Natty Hatty Signature logo

Back

Primary Terms

    Natty Hatty — Privacy Policy

    Last Updated: November 15, 2025

    Version: v1.0

    Natty Hatty, Inc. (“Natty Hatty,” “we,” “us,” or “our”) is committed to protecting your privacy across all Natty Hatty products and services, including the Natty Hatty Customer App / Customer Platform, Business Center, and Signature digital-signature platform (collectively, the “Services”). By using Natty Hatty Services, you agree to the practices described in this Privacy Policy.

    1. WHAT IS PERSONAL DATA AT NATTY HATTY?

    Personal data means any information that identifies or can be reasonably linked to an individual. Examples include:

    • Name, email, phone number

    • Parent/guardian–child relationships

    • Coach identity and roles

    • Device identifiers

    • Activity logs

    • Signatures, documents, and audit trails

    • Payment data

    Aggregated or anonymized data that cannot identify an individual is non-personal data.

    2. SCOPE OF THIS PRIVACY POLICY

    This Policy applies when you:

    • Use the Natty Hatty Customer App / Customer Platform (as a parent, athlete, or coach)

    • Use the Business Center

    • Use Signature

    • Register for programs, events, or bookings

    • Create and manage a Natty Hatty ID

    • Communicate with Natty Hatty

    • Visit our websites and applications

    Facilities and businesses using Natty Hatty may act as independent controllers, and their policies apply separately.

    3. PERSONAL DATA WE COLLECT

    We collect personal data in three ways.

    A. Data You Provide Directly

    Account Information

    • Name

    • Email

    • Phone number

    • Password

    • Parent-child account structure

    • Coach profiles / team roles

    Contact Information

    • Address

    • Emergency contacts

    • Notification preferences

    Transaction Data

    • Purchases

    • Payment method (Stripe)

    • Fees, invoices, confirmations

    Signature Data

    • Uploaded documents

    • Signatures

    • Certificate of completion

    • Audit logs (IP, device, timestamp)

    Additional Information

    • Support correspondence

    • Photos or uploads

    • Surveys and feedback

    B. Data Collected Automatically

    Device & Usage

    • IP address

    • Device identifiers

    • App activity

    • Crash logs

    • Security and fraud signals

    Location

    • Approximate (regional)

    • Precise location only with consent

    C. Data From Others

    From Facilities/Organizations (via Business Center)

    • Registrations

    • Attendance data

    • Athlete information

    • Coach assignments

    • Required documents

    From Parents/Guardians

    • Child account setup

    • Eligibility info

    • Emergency contacts

    From Service Providers

    Stripe, AWS, SendGrid, Twilio, Cloudflare may send:

    • Payment confirmations

    • Delivery/failure statuses

    • Security indicators

    Natty Hatty does not purchase external data.

    4. HOW WE USE PERSONAL DATA

    A. To Provide and Improve the Services

    • Customer App functionality for families, athletes, and coaches

    • Business Center tools for administrators

    • Rosters, schedules, assignments

    • Program, camp, and booking workflows

    • Signature documents and verification

    • Optimization and troubleshooting

    B. To Process Transactions

    • Payment processing

    • Memberships and bookings

    • Transactional confirmations

    C. To Communicate With You

    • Program updates

    • Scheduling and roster assignments

    • Security alerts

    • Account notices

    • Support responses

    Transactional/legal notices cannot be opted out of.

    D. For Security & Fraud Prevention

    • Detect unauthorized activity

    • Protect children’s accounts

    • Identify fraudulent behavior

    • Preserve system integrity

    E. To Comply With Law

    • Tax/reporting

    • Responding to lawful requests

    F. Personalization (Non-Ad-Based)

    • Pre-filling information

    • Showing relevant program options

    • Improving user experience

    Natty Hatty does not use behavioral advertising.

    5. LEGAL BASES FOR PROCESSING (GDPR/UK GDPR)

    We process personal data under:

    • Contractual necessity

    • Legitimate interests

    • Consent

    • Legal obligations

    • Vital interests

    6. SHARING OF PERSONAL DATA

    A. Service Providers (Subprocessors)

    We share data with subprocessors essential to operating the Services, including:

    • AWS

    • Stripe

    • Cloudflare

    • Twilio / SendGrid

    Full list: https://nattyhatty.com/subprocessors

    B. Organizations You Interact With

    Your data may be shared with facilities/businesses for rosters, coaching assignments, program participation, and document requirements. They are independent controllers.

    C. With Your Consent

    Examples include sending a Signature document, linking parent/child accounts, or coach-to-team assignments.

    D. Legal/Safety Disclosures

    Natty Hatty may share information to:

    • Comply with laws

    • Protect users or Natty Hatty

    • Enforce Terms

    Natty Hatty does not sell or share your personal data as defined by CCPA/CPRA.

    7. INTERNATIONAL DATA TRANSFERS

    Natty Hatty uses lawful mechanisms to transfer data outside your region, including:

    • Data Processing Addendum (DPA)

    • EU Standard Contractual Clauses (SCCs – 2021/914)

    • UK Addendum

    • Swiss FDPIC terms

    See: https://nattyhatty.com/dpa

    8. DATA RETENTION

    We retain personal data only as necessary:

    • Accounts: until deletion

    • Signature documents: per customer settings and legal requirements

    • Coaching & assignment data: until account or facility removal

    • Financial records: statutory retention periods

    • Logs: up to 7 years

    • Deleted accounts: removed within 30 days (unless law requires retention)

    9. YOUR PRIVACY RIGHTS

    You may:

    • Access your data

    • Correct your data

    • Delete your data

    • Export your data

    • Withdraw consent

    • Opt out of marketing

    • Exercise additional rights (GDPR/CPRA)

    CCPA/CPRA users can also file requests at:

    👉 Do Not Sell or Share My Personal Information

    To exercise any privacy right:

    legal@nattyhatty.com

    10. CHILDREN’S PRIVACY (COPPA COMPLIANT)

    To protect children:

    • Parents/guardians must create or approve child accounts

    • We obtain parental consent

    • Parents may review or delete child data

    • Unauthorized child data is deleted immediately

    Requests:  

    legal@nattyhatty.com

    11. COOKIES & TRACKING

    Natty Hatty uses cookies for:

    • Authentication

    • Fraud/security

    • Performance analytics

    • Session continuity

    We do not use advertising cookies or trackers.

    A cookie banner is displayed where legally required.

    12. SECURITY

    Natty Hatty uses industry-standard measures:

    • Encryption at rest & in transit

    • Role-based access controls

    • DDoS protection

    • Monitoring & threat detection

    • Incident response protocols

    • Secure infrastructure

    We do not use AI or machine learning to process personal data.

    Security overview:

    📍 https://nattyhatty.com/security

    13. CHANGES TO THIS POLICY

    If we make material changes:

    • We will update the “Last Updated” date

    • We may notify you in the app or via email

    14. CONTACT

    Natty Hatty, Inc. — Privacy Office

    legal@nattyhatty.com