Trust & Security
How we protect your family's data
Most Prospecta users are parents of high-school athletes — many under 18. We think the honest thing to do is tell you exactly how your athlete's information is handled, in plain language, without jargon or invented certifications. If any of this changes, we'll update this page and note it in our changelog.
Row-level protection on every family record
Your athlete's profile, assessment answers, and coach-outreach history live in a database where each row is stamped with the account that owns it. Our access rules enforce that ownership at the database level — not just in the app — so one family's data can't be pulled by another family's account.
AI models never see who your athlete is
When we generate a Reality Report or draft a coach email, the AI providers we use receive the athletic and academic details we need to answer the question — but not your athlete's name, email, phone, home address, or school. Direct identifiers are stripped before the request leaves our servers. This is spelled out in our Privacy Policy and it's how the assessment has always worked.
We do not sell your data. Ever.
No brokers, no lead resale, no "partner networks" that quietly monetize a list of teenage athletes. Prospecta is paid by families who choose to subscribe, and by nothing else. No recruiting service, event, camp, or club pays us for placement in any tool or report on this site.
Authentication built on hardened infrastructure
Sign-in, password reset, and session management run on a managed authentication platform used by thousands of production apps. Passwords are hashed and salted; you can sign in with Google if you'd prefer not to manage another password.
Encryption in transit and at rest
Every request between your browser and Prospecta is served over HTTPS. Data is stored encrypted at rest by our database and file-storage providers, using industry-standard AES-256.
Security posture is actively reviewed and maintained
Before opening Prospecta up to broader outreach with real families, we completed a fresh security review and a hardening pass on the systems that handle family data. We treat this as ongoing work, not a one-time checkbox — access rules and permissions are reviewed as we ship new features.
What we haven't done — yet
We aren't claiming SOC 2, ISO 27001, HIPAA, or any other formal certification. Those audits are on the roadmap as we grow, but we won't put a badge on this page until we've earned it. If a recruiting-tool site claims certifications without naming the auditor and the report date, treat that as a sales tactic — not a trust signal.
Reporting a security concern
If you believe you've found a security issue affecting family data on Prospecta, please email security@getprospecta.ai with a description and how to reproduce it. We read every report and prioritize anything that touches minors' data.
For the legal specifics of what we collect and how it's used, see our Privacy Policy and Terms.