AthleticsQ

Privacy Policy

Last updated: April 29, 2026

For details on how we use cookies and similar technologies, see our Cookie Policy. You can change your cookie choices anytime via the Cookie settings link in the footer of every page.

Section 1

Summary (Plain English)

AthleticsQ is a B2B sports travel platform. We help athletic departments, professional teams, tournament organizers, and the hotels and bus operators that serve them plan and execute team travel.

We collect the data we need to plan trips, book rooms, deliver contracts, run payments, and coordinate communications.
We do not sell personal information.
We share data only with the vendors who help us operate the platform — for example, our payment processor, email provider, and hotel partners.
You can ask us to access, correct, or delete your data. California, EU, and UK users have additional rights.
Questions about your data go to privacy@athleticsq.com.

Section 2

Who We Are

AthleticsQ is operated by RED Travel Group LLC (D/B/A AthleticsQ).

Operating company: RED Travel Group LLC (D/B/A AthleticsQ)
IATAN accreditation: IATA #45623760
Business address: [PLACEHOLDER — Ryan to provide actual address before publication.]
Privacy contact: privacy@athleticsq.com

Section 3

What Data We Collect

We collect different categories of data depending on the role you play in the AthleticsQ platform.

Data collected by user category
Who	What we collect
Schools (athletic departments)	Institutional information (name, address, IPEDS ID, division, conference); state-specific tax exemption certificates; procurement contact information; banking and payment information for invoicing; trip schedules and itineraries.
Coaches and athletic staff	Name, professional title, work email, work phone; sport(s) coached; dietary preferences captured for trip planning at the program level; communication preferences and notification settings; payment method on file (last 4 digits of card via Stripe — actual card data is never stored by AthleticsQ); IP address and device information for security.
Athletes	Athletes typically do not have direct accounts. Their data is captured indirectly through team operations as anonymized identifiers used for F&B and rooming list coordination, aggregate travel-party counts, and aggregated dietary restriction counts (not individual identification). AthleticsQ deliberately uses anonymized identifiers for athlete-level operational data, especially for medical-adjacent information like food allergies. Individual identification mapping stays in the team's roster system, not in AthleticsQ.
Hotel contacts	Name, work title, work email, work phone; property affiliation; communication history with AthleticsQ; response times and engagement patterns.
Bus operator contacts (when the operator network launches)	Business name, DOT number, MC number, USDOT registration; tax ID (encrypted at rest); insurance certificate details; fleet information; banking information for payouts; owner or contact name, work email, work phone.
Tournament organizers	Organization name and address; contact name, email, phone; event details, schedules, registration data; payment information.
Tournament team parents (booking through tournament portals)	Parent name, email, phone; athlete name and team affiliation provided by the parent at booking; payment method on file (last 4 digits of card via Stripe); booking and travel details.
NAM (National Account Managers at hotel chains)	Name, title, work email, work phone; chain affiliation; region and segment specialization; communication history.
Website visitors	IP address, browser type, device type; pages visited and session duration; referrer URL; cookies (essential and optional — see Cookie Policy); marketing campaign attribution data if applicable.

Section 4

How We Use Data

We use the data we collect for the purposes below. For users in the EU and UK, the table also lists the legal basis we rely on under the GDPR.

Purposes and legal bases
Purpose	What this looks like	GDPR legal basis
Service delivery	Plan and execute team travel; coordinate hotel bookings, contracts, and payments; manage room blocks, rooming lists, and check-in; coordinate F&B and meeting rooms; generate game-day timelines; process payments and issue virtual cards; coordinate with bus operators when applicable.	Contractual necessity / Legitimate interest
Communications	Transactional emails (booking confirmations, contract delivery, payment receipts); service notifications (cut-off reminders, attrition warnings, rooming list deadlines); customer support; optional marketing communications with separate consent.	Contractual necessity / Consent
Compliance and legal	Tax exemption documentation per state and per institution; audit-ready records for institutional compliance; DOT/FMCSA compliance for bus operators; financial reporting and tax compliance; responding to legal requests.	Legal obligation
Platform operations	Security monitoring and fraud prevention; performance monitoring and improvement; aggregated analytics on platform usage; hotel and operator quality scoring (aggregated, not individual surveillance).	Legitimate interest
AI-powered features	AI agents process trip data to coordinate travel logistics; AI parses hotel responses, contracts, and documents; AI generates draft communications for human review; AI builds institutional memory of program preferences over time. AthleticsQ does not use customer data to train third-party AI models. AI providers process data in real time only and do not retain customer data beyond the immediate query under our configuration.	Legitimate interest / Contractual necessity
Product development	Identify usage patterns to improve features; test new functionality with anonymized data; build aggregated industry insights after anonymization.	Legitimate interest

