Glyyd Privacy Notice

1. Scope and Roles

This Privacy Notice explains how Glyyd, Inc. (“Glyyd,” “we,” “us,” or “our”) collects, uses, discloses, retains, and otherwise processes personal information when people use the Glyyd website, platform, applications, dashboards, APIs, and related services (collectively, the “Services”). This Privacy Notice applies to athlete users, parents or guardians, rowing clubs, college and university personnel, coaches, and website visitors.

Glyyd is not itself a school, school district, college, or university. When Glyyd processes education records or personally identifiable information from education records on behalf of a FERPA-covered educational agency or institution, Glyyd acts only as a service provider or school official performing an institutional service or function under the direct control of that institution and only for the purposes authorized by that institution.

This Privacy Notice does not change or limit any rights that a FERPA-covered institution may have to provide institution-specific notices, obtain consents, or manage access and amendment requests under its own policies and legal obligations.

2. Platform Use Cases

Glyyd supports several private recruiting-related use cases. First, an athlete, or a parent and athlete together where the athlete is a minor, may create an account, upload athlete information, and select which colleges or universities may access that information through the Services.

Second, a rowing club that is not affiliated with a FERPA-covered educational institution may upload athlete information where the club has obtained any permissions or consents it relies on. Third, colleges and universities, including rowing departments and coaches, may view athlete information within Glyyd to support recruiting decisions, subject to access controls, permissions, and applicable law.

Glyyd’s recruiting model is based on private sharing within the Services. Glyyd does not offer public athlete profiles or public searchable recruiting pages as part of the workflow described in this Privacy Notice.

3. Personal Information Collected

The personal information collected depends on how a person interacts with the Services. Categories may include account and login information, contact details, role and organization information, date of birth, parent or guardian contact details, consent records, athlete profile data, recruiting selections, rowing performance data, device and usage information, support records, and audit logs.

For athlete users, this may include uploaded or connected performance data such as stroke metrics, power metrics, boat and crew data, session-related information, and related analytics. For coaches, schools, clubs, and institutions, this may include contact and organizational information, access logs, and platform usage information.

Glyyd may also maintain records relating to privacy requests, consent workflows, authorizations, and account-verification events.

4. Sensitive and Minor-Related Information

Some information processed through the Services may be considered sensitive personal information under applicable law, including account credentials, precise geolocation, information about minors, and certain sensor-derived motion data.

Glyyd does not intentionally collect biometric identifiers for the purpose of automated or semi-automated recognition of an individual, such as fingerprints, retina or iris scans, facial templates, voiceprints, or DNA data. If Glyyd processes motion, telemetry, or performance data, it does so to provide athletic analytics and platform functionality, not to identify individuals through biometric recognition technologies.

Glyyd uses sensitive personal information only as reasonably necessary to provide the Services, maintain account security, verify authorization, prevent fraud, support product integrity, comply with legal obligations, and for other purposes permitted by law. Glyyd does not use sensitive personal information for targeted advertising or cross-context behavioral advertising.

5. How Personal Information Is Used

Glyyd uses personal information to provide and operate the Services, create and secure accounts, deliver athlete analytics, manage permissions and recruiting access, process transactions, communicate with users, respond to support requests, maintain logs, and improve service reliability and security.

Glyyd may also use personal information to verify age and authorization status, administer minor-account workflows, document consents and attestations, enforce platform rules, comply with contracts and legal obligations, and create de-identified or aggregated information for product improvement and business planning.

Glyyd does not use school-sourced education records to create recruiting recommendations, rankings, or similar inferences unless authorized by the relevant institution, the applicable user, or applicable law.

6. How Personal Information Is Shared

Glyyd may share personal information with service providers that support hosting, infrastructure, authentication, communications, analytics, logging, payment processing, customer support, and security, subject to contractual restrictions and data-protection obligations.

Glyyd may share athlete information with selected colleges or universities when that sharing is directed or authorized through the Services by the athlete, a parent or guardian acting for a minor athlete, or another person or organization with authority to make that sharing available through the platform.

Glyyd may also disclose information to schools, clubs, parents or guardians, professional advisers, counterparties in a corporate transaction, regulators, or law enforcement where necessary for the Services, to comply with law, or to protect rights, safety, and security.

Glyyd does not sell personal information and does not share personal information for cross-context behavioral advertising.

7. FERPA and School-Sourced Records

FERPA applies to education records that are directly related to a student and maintained by an educational agency or institution or by a party acting for that agency or institution.

