations, and school fit assessments.
Billing and payments	Processing subscription payments, managing billing periods, and issuing invoices via Stripe.
Transactional communications	Sending OTP login codes, payment receipts, subscription renewal notices, and security alerts.
Product communications	Sending recruiting tips, feature announcements, and platform updates. You may opt out of marketing emails at any time.
Email tracking	Tracking whether recruiting emails you send were opened or had links clicked, so you can see coach engagement in your outreach dashboard.
Reply detection	Using Gmail thread metadata (From headers only) to automatically detect when a coach replies to your recruiting email and update your CRM status.
Analytics and improvement	Understanding how the Service is used so we can improve features, fix bugs, and enhance performance.
Safety and compliance	Detecting and preventing fraud, abuse, and violations of our Terms of Service; complying with legal obligations.

3. AI Processing and Third-Party AI Providers

MyNextOffer uses AI APIs to power content generation features. When you request AI-generated content (coach emails, follow-ups, strategy advice, social posts), relevant portions of your athlete profile are transmitted to the AI provider to generate the output.

We currently use Anthropic’s Claude API as our primary AI provider. Data transmitted is governed by Anthropic’s Privacy Policy.
We also support OpenAI and Google Gemini as alternative AI providers. Use of these providers is governed by their respective privacy policies.
We do not transmit your payment information or full account credentials to AI providers.
AI-generated content may be stored in our database to display your generation history and to improve our prompt quality.

4. Gmail API Integration & Limited Use

MyNextOffer’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Connecting your Gmail account is optional. If you choose to connect it, the following applies:

4.1 Scopes Requested

We request two Google OAuth scopes:

gmail.send — allows us to send recruiting emails from your Gmail address on your behalf. You compose and approve every message before it is sent.
gmail.metadata — allows us to read thread metadata (specifically the From header of messages in threads we sent) to automatically detect when a college coach replies to your recruiting email. We read only the From address of thread messages; we do not access message bodies, subject lines, attachments, or any other inbox content.

4.2 What We Store

Your Gmail address
OAuth access and refresh tokens, encrypted at rest using AES-256-GCM
Token expiry timestamp
A daily send counter (resets at midnight UTC) to stay within Google’s sending limits

4.3 What We Do Not Do

We do not read, index, or store the content of your Gmail inbox
We do not read message bodies, subject lines, or attachments of any messages
We do not use your Gmail data to serve advertisements
We do not share your Gmail data with any third party except as strictly necessary to operate the Service (Google’s own API servers)
We do not use your Gmail data for any purpose other than sending emails you initiate and detecting replies to those emails

4.4 Disconnecting Gmail

You may disconnect your Gmail account at any time from Settings → Gmail Connection. Upon disconnection, your encrypted tokens are immediately deleted from our database. You can also revoke access at any time from your Google Account permissions.

5. Email Tracking

When you send a recruiting email through the Service, we embed a small transparent 1×1 pixel image in the email. When the email is opened by the recipient, their email client loads this pixel, which allows us to record:

The date and time the email was opened
The number of times the email was opened
The IP address and browser/mail client user-agent string of the device that loaded the pixel

We also track whether links within your sent emails are clicked by redirecting links through our tracking service before forwarding to the destination URL.

This data is displayed only to you in your outreach dashboard to help you gauge coach engagement. It is not sold, shared with third parties, or used for advertising. Recipients (college coaches) are the individuals whose IP addresses and user-agents may be incidentally collected through this tracking. If a coach uses an email privacy proxy (such as Apple’s Mail Privacy Protection), the data recorded will reflect the proxy rather than their actual device.

6. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

Service providers: Third-party vendors who help us operate the Service — Stripe (payments), Resend (transactional email), Anthropic / OpenAI / Google (AI generation), Google (Gmail API), Railway (hosting), Supabase (database). These providers are contractually restricted from using your data for any purpose other than providing services to us.
Legal requirements: When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred. We will notify you via email and/or a prominent notice on the Service before such a transfer.
With your consent: For any other purpose with your explicit consent.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account deletion: When you delete your account, your personal data (profile, outreach history, AI generations, Gmail connection) is permanently and immediately deleted via cascading database deletion. This action is irreversible. Payment transaction records required by law are retained separately (see below).
AI generation logs: Retained while your account is active to power your generation history. Deleted when your account is deleted.
Payment records: Retained for 7 years as required by applicable tax and accounting regulations. These records are managed by Stripe and contain only transaction metadata, not full payment card details.
Email tracking data: Open and click event logs are retained while your account is active and deleted with your account.
Gmail tokens: Deleted immediately when you disconnect Gmail or delete your account.