Section 5

We share data with the subprocessors listed below to operate the AthleticsQ platform. Each entry indicates whether the vendor acts on our instructions (a Data Processor) or makes its own decisions about the data (an Independent Controller). The current list is also published at /trust/subprocessors and may change over time.

Subprocessors
Vendor	Service	Data shared	Location	Role
Stripe	Payment processing and virtual card issuance	Payment information, billing data, last-4 card digits	United States, EU regions	Independent Controller
Resend	Transactional and operator email delivery	Recipient email addresses, message subject and body	United States	Data Processor
Vercel	Web hosting and edge serving	IP addresses, request metadata, application logs	Global edge network	Data Processor
Neon	PostgreSQL database hosting	All structured platform data	United States; EU regions available on request	Data Processor
Anthropic	AI model inference for agent tasks	Query content (no retention for model training under our usage)	United States	Data Processor
OpenAI	AI model inference for agent tasks	Query content (no retention for model training under our usage)	United States	Data Processor
Google Maps Platform	Geocoding, mapping, and drive-time estimates	Addresses, location queries	United States	Independent Controller
Sertifi or DocuSign	E-signature for hotel and operator contracts	Contract content, signer name, signer email	United States	Data Processor
Amadeus	Live hotel inventory for tournament side	Search queries, booking data	Global	Independent Controller

Other parties we share data with

Hotels and bus operators — only the data necessary to fulfill bookings, including travel-party size, dates, summarized dietary requirements, and contact information for relevant staff.
NAM contacts at hotel chains — RFP and booking data relevant to their chain's properties.
Government authorities — when legally required, including subpoenas, regulatory inquiries, and tax authorities.
Successor entities — in the event of merger, acquisition, or sale, customer data may transfer with the business.

Section 6

How Long We Keep Data

We keep data only as long as we need it for the purposes above or as required by law.

Category	Retention
Active customer data	Duration of the customer relationship plus 7 years (typical institutional audit period)
Transactional and financial data	7 years (tax and accounting requirements)
Communications history	5 years
Marketing data	3 years from last engagement, or until opt-out
Website analytics	25 months (Google Analytics standard)
Cookies	Per Cookie Policy. Essential cookies for the session; optional cookies up to 12 months unless consent is revoked.
Payment data	Handled by Stripe per their retention policies. AthleticsQ does not store card data directly.
Tax exemption certificates	Until expiration plus 7 years
Backup data	Deleted within 90 days of primary data deletion

After a retention period expires, data is either deleted or anonymized for aggregate analytics.

Section 7

International Data Transfers

AthleticsQ is based in the United States. If you are in the EU or UK, your data may be transferred to the US for processing. We rely on the following legal mechanisms for these transfers:

Standard Contractual Clauses (SCCs) with subprocessors when applicable.
Adequacy decisions where applicable.
Customer-specific data processing agreements for European clients.

We have implemented supplementary measures including encryption at rest, encryption in transit, access controls, and audit logging. For European clients, we offer EU-region data hosting via Neon's EU regions upon request as part of contractual agreements.

EU Representative: [PLACEHOLDER — to be appointed when first EU client signs. Recommend services like GDPR-Rep.eu.]
UK Representative: [PLACEHOLDER — to be appointed when first UK client signs.]

Section 8

Your Rights

Universal rights (all users)

Access — request a copy of personal information we hold about you.
Correction — update inaccurate information.
Deletion — request deletion of your account and associated data, subject to legal retention requirements.
Communication preferences — opt out of marketing emails.

