Privacy Policy

Effective Date: April 12, 2026

OfferSecured ("we," "our," or "us") operates the website at offersecured.com (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and role (athlete, coach, or parent). Athletes may also provide athletic measurements, academic information, highlight video links, and recruiting preferences.

Information from Third-Party Services

  • Google Sign-In: If you sign in with Google, we receive your name, email address, and profile picture from your Google account. We use this solely for authentication.
  • Gmail Integration:If you connect your Gmail account, we access your email to identify and organize recruiting-related correspondence with college coaches. We store email metadata (sender, recipient, subject, date) and the full message body for emails matched to college coaches in our database. This data is used to populate your recruiting activity feed and conversation history. Email content is accessible only to you, your linked parents (if you've approved the link), and OfferSecured's automated systems for generating recruiting insights. Email content is NOT shared with your coaches. Coaches see only that recruiting activity occurred (e.g., "Email sent to Coach Smith"), not the content of the email.
  • X (Twitter) Linked Account: If you connect your X account, we receive your X username and basic profile information. We use this to connect your account with recruiting activity on X.

Usage Data

We collect interaction telemetry about how you use the Service — schools searched, coaches contacted, number of messages drafted, and profile updates. This telemetry is separate from Google user data and is used to operate the Service and generate personalized recruiting suggestions for you. Google user data is used only for the specific user-facing features described in Sections 3 and 7 of this policy, and is not used for general Service improvement.

2. How We Use Your Information

  • Provide and operate the recruiting platform
  • Authenticate your identity via email/password, Google, or X
  • Generate personalized recruiting content (e.g., AI-drafted messages to coaches) using AI services
  • Match Gmail messages with college coaches to organize your recruiting correspondence
  • Display school and coach information relevant to your search
  • Track your recruiting activity and provide suggestions
  • Monitor platform health using interaction telemetry — not Gmail content or other Google user data

3. AI Processing — Provider Separation

We use two AI providers for two distinct categories of features: Google's Gemini API for features that process Google user data (Gmail content and metadata), and xAI's Grok API for features that do not. All AI calls happen on our servers — no AI provider is reached directly from your browser. AI-generated content is always presented for your review and editing before use; nothing is sent to anyone on your behalf automatically.

3.1 Google Gemini — Gmail-touching features

Features that process Google user data call Google's Gemini API at generativelanguage.googleapis.com. The data stays inside Google's ecosystem. Specifically, Gemini is used for:

  • Conversation summaries.When you open the summary for a school you are targeting, we send to Gemini: your position, graduation year, high school, city, and state; that school's name, division, conference, sport, your recruiting status, and category; and the full recruiting-activity timeline for that school — a school-level timeline, not a single coach thread. For each activity we include the direction, type, date, subject line, body excerpt, and the names of any coaches tagged on the event (not every activity is tagged with a coach). For EMAIL activities this includes the Gmail subject and body excerpt stored on the recruiting-activity record. Gemini returns a short human-readable summary with sentiment and recommended next actions.
  • Email draft generation.When you request a draft email to a coach, we send to Gemini: your name, position, graduation year, high school, city, state, height, weight, GPA, and Hudl URL; the target school's name, division, and conference; the coach's name and title or role; the last five recruiting activities with that school (type, direction, summary, date — including Gmail subject and body excerpt for EMAIL rows); and an optional grounding summary of public program facts fetched from our separate xAI web-search call (see Section 3.2). The coach's email address is used to send the finished draft but is not included in the content sent to Gemini.
  • Campaign email drafts.When you run an outreach campaign, we send to Gemini: your name, gender, sport, graduation year, high school, location, SAT / ACT scores, weighted and unweighted GPA, intended major, bio, positions, personal records (event, mark, meet, date), highlights, academic and athletic awards, your user-entered athlete notes; for each targeted coach, the coach's name and title (not the email address); the school's name, city, state, college type, enrollment, in-state and out-of-state tuition, division, and conference; the full contact-history timeline for that coach (including Gmail subjects and body excerpts for EMAIL rows) and summary counters (outbound / inbound email counts, latest direction, latest summary); and your chosen campaign type, tone, and intent.
  • Recruiting suggestions.To generate next-step suggestions on your dashboard, we send to Gemini: your position, graduation year, high school, city, state, height, weight, unweighted and weighted GPA, SAT and ACT scores, and Hudl URL; for each of your target schools that you have not marked "not interested," the school's name, division, conference, your recruiting status, category, your notes, and an activity count; the most recent recruiting activities across all your target schools from the last 30 days (type, direction, summary, detail, date, tagged coach names — including Gmail subjects and body excerpts for EMAIL rows); and the current and upcoming NCAA contact-period windows. Gemini returns 1–3 suggested next actions.