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

HTTPS/TLS encryption for all data in transit
AES-256-GCM encryption for Gmail OAuth tokens stored at rest
Encrypted, HTTP-only session cookies (JWT)
Parameterized database queries to prevent SQL injection
Row-level security policies on our database
Role-based access controls limiting employee access to personal data
Regular security review of our codebase and infrastructure

No system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay as required by applicable law.

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Strictly necessary cookies: Session authentication cookies required for the Service to function. These cannot be disabled without logging you out.
Analytics cookies: Anonymous usage data to understand how the Service is used. We use privacy-respecting analytics and do not use Google Analytics.

We do not use advertising cookies or share cookie data with advertising networks. You can disable cookies in your browser settings, but this may affect your ability to use the Service.

10. Children’s Privacy

The Service is intended for use by high school athletes who are at least 13 years of age. We do not knowingly collect personal information from children under 13. If a parent or guardian believes their child under 13 has provided personal information to us, please contact us at privacy@mynextoffer.io and we will delete such information promptly.

Users between 13 and 17 years of age should use the Service only with the knowledge and supervision of a parent or legal guardian. We encourage parents to review this Privacy Policy with their children. By using the Service, users under 18 represent that they have obtained appropriate parental consent.

11. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Delete your account and all associated data at any time from Settings → Account → Delete Account. This is immediate and irreversible.
Portability: Request a machine-readable export of your personal data.
Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us.
Disconnect Gmail: Revoke Gmail access at any time from Settings → Gmail Connection or via your Google Account permissions page.
Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@mynextoffer.io. We will respond to verified requests within 30 days. We may need to verify your identity before processing requests.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights apply regardless of whether our business meets the statutory thresholds — we extend them to all California residents as a matter of policy.

12.1 Your Rights

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations).
Right to Correct: You may request correction of inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You therefore have no need to opt out, but you may contact us to confirm this at any time.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (as defined by CPRA) for purposes beyond those strictly necessary to provide the Service. See Section 12.3 below.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised a CCPA right.

12.2 Categories of Personal Information Collected

In the past 12 months, we have collected the following statutory categories of personal information:

CCPA Category	Examples We Collect	Sold?	Shared?
Identifiers	Name, email address, IP address	No	No
Personal information (Cal. Civ. Code § 1798.80)	Payment method details (processed by Stripe; we do not store card numbers)	No	No
Internet / network activity	Pages visited, features used, session duration, click patterns	No	No*
Geolocation data	Approximate location derived from IP address only	No	No
Professional / employment-related	High school name, athletic stats, grad year, GPA, SAT/ACT, intended major	No	No
Inferences	AI-generated recruiting recommendations and school fit scores derived from profile data	No	No

* Internet/network activity data is processed by PostHog (our analytics provider) solely for the purpose of improving our Service. PostHog does not receive this data for cross-context behavioral advertising and does not use it for any purpose other than providing analytics services to us. This does not constitute “sharing” under CCPA. PostHog analytics are only activated with your cookie consent (see Section 9).

12.3 Sensitive Personal Information

Under CPRA, certain categories of information are designated as “sensitive personal information.” We collect the following that may qualify:

Account login credentials: We store your email address and use OTP (one-time password) codes for authentication. We do not store passwords.

We do not use or disclose sensitive personal information for any purpose other than those permitted by CPRA (providing the Service, ensuring security, and fulfilling legal obligations). We do not use sensitive personal information to infer characteristics about you beyond what is necessary to provide the recruiting features you have requested.

Academic data (GPA, SAT/ACT) and athletic statistics you voluntarily provide are used solely to personalize your recruiting profile and AI-generated content. They are not sold, shared with advertisers, or used for profiling beyond the Service.

12.4 How to Submit a California Privacy Request

To exercise any of the rights above, you may:

Email us at privacy@mynextoffer.io with “California Privacy Request” in the subject line, or
Delete your account directly from Settings → Account → Delete Account (immediate, covers the Right to Delete)

We will acknowledge your request within 10 business days and respond within 45 days. If we require more time, we will notify you of the extension and the reason (maximum one additional 45-day extension). We may need to verify your identity before processing your request.

12.5 Authorized Agents

A California resident may designate an authorized agent to submit a CCPA/CPRA request on their behalf. To do so, the authorized agent must provide written authorization signed by you, and we may contact you directly to verify the request. Authorized agent requests should be submitted to privacy@mynextoffer.io with “Authorized Agent Request” in the subject line, along with a copy of the signed authorization.

