Privacy Policy
Effective Date: May 2, 2026
This Privacy Policy describes how Avenue 1 ("we," "us," or "our") collects, uses, and shares information when you visit avenue-1.com or use our Service. By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
This Privacy Policy is incorporated into and forms part of our Terms of Service.
1. Information We Collect
1.1 Information You Provide
We collect information you provide directly when you:
- Create an account. We use Clerk to handle authentication. When you sign up, you provide an email address and may provide a name, profile image, or other information through Clerk. Some of this information is stored by Clerk on our behalf, and we receive a stable identifier (a "Clerk user ID") that we associate with your account in our database.
- Subscribe to a paid tier. When you purchase a Coach Paid or Hiring Seat subscription, you provide payment information directly to Stripe. We do not see, store, or process your full card number — Stripe sends us a customer reference and a record of your subscription status.
- Submit a profile-update request, contact support, or join a waitlist. When you fill out a form, we collect the information you submit, including any text, links, file attachments, and contact information you provide.
- Activate demo mode. Demo mode does not require account registration. We do not collect identifying information about demo users beyond the technical request data described in Section 1.3.
1.2 Information Generated by Your Use of the Service
We collect information about how you interact with the Service, including:
- Saved coaches and other account-state data. If you save coaches, view dossiers, or use other authenticated features, we record those actions to operate the feature.
- Profile-view audit log. We record requests to coach profiles, school pages, and similar high-value endpoints in a server-side audit log (the "profile view log"). The log includes the requested resource, the response status, the time of the request, your trusted client IP address, your user agent, the source of the request (e.g., our web app), and — for signed-in users — your Clerk user ID. We use this log to detect unauthorized data extraction (scraping), to investigate security incidents, and to tune access limits. The log is not used for advertising or sold to third parties.
- Rate-limit signals. We maintain in-memory counters of request volume, keyed by user or IP, to enforce per-account rate limits described in our Terms of Service.
- Product analytics. We use PostHog to understand how the Service is used. We capture pageviews, navigation patterns, and product events such as searches, profile views, premium-gate interactions, save actions, and waitlist actions. We send derived metadata (for example, the length of a search query and the number of results) rather than the raw text of your search where possible. PostHog also stores a session-replay recording of your interactions with non-private surfaces; recordings of authentication, account, admin, demo, and waitlist surfaces are masked or excluded. Demo users are tracked anonymously and are not identified as real PostHog users.
1.3 Technical Information Collected Automatically
When you use the Service, we automatically receive:
- IP address (resolved from a trusted platform header so spoofed values are not stored)
- Browser type, language, and operating system
- Device type and screen dimensions
- Referring page and exit page
- Date and time of each request
- Request identifiers used for diagnostics
We also receive technical information through cookies and similar technologies as described in Section 3.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate you, manage your account, and enforce subscription entitlements
- Process payments and manage subscription lifecycle events
- Personalize the Service and remember your preferences
- Detect, investigate, and prevent fraud, scraping, abuse, and security incidents
- Tune access limits, prevent overload, and maintain reliability
- Communicate with you about your account, transactions, security, and Service changes
- Respond to your support requests and profile-update submissions
- Conduct product research and analytics to improve the Service
- Comply with legal obligations and enforce our Terms of Service
We do not sell your personal information.
3. Cookies and Similar Technologies
We and our third-party providers use cookies, local storage, and similar technologies for purposes including:
- Authentication. Clerk uses cookies to keep you signed in across requests.
- Preferences. We may store small amounts of data in your browser to remember UI preferences.
- Analytics and replay. PostHog uses cookies and local storage to associate events from the same browsing session and to support session replay.
- Demo mode. We use a short-lived token to grant temporary read access without identifying you.
You can control cookies through your browser settings. If you block cookies that are required for authentication, parts of the Service that require sign-in will not function.
We respect the Do Not Track browser signal: when DNT is enabled, our analytics integration will not capture events.
4. How We Share Information
We share information only as described below:
- With third-party processors who provide services on our behalf. See Section 5.
- With other users, where you choose to share. Most account features are private. If we add features that allow you to interact with other users (for example, a public profile or messaging), the Service will indicate clearly when something is visible to others.
