TeamLedgerBeta

Legal

Privacy Policy

Last updated: 2026-04-25

1. Who we are

TeamLedger is built and operated by SolGuruz (“SolGuruz”, “we”, “us”). This privacy policy explains what data we collect when you use TeamLedger, how we use it, who we share it with, and the rights you have over it.

You can reach the team at hello@solguruz.com. Our mailing address is TBD before launch - the registered address of the trademark holder will be inserted here once finalised.

2. What information we collect

TeamLedger is a record-keeping tool for volunteer team managers (“TMs”). The TM is the only user with login access. Everything we collect is information the TM enters to run their team's finances.

Account data (TM)

  • Name and email address used to sign in.
  • A password, which is never stored in plain text. Passwords are hashed using Argon2id before they are written to disk.
  • An optional phone number for account-recovery and MFA.

Team data

  • Team name, sport, age group, and season start/end dates.
  • Team-level configuration the TM sets (currency, notification defaults, time zone).

Roster data

  • Player names and (optionally) jersey numbers.
  • Up to two parent contacts per player - name, email, and phone number, plus per-contact opt-in flags for email and SMS.
  • Coach names, contact details, and per-event amounts.

Financial records

  • Events (league fees, tournaments, equipment, travel) and the way they're allocated to players.
  • Payments recorded by the TM (cash, check, Venmo, Zelle, bank transfer) - including method, amount, date, and any free-text note the TM enters.
  • Fundraising entries and ledger movements.
  • All monetary values are stored as integer cents to avoid floating-point rounding errors.

Audit logs

Every mutation in TeamLedger is timestamped and attributed to the TM who performed it. The audit log is append-only at the database level - entries cannot be edited or deleted, even by the application role. Audit history is retained for as long as your team account is active so you can always trace every change.

What we do not collect

  • Payment card numbers. TeamLedger does not process or store cards; we record the fact that a payment occurred, never the card itself.
  • Social Security Numbers, EINs, or other taxpayer identifiers.
  • Government-issued IDs or scans thereof.
  • Biometric data (no fingerprint, no face).
  • Precise location data or device GPS.
  • Receipt photos or other uploaded images - the MVP records cash transactions as line items only, not as scanned attachments.

3. How we use your information

We use the data above to:

  • Operate the service - show the TM their roster, ledger, dashboard, and reports.
  • Send transactional notifications to parents and coaches the TM has enabled (payment reminders, statements, fundraising updates).
  • Preserve historical records so a TM can always trace what happened and when across seasons.
  • Resolve disputes - the audit log exists precisely so that a TM can reconstruct what happened and when.
  • Protect the service - detect abuse, prevent fraud, and respond to security incidents.

4. Notifications & marketing communications

TeamLedger sends two kinds of message to parents and coaches:

  • Email via Gmail SMTP, sent from no-reply@solguruz.com.
  • SMS via Twilio, sent from a US long-code number.

Each parent contact has independent email_on and sms_on toggles managed by the TM. A contact who opts out stops receiving the corresponding channel immediately. SMS replies of STOP unsubscribe from the Twilio sender entirely, in line with carrier requirements.

We do not send marketing emails or SMS to parents or coaches. Their contact information is used solely to deliver the transactional messages the TM configures for the team. Marketing communication, if any, is directed only at the TM (the account holder) and uses a separate mailing list they can opt out of at any time.

5. Data sharing & third parties

We share data with a small, deliberate list of processors. Each one is a means to an end - nothing is shared for advertising or sold for any reason.

  • Gmail (Google) - transactional email delivery. We send through no-reply@solguruz.com using authenticated Gmail SMTP. The recipient's name, email address, and message body transit Google's infrastructure.
  • Twilio - SMS delivery. The recipient's phone number and message body transit Twilio's infrastructure.
  • Amazon Web Services (post-launch) - primary hosting and storage in a US region, with data encrypted at rest and in transit. The MVP is currently developed on localhost; we will update this policy with the specific AWS region, services, and data-residency commitments before any production data is stored on AWS.

We do not:

  • Sell personal data to anyone, ever.
  • Share data with advertising networks or data brokers.
  • Run third-party analytics tools that receive personally identifying information. Any product analytics we add later will be either self-hosted or aggregated and PII-free.

We may disclose data when legally required - in response to a valid subpoena, court order, or other lawful request - and we will narrow such disclosure to what is strictly required.

6. Data retention

  • Financial records and audit logs are retained for as long as your account is active so the append-only history stays intact across seasons.
  • Account data is retained while your account is active. After cancellation, your account and team data are scheduled for deletion thirty days later unless you request a data export beforehand or reactivate the account in that window.
  • Backups roll off according to a fixed schedule; deleted records may persist in encrypted backups for up to ninety days before they age out.

7. Your rights

Regardless of where you live, you can:

  • Access and export the data on your account in a machine-readable format.
  • Correct inaccurate roster, contact, or financial information by editing it directly - or by emailing us if you cannot.
  • Request deletion of your account at any time, subject to the thirty-day grace window described in the retention section above.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we've collected and to opt out of any sale - though, again, we do not sell personal information.

EU and UK residents who use TeamLedger are entitled to the data-subject rights set out in the GDPR and UK GDPR - including access, rectification, erasure, restriction, portability, and objection. TeamLedger is a US-focused product; if you are in the EU or UK and have a request, please email us at hello@solguruz.com and we will respond within thirty days.

8. Children's data

Youth sports involves minors, and we've designed TeamLedger carefully around that fact. Parents or guardians provide their children's names and the events those children participate in directly to the TM, who enters them into TeamLedger. We do not collect information from children directly, and minors do not have logins to the service.

The data we hold about a minor is limited to what the TM types in to run the team - typically a first and last name and the events the child is allocated to. We do not collect a minor's contact details, location, biometric data, or any of the categories regulated by the Children's Online Privacy Protection Act (COPPA) for direct online services.

A parent or guardian may at any time request deletion of their child's record. Email us, identify the team and child by name, and we will work with the TM to remove the record (subject to the financial-record retention obligations described above for the audit trail of historical transactions).

9. Security

  • In transit - all traffic between your browser and our servers uses TLS.
  • At rest - production databases and backups are encrypted by the underlying storage layer.
  • Passwords are hashed with Argon2id (the OWASP-recommended algorithm). We cannot recover a forgotten password - only reset it.
  • Audit log is append-only at the database level. The application role lacksUPDATE and DELETE grants on the audit table.
  • Role-based access - only the TM who owns a team can read or write its data. There are no parent or coach login portals; their data is visible only to their TM.
  • MFA is required for destructive actions such as deleting a team. A second factor is verified before the operation is allowed to proceed.

10. Changes to this policy

We will update this policy when our practices change. For material changes - new categories of data, new processors, expanded sharing - we will email the TM at least thirty days before the change takes effect, giving you time to review or export your data. For non-material changes (typo fixes, clarifications), we will update the “last updated” date at the top of this page.

11. Contact

Privacy questions, data-subject requests, or concerns about anything on this page can be sent to privacy@solguruz.com (or, until the dedicated alias is set up, hello@solguruz.com). We will acknowledge requests within five business days and resolve them within thirty days.

Draft. Question, concern, or a clause you'd like clarified before launch? Tell us.

Contact usRead the terms of service
Privacy Policy | TeamLedger