Skip to main content
Mettle Arena

Privacy Policy

Effective 2026-05-25

Who this applies to

This policy covers Mettle Arena (“Mettle,” “we,” “us”) — a software platform we license to swim clubs to manage practice attendance, meet entries, athlete progress, broadcasts, and parent communication. It applies to coaches, athletes, parents/guardians, and club administrators who use the product.

When you use Mettle as an athlete or parent through a club, the club is the data controller: they decide whether you have an account, what your role is, and which features they enable. Mettle processes data on their behalf under our agreement with the club. Questions about your data should start with your club; we honor any request the club authorizes.

What we collect

  • Account basics — coach email (for Firebase login) or athlete PIN (4-digit, club-issued). Names. Ages. Genders. Practice-group assignments.
  • Performance data — practice attendance, swim times (PBs), meet entries, push-notification preferences. All org-scoped — never visible to other clubs.
  • Daily check-ins — energy, mood, freshness, sleep, soreness (athlete-entered scales). Optional. Used to drive the squad-readiness view for the athlete’s coach. Athletes control whether granular signals reach the coach via a privacy toggle (default: off).
  • Wearable data — when the athlete connects a wearable (Apple Health, Whoop), we ingest HRV, sleep, recovery scores. Same privacy toggle applies.
  • Push tokens — when you opt in to push notifications, the browser’s push subscription endpoint is stored so we can deliver coach broadcasts, PB celebrations, practice reminders.
  • Operational telemetry — error reports, server logs, IP addresses for rate limiting. These never include performance data values; only fingerprints (e.g. “a 4-digit PIN was submitted” not the PIN itself).
  • Audit log — administrative actions (broadcast sent, consent recorded, roster updated). Field shapes only, never values.

What we never collect

  • Facial images or biometric identifiers (we don’t use face recognition).
  • Location data beyond what’s in your IP address for rate limiting.
  • Payment card numbers (we use Stripe; cards live in Stripe, not Mettle).
  • Social-media posts, contacts, or anything outside Mettle itself.

How we use it

  • Run the product features your club has enabled — attendance, meet entries, broadcasts, leaderboards, readiness views.
  • Send the notifications you’ve opted into. You can turn each category off in your push preferences at any time.
  • Compute the aggregate national-percentile benchmarks. We compute these from opted-in athletes only, and store only the resulting distribution numbers (not individuals).
  • Investigate bugs and security incidents through the audit log.
  • We do NOT use your data to train AI models. Mettle uses internal automation (we call it “Atlas”) to monitor for operational issues and surface alerts to our engineering team — never to make decisions about you, your athletes, or your performance.

Who can see what

  • Coaches see their org’s roster, attendance, and broadcasts. They see daily check-in summaries only when the athlete has explicitly opted into granular sharing.
  • Athletes see their own data and any leaderboards their club has enabled. Athletes can opt out of leaderboard visibility at any time.
  • Parents see only the athletes they’ve been linked to by their club, and only the slices that athlete is comfortable sharing (mediated by the same privacy toggles).
  • Mettle staff can access data only when investigating a specific operational issue, and access is audit-logged.
  • Other clubs see nothing. Org-scoping is enforced at the API layer, not just the UI.

Data retention

We keep performance and attendance data for the lifetime of the club’s account, plus 90 days after termination for backups and dispute resolution. Audit logs are retained for 24 months. Push subscription endpoints that the browser invalidates are purged automatically.

Athletes who leave a club can request their data be deleted by contacting their club’s administrator; we honor those requests within 30 days of receipt.

Children under 13

Mettle is built for swim clubs, which routinely include athletes under 13. We follow COPPA (the U.S. Children’s Online Privacy Protection Act). The detailed disclosure is on the COPPA page.

Your controls

  • Push categories — every notification type can be toggled individually in your push preferences. Coach broadcasts, PR celebrations, practice reminders, weekly summaries.
  • Quiet hours — by default, no notifications between 9pm and 7am local time. Configurable.
  • Leaderboard opt-out — athletes can hide themselves from the team leaderboard while still using all other features.
  • Granular sharing — daily check-in details (mood, energy, freshness) are coach-visible only with explicit athlete opt-in.
  • Data export — coaches can download a CSV of their squad at any time; parents and athletes can request their own data via legal@mettlearena.com.

Where we store data

Mettle runs on Vercel (United States) and Firebase / Google Cloud (United States). We don’t transfer personal data outside the U.S. except as required to deliver push notifications via the browser vendor’s push services (Apple, Google, Mozilla).

Changes to this policy

When we materially change this policy, we update the effective date at the top, email the head coach at each club, and surface an in-app banner for affected users. The previous version remains available on request.

Contact

Questions, requests, or complaints: legal@mettlearena.com.