12.6 Shine the Light (Cal. Civ. Code § 1798.83)

California residents may request information about whether we have disclosed personal information to third parties for their direct marketing purposes during the preceding calendar year. We do not disclose personal information to third parties for their own direct marketing purposes. If you have questions, contact us at privacy@mynextoffer.io.

13. International Users

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We provide appropriate safeguards for international data transfers as required by applicable law.

14. Third-Party Links

The Service may contain links to third-party websites and services (including Hudl, YouTube, and college athletic department websites). We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date and, where required, by sending you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

MyNextOffer, LLC
Email: privacy@mynextoffer.io
Website: mynextoffer.io

We take privacy inquiries seriously and will respond to all verified requests within 30 days.

← Back to Home Terms of Service →

PRIVACY POLICY

Effective Date: May 27, 2026 | MyNextOffer, LLC

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you create an account or use the Service, including:

Account information: name and email address
Athlete profile data: sport, position, graduation year, high school name, city, state, GPA, SAT/ACT scores, intended major, height, weight, athletic stats, highlight video links, social media handles
Recruiting activity: schools saved, coaches contacted, outreach log entries, messages generated, follow-up notes
Payment information: billing name, email, and payment method details processed by Stripe (we do not store full card numbers)
Gmail connection data: if you connect your Gmail account, we store your Gmail address, AES-256-GCM encrypted OAuth access and refresh tokens, and a daily send counter. We do not store the content of any emails in your Gmail inbox.
Communications: messages you send to our support team

1.2 Information Collected Automatically

When you use the Service we automatically collect:

Usage data: pages visited, features used, AI generations requested, session duration, click patterns
Device and technical data: IP address, browser type and version, operating system, device identifiers, referring URLs
Cookies and similar technologies: session cookies used to maintain your authenticated state (see Section 8)
Email delivery data: when you send a recruiting email through the Service, we embed a tracking pixel in that email. If the recipient opens the email, we record the open timestamp, open count, the recipient’s IP address, and user-agent string. We also track link clicks within sent emails. This data is used to show you whether a coach opened or engaged with your email. See Section 5 for more detail.

1.3 Information from Third Parties

2. How We Use Your Information

We use your information for the following purposes:

Purpose	Description
Providing the Service	Creating and managing your account, generating AI content, enabling recruiting tools, sending emails on your behalf via connected Gmail, and delivering all features described in our Terms of Service.
Personalization	Using your athlete profile data to personalize AI-generated emails, strategy recommendations, and school fit assessments.
Billing and payments	Processing subscription payments, managing billing periods, and issuing invoices via Stripe.
Transactional communications	Sending OTP login codes, payment receipts, subscription renewal notices, and security alerts.
Product communications	Sending recruiting tips, feature announcements, and platform updates. You may opt out of marketing emails at any time.
Email tracking	Tracking whether recruiting emails you send were opened or had links clicked, so you can see coach engagement in your outreach dashboard.
Reply detection	Using Gmail thread metadata (From headers only) to automatically detect when a coach replies to your recruiting email and update your CRM status.
Analytics and improvement	Understanding how the Service is used so we can improve features, fix bugs, and enhance performance.
Safety and compliance	Detecting and preventing fraud, abuse, and violations of our Terms of Service; complying with legal obligations.

3. AI Processing and Third-Party AI Providers

We currently use Anthropic’s Claude API as our primary AI provider. Data transmitted is governed by Anthropic’s Privacy Policy.
We also support OpenAI and Google Gemini as alternative AI providers. Use of these providers is governed by their respective privacy policies.
We do not transmit your payment information or full account credentials to AI providers.
AI-generated content may be stored in our database to display your generation history and to improve our prompt quality.

4. Gmail API Integration & Limited Use

MyNextOffer’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Connecting your Gmail account is optional. If you choose to connect it, the following applies:

4.1 Scopes Requested

We request two Google OAuth scopes:

gmail.send — allows us to send recruiting emails from your Gmail address on your behalf. You compose and approve every message before it is sent.
gmail.metadata — allows us to read thread metadata (specifically the From header of messages in threads we sent) to automatically detect when a college coach replies to your recruiting email. We read only the From address of thread messages; we do not access message bodies, subject lines, attachments, or any other inbox content.