Google's processing of data submitted to the Gemini API is governed by Google's own terms and privacy policies.

3.2 xAI / Grok — non-Gmail features

Inputs to xAI calls are drawn from five specific sources:

  1. Our own application database (schools, programs, conferences, coaches, athlete profiles, recruiting activity records).
  2. Text you have entered (search queries, campaign instructions, questionnaire form fields).
  3. Public posts and profile information for college coaches, retrieved from X/Twitter by our own backend and summarised before being sent to Grok. We do not pull content from your personal X account.
  4. Computed values (for example, the current season year).
  5. One narrow Gmail-derived field — the date of a recruiting email event — used only inside the X direct-message draft flow, described in the DM bullet below.

xAI does not receive email bodies, email subjects, email sender or recipient identifiers, email direction, thread IDs, Gmail labels, or any other Gmail content or substantive metadata. xAI does not receive content from your personal X/Twitter account. Specifically, Grok is used for:

  • College search. Your natural-language search query and, if set, your active sport and gender context are sent to Grok — along with reference lists (conferences, states, divisions, sports, academic programs, regions) loaded from our own database — so Grok can parse your intent into structured filters.
  • School performance grounding. A short factual query is composed from a school name (drawn from our schoolstable), a computed season year (derived from the current date), and the word "football" (hardcoded — the feature is currently football-program-specific). For example: "West Point football 2025 season record results." That single query string is sent to Grok's web search tool. No Gmail data and no scraped X content is included. Grok returns a short bullet-point summary of public program facts, which we may then use as grounding context inside a separate Gemini draft call.
  • Coach recommendations.To rank coach candidates for an outreach campaign, we send to Grok the campaign type and coach-target mode, the sport and gender, your user-entered athlete context text and query, and a candidate list drawn from our own database — each candidate identified by the school's name, the coach's name, title, role, and a flag indicating whether we have a publishable email address on file. No Gmail data and no X content is included.
  • X direct-message drafts.When you request a DM draft to a coach, we send to Grok: your name, position, graduation year, high school, city, state, height, weight, GPA, and Hudl URL; the target school's name, division, conference, and your recruiting status; the coach's name, title, and X handle; a short behavioural summary our backend has already generated from the coach's public X posts; the grounding summary from the school-performance call described above; the active NCAA contact-period note; and a recent-activity timeline. EMAIL rows in that timeline are redacted to a date-only marker— for example, "Email exchange on 2026-03-15". The subject, body excerpt, direction, thread ID, labels, and sender/recipient of any email are never sent to Grok. Other activity types (phone calls, campus visits, notes, X signals) pass through with their existing summary and direction, because they are not sourced from Gmail.
  • Questionnaire form mapping.When you use our assistant to fill a college's recruiting questionnaire, we send to Grok the external form's field metadata (id, name, label, type, options, placeholder, required flag) and an aggregated text summary of your athlete profile (personal info, residence, parent and coach contacts, test scores, GPA, awards, events, personal records, highlights, intended major). This is used to match form fields to your stored profile data. No Gmail data is included.
  • Questionnaire contact-editor mapping.For dynamic parent / coach / counselor contact sections inside a questionnaire, we send to Grok the section's field metadata and your stored contact records (relationship type, first and last name, email, phone numbers, occupation, college) so the assistant can match fields to the right contact. No Gmail data is included.

We use xAI under the xAI Enterprise Terms of Service as a paid API customer. Under Section 3.3 of that agreement, xAI is contractually prohibited from using our API inputs or outputs to train its models, and user content submitted via the API is automatically deleted within 30 days.

3.3 How the separation is enforced

Gmail content and substantive Gmail metadata — email bodies, subjects, sender and recipient identifiers, direction, thread IDs, and labels — are not included in any xAI request payload. The one Gmail-derived field that can appear in an xAI payload is the date of an EMAIL recruiting-activity row, and only inside the X DM draft flow described in Section 3.2; that redaction is implemented in a single server-side helper (web/src/lib/dm-draft-activity.ts). When a Gmail-touching request also makes a supplemental xAI call — for example, a draft email that fetches grounding facts about the school — that xAI call receives only non-personal reference inputs: the school name (from our schoolstable), the season year (computed from the current date), and the sport token (currently hardcoded as "football" because the grounding feature is football-program-specific). No athlete data, no Gmail data, and no scraped X content is included in that grounding query. Every AI request is logged on our servers with its provider, model, and action type, producing an auditable trail of which provider received what kind of request.

