TotalUp
Start free

TotalUp — Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains what information TotalUp App ("TotalUp," "we," "us," or "our") collects when you use totalup.app (the "Service"), how we use it, and the choices you have. It's written to be read, not just survived — where something is genuinely important, we've tried to say so plainly.

This policy works alongside our Terms of Use. Using the Service means you've read and agree to both.

1. Who this applies to

The Service has two kinds of users:

  • Hosts - people who create an account to run leagues. Hosts give us an email and password, and we collect additional information as they use the Service.
  • Viewers - anyone who visits a public standings page at /l/{slug} without signing up. We collect very little about viewers, as described below.

This policy covers both.

2. Information we collect

2.1 Information you give us

If you're a Host, when you sign up:

  • Your email address
  • Your password (stored hashed we never see or store the plaintext)
  • Optionally, a display name if we ask for one

When you use the Service as a Host:

  • League names, venue names, and scoring configurations you create
  • Team names you add
  • Session dates and round-by-round scores you enter
  • Any other content you voluntarily enter into the product

When you contact us:

  • Your email address and whatever you include in the message

2.2 Information collected automatically

When anyone, Host or Viewer, uses the Service, our servers and infrastructure automatically receive:

  • IP address
  • Browser type and version, device type, operating system
  • Pages or URLs visited within the Service, timestamps, referring URL
  • Basic request logs used for security, debugging, and abuse prevention

We may use cookies or similar technologies for essential purposes like keeping Hosts signed in and preventing cross-site request forgery. We do not use cookies to track you across other websites.

2.3 Analytics

We may use a web analytics tool to understand aggregate usage of the Service (for example, which pages are visited most, roughly where visitors are located, typical device types). If and when we do, we will choose a provider and configuration consistent with this policy — preferring privacy-respecting tools where practical, and disclosing any analytics provider we use in a future update to this policy.

Analytics data is used in aggregate to improve the Service, not to build individual profiles.

2.4 Information we do not collect

We don't ask for and don't want:

  • Payment or financial information (the MVP is free)
  • Government IDs, social security numbers, or similar
  • Location data beyond what's inferable from an IP address
  • Contacts, photos, or other data from your device

3. How we use your information

We use the information we collect to:

  • Provide the Service. Run your leagues, calculate standings, display public pages, authenticate Hosts, send password resets and account-related email.
  • Operate and protect the Service. Prevent abuse, detect and investigate fraudulent or harmful activity, enforce our Terms of Use, and keep the Service secure.
  • Improve the Service. Understand how people use TotalUp in aggregate, find and fix bugs, prioritize features.
  • Communicate with you. Respond when you contact us, send essential account notices (password resets, major changes to these policies, and similar). We won't send marketing email without your consent.
  • Comply with the law. Respond to valid legal requests and protect our rights and those of our users.

We don't sell your personal information. We don't share it with advertisers. We don't rent email lists.

4. Information that is public by design

This is the most important thing to understand about how TotalUp works: league standings pages and session results pages are public by default. When you, as a Host, enter content into the Service, the following becomes visible to anyone with the URL:

  • The league name and venue name you chose
  • Team names
  • Session dates
  • Round-by-round scores and cumulative totals

These URLs may be shared, linked to, screenshotted, or indexed by search engines. Treat this content as public. Don't put anyone's personal information, real last names, phone numbers, or anything else sensitive into team names or league content unless you have the relevant people's consent.

Host accounts themselves, your email address, for example, are not public. We never display a Host's email on a public standings page, and we don't include it in any public response.

5. Service providers we use

We rely on a small set of third-party services to run TotalUp. Each one receives only the data it needs to do its job. The main categories:

  • Hosting and infrastructure - our application and database run on infrastructure provided by a cloud hosting provider. This provider processes request data and stores your content on our behalf.
  • Transactional email provider - account-related emails (password resets, verification, essential notices) are sent through a third-party email provider such as Postmark, Resend, Amazon SES, or similar. This provider processes your email address and the contents of the email to deliver it.
  • Error monitoring - we may use an error-tracking service to catch bugs in production. Such a service may receive limited information about errors, including the URL where the error occurred and, incidentally, information about the session.
  • Analytics - as described in section 2.3, if and when we use analytics.

We pick providers with reasonable security and privacy practices. We don't grant them permission to use your data for their own purposes beyond providing the service to us.

6. How long we keep things

  • Your account and content - kept while your account is active. If you delete your account, we delete your leagues, teams, sessions, and scores from our active systems within a reasonable period.
  • Backups - may retain deleted content for up to 30 days before being overwritten in the normal course of operations.
  • Logs and security data - retained for a limited period (typically weeks to a few months) for debugging and security purposes.
  • Legal obligations - if we're legally required to keep something longer, we will, but only for as long as required.

7. Your choices

Whether or not a specific privacy law grants you formal "rights," you can do the following at any time:

  • Access and update your content. You can view and edit everything in your account through the Host dashboard — league details, team names, scores, session history.
  • Download your data. If you want a copy of your data and the product doesn't yet offer an export, email us and we'll help.
  • Delete your account. You can delete your account from account settings (or by emailing us if the option isn't yet in the UI). Deletion removes your content as described in section 6.
  • Unsubscribe from non-essential email. We don't currently send marketing email. If we ever do, it will include an unsubscribe link.
  • Ask us questions. Email the address in section 11 and we'll do our best.

A note on California, Virginia, and other US state privacy laws

Some US states (including California, Virginia, Colorado, Connecticut, and Utah) give residents additional rights around personal information — such as the right to know what we've collected, request deletion, or opt out of certain uses. We honor these rights for residents of those states to the extent the laws apply to us, through the same mechanisms described above. If you'd like to exercise a state-specific right, email us using the contact in section 11 and mention which state you're a resident of.

A note on international users

The Service is operated from the United States and intended for US users. If you access it from outside the US, your information will be transferred to and processed in the US, which may have different data-protection laws than your country. By using the Service, you consent to this transfer.

8. Children

The Service is not directed to children under 13, and we don't knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, email us and we'll remove it.

Hosts between 13 and 18 should use the Service only with a parent or guardian's involvement, as described in our Terms of Use.

9. Security

We take reasonable measures to protect the information we hold. Passwords are hashed. Data is transmitted over HTTPS. Our infrastructure providers apply standard security controls.

That said, no system is perfectly secure. We can't guarantee that information will never be accessed by an unauthorized party. If we discover a breach that affects your personal information, we'll notify affected users as required by law and as soon as reasonably possible.

You can help by choosing a strong, unique password and keeping it confidential.

10. Changes to this policy

We may update this Privacy Policy over time. When we do, we'll update the "Last updated" date at the top, and for material changes we'll make a reasonable effort to notify Hosts by email or through a notice in the Service before the change takes effect.

Continued use of the Service after changes take effect means you accept the updated policy. If you don't, stop using the Service and (if you're a Host) delete your account.

11. Contact

Privacy questions, data requests, or concerns? Email us at support@totalup.app.