Privacy Policy

OnDeck Aquatics ("OnDeck Aquatics", "OnDeck", "we", "us") provides an aquatics operations platform used by aquatics directors and their staff to log chemical readings, submit incident reports, complete checklists, and maintain an auditable record of pool-deck activity. This Privacy Policy explains what information we collect, how we use it, and the choices you and your organization have.

1. Who this policy covers

This policy applies to the OnDeck marketing website and the OnDeck application. When an aquatics organization ("Customer") signs up for OnDeck, that Customer is the data controller for the operational records entered by its staff, and OnDeck is a data processor acting on the Customer's behalf. Staff and lifeguards using OnDeck on behalf of a Customer should direct questions about their records to their own organization first.

2. Information we collect

Information you provide directly

• Account and identity data — name, work email, organization, role, and (for shared-device use) an optional self-managed PIN.
• Contact form submissions — anything you send us through the marketing site contact form or by emailing us.
• Operational records — chemical readings, incident reports, checklist entries, form submissions, signatures, photos, and comments that staff submit through the app.

Information collected automatically

• Authentication metadata — when magic-link or staff-picker authentication occurs, the email address, timestamp, device type, and IP address used.
• Audit trail metadata — for every form submission we record the submitting staff member, device type, timestamp, and source IP so each entry has a verifiable owner.
• Technical logs — standard application and server logs used to operate and secure the service (e.g., error traces, request logs, rate-limit signals).

What we do not collect

• We do not sell personal information.
• We do not use third-party advertising or cross-site tracking cookies on the marketing site or in the app.
• We do not knowingly collect information from children. OnDeck is designed for adult aquatics staff; incident reports entered by staff may reference patrons (including minors), and that content is treated as the Customer's confidential operational data.

3. How we use information

We use the information described above to:

• Provide, maintain, and secure the OnDeck service for the Customer.
• Authenticate staff and tie each submission to a verified identity.
• Produce audit trails, exports, and compliance reports that Directors and Customers request.
• Respond to contact-form and support inquiries.
• Detect, investigate, and prevent abuse, fraud, or security incidents.
• Improve the product — always using the minimum data needed, and never selling or renting personal data to third parties.

4. How we share information

We share information only in these limited circumstances:

• With your organization. Directors and authorized administrators at your Customer organization can see submissions, audit trails, and user activity scoped to that organization.
• With service providers ("sub-processors") that help us run OnDeck — for example, cloud hosting, database, email delivery, and error-monitoring vendors. These providers are contractually bound to use the data only to provide their service to us.
• For legal reasons — if required by law, subpoena, or court order, or to protect the rights, property, or safety of OnDeck, our Customers, or the public.
• In a business transfer — if OnDeck is involved in a merger, acquisition, or asset sale, information may transfer subject to this policy.

5. Security

We take security seriously because accountability is the core value of the product. Protections include:

• Encryption of data in transit (TLS) and at rest.
• Magic-link authentication — no shared passwords, single-use and time-limited.
• Role-based access: Directors see everything within their organization; staff see only their own submissions.
• Per-submission audit metadata (identity, device, timestamp, IP) so entries cannot be silently altered or disowned.
• Continuous backups; no long-term local storage on shared pool-deck devices.

No system is perfectly secure. If we become aware of a security incident that affects your data, we will notify affected Customers without undue delay.

6. Data retention

Operational records are retained for as long as your organization's OnDeck subscription is active, or longer if required for health-department, insurance, or legal compliance. When a Customer ends its subscription, we will, on request, return or delete Customer data within a reasonable period, subject to any legal-hold obligations. Account and authentication logs are retained for a limited period for security and abuse-prevention purposes.

7. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict use of your personal information. Because your organization controls most of the data you enter in OnDeck, please direct these requests to your Customer's administrator first. If that isn't possible, contact us at the address below and we will assist you or forward the request to the responsible Customer.

• You can opt out of marketing emails at any time using the unsubscribe link in any message.
• You can request a copy or deletion of data you've submitted personally by emailing us.

8. Cookies and analytics

The marketing site uses only essential cookies required to serve the page and maintain security headers. The OnDeck application uses cookies and local storage strictly to keep you signed in and to remember your device-level preferences. We do not use third-party advertising or behavioral-tracking cookies.

9. International users

OnDeck is operated from the United States. If you use OnDeck from outside the U.S., your information will be transferred to and processed in the United States.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes we will notify Customers through the application or by email, and update the "Last updated" date at the top of this page. Continued use of OnDeck after an update means you accept the revised policy.

11. Contact us