When Glyyd receives student-athlete information from a FERPA-covered institution or from a party acting on that institution’s behalf, and that information constitutes education records or personally identifiable information from education records, Glyyd processes that information only for institutional purposes authorized by the institution and under the institution’s direct control.

Requests to inspect, review, amend, or challenge FERPA-covered records must generally be directed to the relevant educational institution. Glyyd may assist the institution in responding where appropriate and authorized.

8. Rowing Clubs and Non-Institutional Uploads

Rowing clubs that use the Services are generally treated as non-school organizations unless Glyyd has a separate written agreement establishing a different role. Glyyd does not assume that a rowing club is a FERPA-covered institution merely because it uploads athlete information to the Services.

A club or other non-institutional uploader is responsible for obtaining any permissions, notices, consents, or other rights on which it relies before providing athlete information to Glyyd or making athlete information available to coaches through the Services.

9. Consent, Age Verification, and Minor Accounts

Users under 18 may use the Services only with parent or legal guardian authorization and subject to Glyyd’s registration, age-verification, and consent procedures.

As part of Glyyd’s current product design, Glyyd may require a parent or legal guardian verification process for all minor accounts, including a nominal verification transaction processed by a third-party payment processor.

10. Cookies and Similar Technologies

Glyyd uses cookies and similar technologies for essential platform operations, security, analytics, and functionality. Where required by law, Glyyd uses a consent management tool to present choices for non-essential cookies and similar technologies.

Glyyd does not use cookies for targeted advertising or cross-context behavioral advertising.

11. Data Retention

Glyyd retains personal information only for as long as reasonably necessary for the purposes described in this Privacy Notice, to comply with contractual and legal obligations, to resolve disputes, and to enforce agreements.

Retention periods may vary by data type and relationship. Account and authorization information may be retained for the duration of the relationship and an appropriate period thereafter; athlete performance data may be retained while the account or recruiting relationship remains active; and FERPA-covered institutional data may be retained only as permitted by the relevant institutional agreement and applicable law.

When information is no longer needed, Glyyd deletes, anonymizes, or de-identifies it using reasonable technical and organizational measures.

12. Privacy Rights and Requests

Subject to applicable law and exceptions, individuals may have rights to request access, correction, deletion, portability, objection, withdrawal of consent, or limitation of certain processing activities.

Glyyd may verify the identity or authority of a requestor before acting on a request, including by using existing account authentication methods or requesting additional information where reasonably necessary. California regulations require reasonable verification procedures and prohibit charging a fee merely to verify a consumer privacy request.

If a request relates to FERPA-covered education records maintained by or for an educational institution, the request may need to be directed to that institution rather than handled solely by Glyyd.

Privacy requests may be sent to privacy@glyyd.com.

13. De-Identified and Aggregated Information

Glyyd may create and use de-identified or aggregated information for analytics, product development, research, security, and business planning. When Glyyd de-identifies data, Glyyd takes steps designed to remove direct identifiers and reduce the likelihood of re-identification in light of available technology and the context of processing.

Glyyd does not attempt to re-identify de-identified data except as permitted by law for testing, security, or compliance purposes.

14. Regional Privacy Notices

California

For California residents, Glyyd provides the notices and rights required by the CCPA as amended by the CPRA, including rights to know, delete, correct, and obtain information about the categories of personal information collected, used, disclosed, and retained, subject to applicable exceptions.

Glyyd does not sell personal information and does not share personal information for cross-context behavioral advertising. Glyyd may disclose personal information to service providers, contractors, and other recipients for limited business purposes subject to appropriate contractual restrictions.

EEA and United Kingdom

For individuals in the EEA and United Kingdom, Glyyd may process personal data on the basis of contract performance, legitimate interests, consent, and other lawful bases recognized by applicable law. Glyyd may transfer data to the United States using an appropriate transfer mechanism where required, such as Standard Contractual Clauses or another valid transfer tool.

Canada

For individuals in Canada, Glyyd may process personal information in accordance with PIPEDA and applicable provincial privacy laws, including British Columbia and Alberta private-sector privacy laws and Quebec requirements where applicable.

15. Changes to This Privacy Notice

Glyyd may update this Privacy Notice to reflect changes in the Services, legal requirements, or operational practices. If Glyyd makes material changes, Glyyd will provide notice as appropriate under applicable law, including by updating the effective date and posting the revised notice through the Services or by other appropriate means.

16. Contact Information

Questions about this Privacy Notice or privacy requests may be sent to privacy@glyyd.com.