Loading…
Loading…
StatStak, Inc. DBA Baseline · Last Updated April 1, 2026
StatStak, Inc., doing business as Baseline (“Baseline,” “we,” “us,” or “our”), provides a sports facility management platform (the “Platform”) that enables sports facilities, training academies, travel teams, and similar organizations (“Businesses”) to manage scheduling, payments, memberships, team management, athlete development, marketing, and related operations. The Platform also allows individuals (“End Users”) to access and purchase services offered by Businesses through the Platform.
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use the Platform, whether as a Business, an End User, or a visitor. If you are using the Platform on behalf of an organization, you represent that you have the authority to bind that organization to this Privacy Policy.
This Privacy Policy should be read together with our Terms of Service, which govern your use of the Platform. Capitalized terms not defined here have the meanings given in the Terms of Service.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Platform.
(a) Baseline operates as a technology service provider that enables Businesses to manage operations and interact with End Users. Baseline is not the merchant of record, seller, or provider of any services offered by Businesses through the Platform.
(b) Baseline’s Dual Role. Baseline acts in two capacities with respect to personal information:
(c) Legal Basis for Processing. Baseline processes personal information on the following legal bases, as applicable: (i) performance of a contract (e.g., to provide the Services you or your Business have requested); (ii) legitimate interests (e.g., to improve the Platform, ensure security, and prevent fraud), where those interests are not overridden by your privacy rights; (iii) consent (e.g., for marketing communications and non-essential cookies), which you may withdraw at any time; and (iv) compliance with legal obligations.
(d) Each Business is the data controller for End User personal information collected in connection with its services and is responsible for compliance with applicable data protection laws, including obtaining any required consents from End Users.
We may collect the following categories of personal information, depending on your role and how you interact with the Platform:
(a) Account and Contact Information. Name, email address, phone number, mailing address, username, password, and other details you provide when creating an account or contacting us.
(b) Business Information. For Businesses: organization name, business address, tax identification numbers, bank account or payment account details (processed and stored by our third-party payment processor, not by Baseline directly), and information about authorized representatives.
(c) End User Information. For End Users: name, contact details, booking and transaction history, membership information, athlete profile data, performance statistics, attendance records, and other information provided by End Users or by Businesses on their behalf.
(d) Payment Information. Payment card numbers, bank account details, and billing addresses are collected and processed by our third-party payment processor. Baseline does not directly store full payment card numbers. Baseline may receive and store truncated card information (e.g., last four digits), transaction amounts, dates, and payment status for record-keeping and Platform functionality.
(e) Device and Usage Information. IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, features used, clickstream data, session duration, and other technical information collected automatically when you access the Platform.
(f) Location Information. Approximate location derived from IP address. We do not collect precise geolocation data unless you explicitly enable location services on your device.
(g) Communications. Records of your communications with us, including emails, chat messages, and support requests.
(h) Marketing Interaction Data. Information about how you interact with our marketing emails, advertisements, and promotional content, including open rates, click-through rates, and conversion data.
(i) Third-Party Integration Data. Information received from third-party services you connect to the Platform, including Google Calendar and Google Sheets data (subject to the Google API Services User Data Policy and Limited Use requirements), and social media platforms where you interact with our content.
(j) Cookie and Tracking Data. Information collected through cookies, pixels, web beacons, and similar technologies. See Section 9 (Cookies and Tracking Technologies) for details.
(k) Sensitive Personal Information. Certain information processed through the Platform may be considered sensitive under applicable privacy laws, including: personal information of minors (such as youth athlete profiles, performance statistics, and attendance records), precise geolocation data (if you enable location services), and payment information. Baseline limits its use of sensitive personal information to the purposes necessary to provide the Services and does not use sensitive personal information for advertising or profiling purposes.
(l) Data Minimization. Baseline is committed to collecting only the personal information that is reasonably necessary for the purposes described in this Privacy Policy. We regularly review our data collection practices to ensure they remain proportionate to our operational needs.
(a) Directly from You. When you create an account, complete a profile, make a purchase, submit a form, schedule an appointment, register for an event, enroll in a membership, or contact us.
(b) Automatically. Through cookies, pixels, and similar technologies when you access or use the Platform, and through server logs that record technical information about your interactions.
(c) From Businesses. Businesses may input or upload End User personal information to the Platform in connection with their operations, including customer records, booking data, and performance statistics.
(d) From Third Parties. From payment processors (transaction status and confirmation data), analytics providers, advertising networks, social media platforms, and other service providers that support the Platform.
(e) Through Third-Party APIs. When you authorize a connection between the Platform and a third-party service (e.g., Google Calendar, Google Sheets), we receive data from those services in accordance with your authorization and the applicable third-party terms.
We use personal information for the following purposes:
(a) Providing and Operating the Platform. To create and manage accounts, enable Platform features, process transactions, manage memberships and bookings, facilitate communications between Businesses and End Users, and deliver the Services.
