Privacy Policy

Last updated: January 15, 2026

1. Introduction

ScoutTrax LLC ("ScoutTrax," "we," "us," or "our") operates the ScoutTrax troop management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting the privacy of Boy Scouts of America (BSA) units, their members, and families. This policy complies with applicable data protection laws, including the Children's Online Privacy Protection Act (COPPA) and BSA Youth Protection requirements.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name (first and last name)
  • Email address
  • Username and password (encrypted)
  • Date of birth (to verify age and BSA eligibility)
  • Phone number (optional)
  • Role (Scout, Parent/Guardian, or Adult Leader)
  • Unit affiliation (Troop number and charter organization)

2.2 Youth Member Information

For Scout members under 18 years old:

  • Parental consent is required before account activation
  • Parent/guardian email and contact information
  • Household relationship information
  • We do NOT collect personal information from children under 13 without verified parental consent per COPPA requirements

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, device information)
  • Session activity (login times, pages viewed)
  • Feature usage patterns (to improve our service)
  • Security event logs (failed login attempts, authentication events)

2.4 Information You Provide

You may voluntarily provide:

  • Profile information (advancement progress, patrol assignments)
  • Communication preferences
  • Feedback and support requests
  • Content you create within the platform

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create and manage your account, enable troop management features, facilitate communication within your unit
  • Security: Authenticate users, prevent fraud and abuse, enforce BSA Youth Protection policies, maintain audit logs
  • Communications: Send transactional emails (password resets, account notifications, parent approval requests)
  • Compliance: Meet legal obligations, respond to legal requests, enforce our Terms of Service
  • Improve Service: Analyze usage patterns, fix bugs, develop new features (anonymized data only)
  • Support: Respond to your inquiries and provide customer support

4. Email Communications

We send transactional emails that are necessary for the operation of the service:

4.1 Required Emails (Cannot Be Unsubscribed)

  • Password reset requests
  • Two-factor authentication (2FA) notifications
  • Account security alerts
  • Parent approval requests (BSA Youth Protection requirement)
  • Critical service notifications

4.2 Optional Emails (Can Be Managed in Preferences)

  • Welcome emails and onboarding tips
  • Feature announcements
  • Security recommendations (2FA setup reminders)

4.3 Email Service Provider

We use Amazon Simple Email Service (SES) to send emails. Our email practices include:

  • All emails include our physical address per CAN-SPAM Act requirements
  • Bounce handling: Invalid email addresses are immediately suppressed
  • Complaint handling: Recipients who mark emails as spam are permanently removed
  • Authentication: All emails are DKIM-signed and SPF-verified
  • Monitoring: Daily review of delivery metrics and complaint rates
  • No email list rentals or purchases
  • No marketing or promotional campaigns

4.4 Managing Email Preferences

You can manage your email preferences by:

  • Logging into your account and visiting Settings → Notifications
  • Clicking "Manage Preferences" in any non-critical email
  • Contacting support at support@scouttrax.com

5. Information Sharing and Disclosure

5.1 Within Your Unit

Information is shared with other members of your unit according to role-based permissions:

  • Adult leaders can view roster information for their unit
  • Parents can view their own Scout's information
  • Scouts can view limited information about other scouts in their patrol/unit

5.2 Service Providers

We share information with trusted service providers who assist in operating our service:

  • Hosting: Google Cloud Platform (Cloud Run) for application hosting
  • Database: Supabase (PostgreSQL) for data storage
  • Email: Amazon Web Services (SES) for transactional email delivery
  • Authentication: JWT-based authentication (managed in-house)

All service providers are contractually obligated to protect your information and use it only for providing services to us.

5.3 We Do NOT Share or Sell Your Information

We never:

  • Sell personal information to third parties
  • Share information with advertisers
  • Rent or lease email lists
  • Use your information for marketing campaigns

5.4 Legal Requirements

We may disclose information if required by law, such as:

  • To comply with legal process (subpoena, court order)
  • To enforce our Terms of Service
  • To protect the rights, safety, or property of ScoutTrax, our users, or others
  • In connection with BSA Youth Protection investigations

6. BSA Youth Protection Compliance

We implement BSA Youth Protection policies in our platform:

  • Parental Consent: Scout accounts require explicit parent/guardian approval before activation
  • 2-Deep Leadership: Scout communications automatically include adult supervisors per BSA requirements
  • No 1-on-1 Contact: Scouts cannot send direct messages to individual adults without additional supervision
  • Adult Visibility: Designated unit leaders can review Scout communications for safety monitoring
  • Audit Logging: All compliance actions are logged and retained for 7 years

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted over HTTPS (TLS encryption)
  • Password Security: Passwords are hashed using bcrypt (never stored in plain text)
  • Two-Factor Authentication: Optional 2FA available for all users
  • Access Controls: Role-based permissions and multi-tenant isolation
  • Security Monitoring: Automated detection of suspicious activity
  • Regular Updates: Security patches applied promptly
  • Audit Logging: Security events tracked for compliance and investigation

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your information as follows:

  • Active Accounts: Information retained while your account is active
  • Inactive Accounts: Accounts inactive for 365+ days may be archived
  • Deleted Accounts: Most data deleted within 30 days of account deletion
  • Compliance Records: BSA-related compliance logs retained for 7 years
  • Security Logs: Authentication and security events retained for 90 days
  • Email Delivery Logs: Bounce and complaint records retained for 90 days

9. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information via your account settings
  • Deletion: Request deletion of your account and personal information
  • Export: Request a portable copy of your data
  • Restriction: Request limitation on how we use your information
  • Objection: Object to certain processing of your information

To exercise these rights, contact us at privacy@scouttrax.com or through your account settings.

For Parents: If you are a parent/guardian of a Scout member, you have additional rights to review, modify, or delete your child's information.

10. Children's Privacy (COPPA Compliance)

ScoutTrax is designed for use by Boy Scouts of America units, which includes minors. We comply with the Children's Online Privacy Protection Act (COPPA):

  • We do not knowingly collect personal information from children under 13 without verifiable parental consent
  • Parent/guardian approval is required before any Scout account is activated
  • Parents can review their child's information at any time
  • Parents can request deletion of their child's information
  • We only collect information necessary for the service
  • Youth information is never shared with third parties for marketing purposes

If you believe we have inadvertently collected information from a child under 13 without proper consent, please contact us immediately at privacy@scouttrax.com.

11. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and security (JWT tokens)
  • Functional Cookies: Remember your preferences and settings
  • Analytics: Understand how you use our service (anonymized data)

We do NOT use:

  • Third-party advertising cookies
  • Tracking pixels for marketing purposes
  • Cross-site tracking

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use the service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice when you log in

Your continued use of ScoutTrax after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ScoutTrax LLC

30 N Gould St Ste N

Sheridan, WY 82801

Email: privacy@scouttrax.com

Support: support@scouttrax.com

14. Boy Scouts of America

ScoutTrax is an independent service provider and is not affiliated with, endorsed by, or sponsored by the Boy Scouts of America (BSA). We follow BSA Youth Protection policies as a best practice for safeguarding youth participants. For official BSA privacy policies, please visit www.scouting.org.

← Back to Home