- For legal reasons. We may disclose information if we believe in good faith that disclosure is necessary to comply with legal process, respond to government requests, enforce our Terms of Service, protect rights or safety, or prevent fraud or harm.
- In connection with a business transaction. If we are involved in a merger, acquisition, financing, sale of assets, or similar transaction, information may be transferred as part of that transaction. We will give notice before your information becomes subject to a different privacy policy.
- With your consent. We may share information with third parties where you have given us specific permission to do so.
We do not sell or rent your personal information.
5. Third-Party Processors
We use the following service providers to operate the Service. Each processes information on our behalf and is bound by appropriate data-protection obligations:
| Processor | Purpose | Privacy Policy |
|---|---|---|
| Clerk | Authentication, identity, and session management | https://clerk.com/legal/privacy |
| Stripe | Payment processing and subscription billing | https://stripe.com/privacy |
| PostHog | Product analytics and session replay | https://posthog.com/privacy |
| Vercel | Frontend hosting, edge delivery, build pipeline | https://vercel.com/legal/privacy-policy |
| Fly.io | API server hosting and runtime | https://fly.io/legal/privacy-policy |
| Turso (libSQL) | Primary database | https://turso.tech/privacy-policy |
| Cloudflare R2 | Object storage and backups | https://www.cloudflare.com/privacypolicy |
| Doppler | Secrets management | https://www.doppler.com/privacy |
This list reflects current providers and may change as we add or replace services. We will update this Privacy Policy when material changes occur.
6. Data Retention
We retain information for as long as needed to operate the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
- Account information is retained while your account is active. After you close your account, we may retain certain information (for example, billing records, audit logs, and communications) for a reasonable period to comply with legal and operational requirements.
- Profile-view audit logs are currently retained without a fixed deletion window. We expect to introduce summarization and pruning of older raw entries in the future and will update this Privacy Policy when we do.
- Product analytics are retained according to PostHog's standard retention.
- Backups are retained for short windows so we can restore the Service after operational incidents.
You may request deletion of your account and personal information as described in Section 8.
7. Security
We use industry-standard administrative, technical, and physical safeguards to protect information in our care. These include encrypted transport (HTTPS), authenticated database access, secrets management through Doppler, principle-of-least-privilege access controls, and regular monitoring.
No method of transmission or storage is perfectly secure. We cannot guarantee absolute security and you use the Service at your own risk. If we become aware of a security incident that affects your information, we will notify you as required by law.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your information, subject to exceptions for legal compliance, security, and dispute resolution
- Export your information in a portable format
- Object to or restrict certain types of processing
- Withdraw consent where we rely on consent as the legal basis
- Lodge a complaint with a data-protection authority in your jurisdiction
You can manage many aspects of your account directly from your account page. To exercise other rights, contact us at privacy@avenue-1.com. We will respond within the timeframe required by applicable law.
We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.
9. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@avenue-1.com and we will delete the information.
For users between 13 and the age of majority in their jurisdiction, the Service should be used only with the consent of a parent or legal guardian.
10. International Users
The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, processed, and stored in the United States, where data-protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer and processing of information in the United States.
We rely on appropriate safeguards (such as standard contractual clauses) for international transfers where required by law.
11. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information. These include the rights to know, delete, correct, opt out of the sale or sharing of personal information, and limit the use of sensitive personal information.
We do not sell your personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
To exercise your rights, contact privacy@avenue-1.com.
12. European Economic Area, United Kingdom, and Switzerland
If you are in the EEA, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or analogous laws apply to processing of your personal information. The legal bases on which we rely include:
- Performance of a contract (to operate your account and deliver subscription features)
- Legitimate interests (to secure the Service, prevent fraud and abuse, conduct product analytics in a privacy-respectful way, and improve the Service)
- Consent (where you have given us specific permission, for example for certain analytics or communications)
- Compliance with legal obligations
You have the rights described in Section 8, including the right to lodge a complaint with your local data-protection authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective Date" at the top reflects the most recent revision. For material changes, we will provide reasonable notice — for example, by email or by posting a notice within the Service — before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance.
14. Contact
For privacy questions, requests to exercise your rights, or concerns about this Policy, contact:
Email: privacy@avenue-1.com