1. What we collect
When you use 18th Man we collect:
- Account data — your email address, username, and password (stored as a secure hash).
- Profile data — display name, avatar, bio, club, coaching level, and any social links you choose to add.
- Coaching content — drills, session plans, and canvas designs you create on the platform.
- Chat messages — messages you send to the AI assistant or other coaches.
- Usage data — pages visited, features used, and general activity logs to help us improve the platform.
- Payment data — if you subscribe, payments are processed by Stripe. We store your subscription status but not your full card details.
2. How we use your data
- To run the platform and provide you with the features you use.
- To send transactional emails (account confirmation, password reset, subscription updates).
- To send occasional product updates — you can unsubscribe at any time.
- To improve and develop new features based on how the platform is used.
- To enforce our Terms of Service and keep the platform safe.
We do not sell your data to third parties. We do not use your coaching content to train AI models.
3. AI assistant
Messages you send to the AI coaching assistant are processed by Anthropic (via Vercel AI Gateway). These messages are subject to Anthropic’s privacy policy. Do not include sensitive personal information about players in your chat messages.
4. Who we share data with
- Supabase — our database and authentication provider. Data is hosted in the EU.
- Vercel — our hosting and infrastructure provider.
- Anthropic (via Vercel AI Gateway) — processes AI chat messages.
- Stripe — payment processing for Club subscriptions.
- Resend — transactional email delivery.
All third-party providers are contractually bound to handle your data securely and only for the purposes we specify.
5. Data retention
- Your data is kept for as long as your account is active.
- If you delete your account, your personal data (email, profile, drills, messages) is permanently deleted within 30 days.
- Anonymised usage statistics may be retained after deletion.
- Stripe retains payment records as required by financial regulations — contact them directly to exercise rights over payment data.
6. Your rights
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — delete your account at any time from your profile settings, or email us to request deletion.
- Portability — request an export of your drills and session plans.
- Objection — opt out of marketing emails at any time using the unsubscribe link.
To exercise any of these rights, email us at hello@18thman.app. We will respond within 30 days.
7. Cookies
We use a single session cookie to keep you logged in. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the platform.
8. Security
Passwords are hashed and never stored in plain text. All data in transit is encrypted via HTTPS. Database access is restricted and governed by row-level security policies. We follow security best practices but no system is completely immune to attack — please use a strong, unique password.
9. Children
18th Man is intended for coaches aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will remove it promptly.
10. Changes
We may update this policy from time to time. We’ll notify you by email for material changes. The date at the top of this page shows when it was last updated.