4. Data Sharing

We do not sell your personal information. We share data only with the following categories of recipients, and only for the specific purposes listed:

  • Google (Gemini API): receives the Google user data described in Section 3.1 (including Gmail content and metadata inside the four listed features) solely to generate conversation summaries, email drafts, campaign drafts, and recruiting suggestions at your request. We do not transfer Google user data to any other AI provider.
  • xAI (Grok API): receives the inputs described in Section 3.2 — application data from our own database, text you have entered, summarised public X posts about college coaches, computed values, and, only for the X DM draft feature, the date of any prior recruiting email event as a timeline marker. xAI does not receive email content, email subjects, email sender or recipient identifiers, email direction, thread IDs, Gmail labels, or any other Gmail content or substantive metadata.
  • Authentication providers (Google, X): only the minimum data needed for sign-in and account linking.
  • Infrastructure providers: hosting, database, and email-delivery vendors we use to operate the Service, under contractual confidentiality obligations.
  • As required by law: to comply with legal obligations or lawful requests.

5. Data Security

We protect your data using industry-standard security measures including encrypted connections (HTTPS), encrypted storage of OAuth tokens (AES-256-GCM), and secure password hashing. Gmail OAuth tokens are encrypted at rest and are only used to access your email on your behalf.

6. Data Retention

Recruiting activity records (including email subjects and message content) are retained for the lifetime of your account to maintain your complete recruiting history.

When you disconnect Gmail, your OAuth tokens and label tracking data are permanently deleted. Your recruiting activity history is preserved so you don't lose your conversation timeline.

You may request complete deletion of your account and all associated data by contacting offersecuredapp@gmail.com.

7. Google Workspace APIs — Limited Use Disclosure

OfferSecured's use and transfer of information received from Google Workspace APIs (including Gmail) adheres to the Google Workspace APIs User Data and Developer Policy, including the Limited Use requirements. We also adhere to the Google API Services User Data Policy. Specifically:

  • We only use Google user data to provide or improve the user-facing recruiting features described in this policy — authentication, Gmail-based recruiting correspondence organisation, conversation summaries, email draft generation, campaign email drafts, and recruiting suggestions.
  • We do not use Google user data for any of the following prohibited purposes: targeted, personalised, retargeted, or interest-based advertising; serving ads of any kind; selling or providing Google user data to data brokers or information resellers; determining credit-worthiness or for lending purposes; creating databases of Google user data for purposes unrelated to the user-facing recruiting features described in this policy; or any other unrelated secondary purpose. Google user data stored in our systems exists solely to deliver the features described in Section 3 to you.
  • We do not use Google user data to develop, improve, or train generalised or non-personalised AI or machine-learning models. All AI processing of Google user data is performed by Google's own Gemini API and is used solely to return a result to you, the user who submitted it.
  • We do not transfer Gmail message content or substantive Gmail metadata — including email subjects, bodies, sender or recipient identifiers, direction, thread IDs, or Gmail labels — to xAI, Grok, OpenAI, Anthropic, or any other third-party AI provider. The only AI provider that receives Gmail content and substantive Gmail metadata is Google's own Gemini API, and only for the four Gmail-touching features described in Section 3.1. One narrow, disclosed exception applies: when you request a direct-message draft on X, the date on which a prior recruiting email event occurred may be included in the activity timeline we send to xAI, as a date-only timeline marker — no email subject, body, sender, recipient, direction, thread ID, or label is transferred. This exception is implemented in a single server-side helper and is the only path by which any Gmail-derived field ever reaches a non-Google AI provider.
  • We do not transfer Google user data to other third parties except (a) with your consent, to provide user-facing features you have requested; (b) to comply with applicable law or a lawful request; or (c) in connection with a merger, acquisition, or sale of assets, and only with your explicit prior consent.
  • Humans at OfferSecured do not read your Gmail content unless you give us explicit consent, it is needed for security purposes, or it is required by law.

8. Your Rights

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Disconnect third-party services (Google, Gmail, X) at any time via your account settings
  • Revoke Google access at Google Account Permissions

9. Children's Privacy

Our Service is designed for high school student-athletes (typically ages 14-18). We require parental consent for users under 16. Parents can create accounts and link to their athlete's account to monitor recruiting activity.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: offersecuredapp@gmail.com