GDPR rights (EU users)

Right of access (Article 15).
Right to rectification (Article 16).
Right to erasure / right to be forgotten (Article 17).
Right to restriction of processing (Article 18).
Right to data portability (Article 20).
Right to object (Article 21).
Rights related to automated decision-making (Article 22). AthleticsQ's AI agents support human decision-making but do not make autonomous decisions affecting users; final decisions on bookings, contracts, and payments are made by humans.
Right to lodge a complaint with a supervisory authority (your local Data Protection Authority).

UK GDPR rights (UK users)

The same rights as the GDPR apply, with the UK Information Commissioner's Office (ICO) as the supervisory authority.

CCPA rights (California residents)

Right to know what personal information is collected, used, shared, or sold.
Right to delete personal information held by businesses.
Right to opt out of the sale of personal information. AthleticsQ does not sell personal information.
Right to non-discrimination for exercising CCPA rights.
Right to limit use and disclosure of sensitive personal information.
For California users under 16, opt-in is required for any sale of personal information (we do not sell).

How to exercise your rights

Email privacy@athleticsq.com.
We will respond within 30 days (45 days for complex requests).
We may need to verify your identity before processing requests.
Some data may be retained for legal or contractual reasons even after deletion requests.

Section 9

Children's Privacy

AthleticsQ is a B2B platform serving athletic organizations. We do not knowingly collect personal information directly from children under 13.

Our platform is, however, used by athletic organizations that may include youth athletes — particularly at tournament events with youth divisions, travel teams with players under 18, and camps and clinics.

For data involving minors

We do not collect direct identifying information about athletes; we use anonymized identifiers only for operational data.
Athletic organizations are responsible for obtaining appropriate parental consent for any youth participants.
We comply with COPPA requirements for any inadvertent collection from children under 13.
Parents or guardians who believe their child's information has been collected may contact privacy@athleticsq.com to request deletion.

For European youth (under 16 in some EU member states), additional parental consent requirements may apply per GDPR Article 8.

Tournament team booking via parent portals

Parents provide athlete name and team affiliation to facilitate the booking.
This data is used only for the specific booking and is not retained beyond the booking lifecycle.
Parents can request deletion of athlete information at any time.

Section 10

Cookies and Tracking Technologies

We use a small number of cookies and similar technologies to run the platform and understand how it is used. The full list, including names and durations, is in our Cookie Policy at /cookie-policy.

Security

We implement reasonable technical and organizational measures to protect personal information:

Encryption at rest using AES-256.
Encryption in transit using TLS 1.2 or higher.
Access controls limiting employee access to a need-to-know basis.
Audit logging of access to sensitive data.
Regular security reviews and updates.
Incident response procedures.
Vendor security assessments for subprocessors.

Despite these measures, no system is 100% secure. We will notify affected users and applicable authorities in the event of a data breach as required by law.

Section 12

Automated Decision-Making and AI

AthleticsQ uses AI agents to support travel coordination tasks including:

Hotel sourcing and matching.
Document parsing and classification.
Communication drafting.
Operational coordination.
Pattern detection across historical data.

Important characteristics of our AI use

AI agents draft and recommend; humans review and approve customer-facing decisions.
AI does not make autonomous decisions about pricing, contracts, payments, or service availability that affect user rights.
Customer data is processed by AI providers (such as Anthropic) in real time without retention for model training.
Users have the right to request information about how AI is used in their specific case.
Users have the right to request human review of any AI-recommended decisions.

Section 13

Updates to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated by:

Email notification to active users.
Banner notification on the platform.
Updated 'Last Updated' date at the top of this policy.

For material changes affecting user rights, we will provide reasonable notice (typically 30 days) before changes take effect.

Section 14

Contact Us

Privacy questions, requests, or complaints:

Email: privacy@athleticsq.com
Mail: RED Travel Group LLC, [PLACEHOLDER ADDRESS], Attn: Privacy Officer
EU Representative: [PLACEHOLDER — to be appointed]
UK Representative: [PLACEHOLDER — to be appointed]

If you are not satisfied with our response, you may lodge a complaint with your local Data Protection Authority (EU), the Information Commissioner's Office (UK), the California Attorney General's Office (California), or other applicable regulators.