(b) Payment Processing. To facilitate payment transactions between End Users and Businesses through our third-party payment processor. Baseline acts as a technology facilitator in the payment process; each Business is the merchant of record for its own transactions.
(c) Communications. To send transactional messages (e.g., booking confirmations, payment receipts, account notifications), respond to inquiries, and provide customer support.
(d) Marketing and Promotions. To send promotional communications, subject to your notification preferences and applicable law. You may opt out of marketing communications at any time (see Section 8).
(e) Analytics and Improvement. To analyze usage patterns, monitor Platform performance, identify trends, and improve the Platform’s features, functionality, and user experience.
(f) Aggregated and De-Identified Data. To generate aggregated, de-identified analytics and benchmarks. De-identification is performed in accordance with applicable law, including the standards set forth in the California Consumer Privacy Act (Cal. Civ. Code § 1798.140(m)), such that the data cannot reasonably identify any individual.
(g) Security and Fraud Prevention. To detect, prevent, and investigate fraud, unauthorized access, and other security incidents.
(h) Legal Compliance. To comply with applicable laws, regulations, legal processes, and government requests, and to enforce our Terms of Service and this Privacy Policy.
(i) Business Operations. For internal business purposes, including accounting, auditing, and corporate reporting.
We do not sell personal information as that term is traditionally understood. We may share certain personal information with advertising and analytics partners (e.g., through cookies, pixels, or advertising identifiers) in ways that may constitute “sharing” or “cross-context behavioral advertising” under certain state privacy laws, including the California Privacy Rights Act (CPRA). Where required by law, we provide users with the ability to opt out of such sharing. We may share personal information in the following circumstances:
(a) With Businesses. We share End User information with the applicable Business whose services the End User is accessing or purchasing. Businesses receive this information as independent data controllers and are responsible for their own use of it in accordance with their own privacy policies.
(b) With Service Providers. We engage third-party service providers to perform functions on our behalf, including payment processing, data hosting, email delivery, analytics, customer support, and marketing. These providers are contractually obligated to use personal information only as directed by Baseline and to maintain appropriate security.
(c) With Payment Processors. Transaction data is shared with our third-party payment processor to facilitate payments between End Users and Businesses. The payment processor operates under its own privacy policy and is subject to PCI DSS requirements.
(d) With Other Platform Users. Certain information may be visible to other users in context (e.g., team rosters, booking schedules, athlete profiles), as determined by the applicable Business’s configuration of the Platform.
(e) Aggregated and De-Identified Data. We may share or disclose aggregated, de-identified data with third parties for analytics, benchmarking, and marketing purposes. This data does not identify any individual.
(f) Business Transfers. In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring entity. We will provide notice of such transfer as required by applicable law.
(g) Legal and Safety. We may disclose personal information when we believe in good faith that disclosure is necessary to: (i) comply with applicable law, regulation, legal process, or government request; (ii) enforce our Terms of Service or this Privacy Policy; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of Baseline, our users, or the public.
(h) With Your Consent. We may share your personal information for other purposes with your express consent.
Mobile opt-in data and SMS consent information are not shared with third parties for their own marketing or promotional purposes. This information may be shared with service providers (e.g., SMS delivery platforms) solely for the purpose of delivering SMS communications on behalf of Baseline.
(a) As between Baseline and a Business, the Business retains all right, title, and interest in its Business Data (as defined in the Terms of Service), including all End User data that the Business inputs into or generates through its use of the Platform.
(b) Baseline does not claim ownership of Business Data. The Business grants Baseline a limited, non-exclusive license to use, process, store, reproduce, and display Business Data solely for the purposes of: (i) providing and operating the Services; (ii) maintaining and improving the Platform; (iii) generating aggregated, de-identified analytics; and (iv) complying with applicable legal obligations.
(c) Upon termination of a Business’s access to the Platform, Baseline will make Business Data available for export for a period of not less than thirty (30) days. After the export period, Baseline may delete Business Data in accordance with its data retention practices, subject to any legal retention requirements.
(d) Baseline retains ownership of all Platform-generated data, including aggregated analytics, de-identified benchmarks, usage statistics, and system performance data that does not identify any individual or Business.
(a) We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, and comply with our legal obligations.
(b) The specific retention period depends on the nature of the information, the purpose for which it was collected, and applicable legal requirements. In general:
(c) When personal information is no longer needed, we will delete or de-identify it in accordance with our data retention policies and applicable law.
(d) Deletion Triggers. Personal information may be deleted or de-identified upon: (i) a verified deletion request from the individual (subject to legal retention requirements); (ii) a Business’s request to delete End User data it controls; (iii) termination of a Business’s account and expiration of the data export period; (iv) expiration of the applicable retention period; or (v) Baseline’s determination that the data is no longer necessary for any legitimate purpose.