4.2 What We Store

Your Gmail address
OAuth access and refresh tokens, encrypted at rest using AES-256-GCM
Token expiry timestamp
A daily send counter (resets at midnight UTC) to stay within Google’s sending limits

4.3 What We Do Not Do

We do not read, index, or store the content of your Gmail inbox
We do not read message bodies, subject lines, or attachments of any messages
We do not use your Gmail data to serve advertisements
We do not share your Gmail data with any third party except as strictly necessary to operate the Service (Google’s own API servers)
We do not use your Gmail data for any purpose other than sending emails you initiate and detecting replies to those emails

4.4 Disconnecting Gmail

5. Email Tracking

The date and time the email was opened
The number of times the email was opened
The IP address and browser/mail client user-agent string of the device that loaded the pixel

We also track whether links within your sent emails are clicked by redirecting links through our tracking service before forwarding to the destination URL.

6. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

Service providers: Third-party vendors who help us operate the Service — Stripe (payments), Resend (transactional email), Anthropic / OpenAI / Google (AI generation), Google (Gmail API), Railway (hosting), Supabase (database). These providers are contractually restricted from using your data for any purpose other than providing services to us.
Legal requirements: When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred. We will notify you via email and/or a prominent notice on the Service before such a transfer.
With your consent: For any other purpose with your explicit consent.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account deletion: When you delete your account, your personal data (profile, outreach history, AI generations, Gmail connection) is permanently and immediately deleted via cascading database deletion. This action is irreversible. Payment transaction records required by law are retained separately (see below).
AI generation logs: Retained while your account is active to power your generation history. Deleted when your account is deleted.
Payment records: Retained for 7 years as required by applicable tax and accounting regulations. These records are managed by Stripe and contain only transaction metadata, not full payment card details.
Email tracking data: Open and click event logs are retained while your account is active and deleted with your account.
Gmail tokens: Deleted immediately when you disconnect Gmail or delete your account.

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

HTTPS/TLS encryption for all data in transit
AES-256-GCM encryption for Gmail OAuth tokens stored at rest
Encrypted, HTTP-only session cookies (JWT)
Parameterized database queries to prevent SQL injection
Row-level security policies on our database
Role-based access controls limiting employee access to personal data
Regular security review of our codebase and infrastructure

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Strictly necessary cookies: Session authentication cookies required for the Service to function. These cannot be disabled without logging you out.
Analytics cookies: Anonymous usage data to understand how the Service is used. We use privacy-respecting analytics and do not use Google Analytics.

We do not use advertising cookies or share cookie data with advertising networks. You can disable cookies in your browser settings, but this may affect your ability to use the Service.

10. Children’s Privacy

11. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Delete your account and all associated data at any time from Settings → Account → Delete Account. This is immediate and irreversible.
Portability: Request a machine-readable export of your personal data.
Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us.
Disconnect Gmail: Revoke Gmail access at any time from Settings → Gmail Connection or via your Google Account permissions page.
Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@mynextoffer.io. We will respond to verified requests within 30 days. We may need to verify your identity before processing requests.

12. California Privacy Rights (CCPA/CPRA)

12.1 Your Rights

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations).
Right to Correct: You may request correction of inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You therefore have no need to opt out, but you may contact us to confirm this at any time.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (as defined by CPRA) for purposes beyond those strictly necessary to provide the Service. See Section 12.3 below.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised a CCPA right.

12.2 Categories of Personal Information Collected

In the past 12 months, we have collected the following statutory categories of personal information:

CCPA Category	Examples We Collect	Sold?	Shared?
Identifiers	Name, email address, IP address	No	No
Personal information (Cal. Civ. Code § 1798.80)	Payment method details (processed by Stripe; we do not store card numbers)	No	No
Internet / network activity	Pages visited, features used, session duration, click patterns	No	No*
Geolocation data	Approximate location derived from IP address only	No	No
Professional / employment-related	High school name, athletic stats, grad year, GPA, SAT/ACT, intended major	No	No
Inferences	AI-generated recruiting recommendations and school fit scores derived from profile data	No	No

12.3 Sensitive Personal Information

Under CPRA, certain categories of information are designated as “sensitive personal information.” We collect the following that may qualify:

Account login credentials: We store your email address and use OTP (one-time password) codes for authentication. We do not store passwords.

12.4 How to Submit a California Privacy Request

To exercise any of the rights above, you may:

Email us at privacy@mynextoffer.io with “California Privacy Request” in the subject line, or
Delete your account directly from Settings → Account → Delete Account (immediate, covers the Right to Delete)

12.5 Authorized Agents

12.6 Shine the Light (Cal. Civ. Code § 1798.83)

13. International Users

14. Third-Party Links

15. Changes to This Privacy Policy

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

MyNextOffer, LLC
Email: privacy@mynextoffer.io
Website: mynextoffer.io

We take privacy inquiries seriously and will respond to all verified requests within 30 days.

← Back to Home Terms of Service →