Privacy Policy

PFA Cage Rentals is an internal billing tool operated by PFA Sports for tracking cage, bullpen, and weight-room rentals at the facility. The site lives at pfaengine.com. Contact for privacy questions: mdm@pfasports.com.

• Account info: your email address and display name (from Google sign-in, or what you type when requesting a magic-link login).
• Session records: the dates, times, and resources (cage / bullpen / weight room) you log lessons against.
• Audit log: a record of who created, edited, or deleted each session row — for billing-dispute investigation.
• Technical data: your IP address (used briefly to rate-limit sign-in attempts) and standard server logs (request path, response code, timestamp).

We do not collect: student names, payment card data, health information, location data, advertising IDs, or any third-party analytics.

• Authenticating you (only signed-in coaches can log sessions).
• Generating monthly billing reports for PFA Sports based on your logged sessions.
• Showing you your own session history and totals.
• Investigating billing disputes via the audit log.

We do not use your data to send marketing, sell ads, or train AI models.

We use a handful of infrastructure vendors to run the site. Each sees only the data it needs to do its job:

• Google (OAuth sign-in): receives the email address you choose to sign in with.
• Resend (transactional email): delivers magic-link sign-in emails.
• Neon (Postgres database): stores all account + session records.
• Vercel (hosting): serves the site.
• Sentry (error tracking): captures crashes; may incidentally include user IDs in stack traces.
• Upstash (rate limiting): stores email + IP rate counters for ~1 hour windows.

We do not sell your data to anyone and do not share it with third parties for their own marketing.

Session and billing records are retained for seven years after the session date, matching the IRS recommendation for retaining business tax records. Audit log entries are retained for the same window.

Sign-in sessions (the cookie that keeps you logged in) expire after 30 days. Magic-link tokens expire after 24 hours.

You can:

• Access the data we hold about you (your account info + your full session history are visible in your dashboard).
• Correct your displayed name directly from your dashboard.
• Request deletion of your account. Email mdm@pfasports.com. We'll anonymize your account and remove your displayed name from session rows within 14 days. Billing-relevant amounts and timestamps stay in our records under the retention policy above, but are no longer linked to your identity.

We set one cookie: an Auth.js session cookie that keeps you signed in. We do not use analytics cookies, advertising cookies, or any third-party tracking pixels.

We'll post any updates to this policy on this page with a new effective date. Material changes will also be announced via email to active accounts.