(e) Business-Directed Deletion. Businesses may request deletion of specific End User records through the Platform or by contacting Baseline. Baseline will process such requests within a reasonable timeframe. Note that certain data may be retained where required by law (e.g., transaction records for tax compliance) even after a deletion request.
(a) Privacy Rights. Depending on your state of residence, you may have the following rights with respect to your personal information:
(b) How to Exercise Your Rights. To exercise any of the above rights, contact us at privacy@baselinepro.com. We will verify your identity before processing your request and respond within the timeframe required by applicable law.
(c) Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may verify your identity directly.
(d) Marketing Opt-Out. You may opt out of marketing communications at any time by: (i) clicking the “unsubscribe” link in any marketing email; (ii) replying “STOP” to any SMS message; or (iii) updating your notification preferences in your account settings. Opting out of marketing communications does not affect transactional or administrative messages.
(e) End User Requests. If you are an End User whose data was collected by a Business through the Platform, you should direct privacy-related requests to the applicable Business in the first instance, as the Business is the data controller for that information. If you contact Baseline directly with a privacy request, Baseline will: (i) redirect you to the applicable Business where appropriate; (ii) assist the Business in fulfilling the request as required by applicable law; and (iii) respond directly to the extent the request relates to data for which Baseline is the data controller (e.g., account data, Platform usage data).
(a) We use cookies, pixels, web beacons, and similar technologies to collect information about your interactions with the Platform. These technologies help us operate the Platform, analyze usage, personalize your experience, and deliver relevant advertising.
(b) Types of Cookies. We use the following categories of cookies:
(c) Cookie Consent. Where required by applicable law, we obtain user consent before placing non-essential cookies or similar tracking technologies on a user’s device. You may manage your cookie preferences through our cookie settings or through your browser settings.
(d) Managing Cookies. You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of the Platform.
(e) Do Not Track. Some browsers transmit a “Do Not Track” (DNT) signal. There is no industry standard for how websites should respond to DNT signals. At this time, the Platform does not respond to DNT signals. We will update this Privacy Policy if we adopt a DNT response standard in the future.
(f) Third-Party Analytics. We use Google Analytics and similar services to analyze Platform usage. Google Analytics collects information through cookies and transmits it to Google’s servers. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
(a) By providing your mobile phone number, you consent to receive SMS messages (which may be sent via automated technology) from or on behalf of StatStak, Inc. DBA Baseline for account notifications, service updates, and marketing purposes.
(b) Message Frequency. Message frequency varies based on your interactions with the Platform and your notification preferences.
(c) Message Types. Messages may include account updates, booking confirmations, payment reminders, appointment notifications, special offers, and promotional messages.
(d) Message and Data Rates. Message and data rates may apply according to your mobile service provider’s standard rate plan.
(e) Opt-Out. You can opt out of SMS messages at any time by replying “STOP” to any message or by contacting us at support@baselinepro.com. You may receive a one-time confirmation message. Opting out of SMS does not affect transactional messages necessary for Platform operation.
(f) Help. Reply “HELP” to any message, or email support@baselinepro.com.
(g) Mobile opt-in data and SMS consent information are not shared with third parties for their own marketing or promotional purposes. This information may be shared with service providers solely for the purpose of delivering SMS communications.
(h) Baseline reserves the right to send certain administrative or transactional messages necessary for Platform operation (e.g., security alerts, account status changes) even if you have opted out of promotional messages.
(a) The Platform is not directed to children under 13 to use independently, and Baseline does not knowingly collect personal information directly from children under 13. If you are under 13, you may not create an account on or independently use the Platform.
(b) Businesses using the Platform may collect and input personal information relating to minors, including youth athletes, in connection with their operations. In such cases, the Business acts as the data controller and is solely responsible for: (i) obtaining any required parental or guardian consent; (ii) complying with applicable laws governing the collection of children’s data, including the Children’s Online Privacy Protection Act (“COPPA”); and (iii) ensuring that its use of the Platform with respect to minors’ data complies with all applicable legal requirements. Baseline processes such information on behalf of the Business in its capacity as a data processor.
(c) Baseline limits its use of personal information relating to minors to the purposes of providing the Services to the applicable Business and does not use such information for advertising, profiling, or any purpose unrelated to delivering the Services.
(d) If we become aware that personal information of a child under 13 has been collected through the Platform without appropriate consent, we will take prompt steps to delete such information. If you believe a child under 13 has provided personal information through the Platform without appropriate consent, please contact us at privacy@baselinepro.com.
(a) We implement commercially reasonable technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and employee training.
(b) Payment information is processed by our PCI DSS-compliant third-party payment processor. Baseline does not directly store full payment card numbers on its servers.
(c) No method of electronic transmission or storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activity under your account.
(d) In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by applicable law.
(a) California Residents (CCPA/CPRA). If you are a California resident, you have the right to: (i) know what personal information we collect, use, disclose, and share; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of personal information; (iv) correct inaccurate personal information; and (v) limit the use of sensitive personal information. We do not sell personal information as defined under the CCPA. We may share personal information for cross-context behavioral advertising purposes through the use of cookies, pixels, and similar technologies. You may opt out of such sharing by adjusting your cookie preferences or by contacting us at privacy@baselinepro.com. We will respond to verified requests within 45 days as required by law.
(b) Categories of Information Collected and Disclosed. In the preceding 12 months, we may have collected the following categories of personal information as described in Section 2: identifiers, commercial information, internet or other electronic network activity, geolocation data, and professional or employment-related information. These categories may be disclosed to service providers and business partners as described in Section 5.
(c) Virginia Residents (VCDPA). Virginia residents have the right to: access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the processing of personal data for targeted advertising, sale, or profiling. To exercise your rights, contact us at privacy@baselinepro.com. If we decline your request, you may appeal by contacting us at the same address.
(d) Colorado Residents (CPA). Colorado residents have the right to: access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the processing of personal data for targeted advertising, sale, or profiling. You may exercise your rights by contacting us at privacy@baselinepro.com.
(e) Connecticut Residents (CTDPA). Connecticut residents have rights substantially similar to those described above for Virginia and Colorado residents. Contact us at privacy@baselinepro.com to exercise your rights.
(f) Texas Residents (TDPSA). Texas residents have the right to: confirm whether we are processing their personal data, access and correct their data, delete their data, obtain a portable copy, and opt out of the processing of personal data for targeted advertising, sale, or profiling. Contact us at privacy@baselinepro.com to exercise your rights.
(g) Other States. Residents of other states with applicable privacy laws may exercise their rights by contacting us at privacy@baselinepro.com. We will process requests in accordance with applicable law.
(h) We will not discriminate against you for exercising any privacy rights granted under applicable state law.
(a) The Platform may integrate with third-party services, including Google Calendar, Google Sheets, and payment processors. When you connect a third-party service, that service’s privacy policy and terms of service govern its collection and use of your information. Baseline is not responsible for the privacy practices of third-party services.
(b) Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
(c) The Platform may contain links to third-party websites or services. Baseline does not control and is not responsible for the content or privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
(d) Baseline may make available APIs that allow Businesses to access and export their own Business Data for integration with their other systems. Use of such APIs is subject to the Terms of Service, this Privacy Policy, and any applicable API terms. Businesses using Baseline APIs are responsible for their own compliance with applicable data protection laws. Baseline APIs are provided solely for authorized Business use and may not be used for scraping, unauthorized data extraction, competitive analysis, or any purpose prohibited by the Terms of Service.
(a) Baseline may use automated tools, including artificial intelligence and machine learning, to analyze aggregated and de-identified Platform data for the purpose of improving Platform features, generating analytics and benchmarks, and enhancing user experience.
(b) Baseline does not use personal information for automated decision-making that produces legal or similarly significant effects on individuals without human review, except where required to provide the Services (e.g., automated fraud detection) or where you have provided explicit consent.
(c) Baseline does not use personal information collected through the Platform to train third-party AI or machine learning models. Internal use of data for Platform improvement purposes uses aggregated, de-identified data that does not identify any individual.
(a) The Platform is intended for users in the United States. If you access the Platform from outside the United States, your personal information may be transferred to, stored, and processed in the United States, where our servers and service providers are located.
(b) By using the Platform from outside the United States, you consent to the transfer, storage, and processing of your personal information in the United States, where data protection laws may differ from those in your jurisdiction.
(a) In the event of a data breach involving personal information that poses a risk of harm to affected individuals, Baseline will: (i) take reasonable steps to contain and remediate the breach; (ii) notify affected individuals as required by applicable state and federal law; and (iii) notify applicable regulatory authorities as required by law.
(b) Notification will be provided without unreasonable delay and in accordance with the specific notification timelines and requirements of applicable state breach notification laws.
(c) Baseline will also notify affected Businesses if a breach involves Business Data, so that Businesses may fulfill their own notification obligations to their End Users.
Baseline is committed to earning and maintaining trust in the youth sports and facility management community. The following principles guide our approach to data:
(a) We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law.
(b) For material changes, we will provide at least thirty (30) days’ notice via email or prominent notice on the Platform before the changes take effect.
(c) Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree, you should discontinue use of the Platform.
(d) We encourage you to review this Privacy Policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Baseline (StatStak, Inc.)
5901 Crossings Blvd.
Antioch, TN 37013
Attn: Privacy Officer
Email: privacy@baselinepro.com
Phone: (470) 261-7005
For general support inquiries: support@baselinepro.com
To report suspected intellectual property violations: legal@baselinepro.com