Montana Fouts Pitching Retreat — Privacy Policy

Last updated: May 14, 2026 Effective immediately upon acceptance at registration.

Be The Blessing ("we," "us," or "Be The Blessing") operates the Montana Fouts Pitching Retreat ("Retreat"). We take the privacy of parents, guardians, and athletes seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the choices and rights you have.

This Privacy Policy is incorporated into and forms part of our Terms & Conditions. Capitalized terms used but not defined here have the meanings given in the Terms & Conditions.

PARENTS, READ CAREFULLY — ESPECIALLY IF YOUR ATHLETE IS UNDER 13. This Policy contains specific provisions, including Enhanced Parental Notice under the Children's Online Privacy Protection Act ("COPPA"), about how we collect and use personal information from children under the age of 13.

1. Scope

This Privacy Policy applies to information we collect:

through our websites at montanafouts.com and any related subdomains,
through our registration, payment, OTP verification, and check-in flows,
by email, SMS, and phone,
in person at any Retreat venue, and
through our photo, video, and audio capture during the Retreat.

It does not apply to third-party websites, services, or platforms that we link to or that you visit independently. Those are governed by their own privacy policies.

2. Who Is the Data Controller

Be The Blessing Email for privacy requests: pitchingretreats@montanafouts.com Web: https://montanafouts.com

3. Information We Collect

3.1 Information you provide

Parent / Guardian identifiers: name, email, phone number, billing address.
Athlete identifiers: name, age or date of birth, position (pitcher/catcher), home city/state, club or high-school team, jersey number.
Athlete background and goals: biggest challenge, dream outcome, and other narrative responses you submit during registration.
Health and safety information: allergies, medications, prior injuries, medical conditions, dietary or accommodation requests.
Payment information: card details are collected and processed directly by Stripe; we receive only a transaction confirmation, last-four card digits, and a Stripe customer/session ID. We do not store full card numbers.
Communications consent: SMS opt-in confirmation and timestamps.
Account and event records: registration ID, QR-code check-in token, check-in time, re-engagement step.
Waitlist records: parent and athlete identifiers submitted to join a waitlist for a sold-out Retreat city, the city/event waitlisted for, position in queue, and outcome (converted, expired, declined).
Transfer and release records: record of any Friend Transfer initiated, the email of the replacement family (where they completed registration), released-spot status, and whether the released spot was filled.
Store credit balances: credit amount, issuance date, expiration date, redemption status — recorded against your registration email.

3.2 Information collected automatically

Device and usage data: IP address, browser type and version, operating system, referring/exit pages, pages viewed, timestamps.
Cookies and similar technologies: session cookies, analytics cookies (e.g., for traffic measurement), and functional cookies. You may control cookies via your browser settings; disabling them may impair functionality.

3.3 Information collected at the Retreat

Photographs, video, audio, and livestream recordings of you, the Athlete, and other attendees.
Athlete performance and biometric data captured during instruction or video analysis (e.g., velocity, mechanics annotations).
Check-in data (QR scan, time of check-in).
Incident or injury reports, if applicable.

3.4 Sensitive categories

We do not knowingly collect Social Security numbers, financial-account credentials, government-ID numbers (beyond what Stripe may collect for fraud prevention), or biometric identifiers used for identification (such as facial recognition). The performance/mechanics video we capture is used for athletic instruction and promotion, not for biometric identification.

4. How We Use Information

We use the information described above to:

(a) operate the Retreat (eligibility screening, registration, payment, scheduling, check-in, supervision, safety);
(b) communicate with you (confirmation, OTP verification, reminders, schedule updates, re-engagement, post-event follow-up);
(c) capture, edit, host, and distribute Media of the Retreat for advertising, marketing, social media, broadcast, instructional content, and other commercial use under the license you grant in Section 9 of the Terms & Conditions;
(d) provide athletic instruction and personalized feedback;
(e) maintain safety, comply with Safe Sport and MAAPP obligations, prepare incident reports, and respond to emergencies;
(f) prevent fraud, abuse, and illegal activity, and to enforce our Terms & Conditions;
(g) comply with legal obligations (including COPPA, CAN-SPAM, TCPA, and mandatory-reporting laws);
(h) measure and improve our website, marketing, and event operations.

We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising.

5. Lawful Bases (where applicable)

For visitors and residents of jurisdictions that require a lawful basis (e.g., GDPR), we rely on:

Contract — to perform the registration and deliver the Retreat;
Consent — for marketing communications, optional cookies, public social-media posting of Athletes under 13, and Media use;
Legitimate interests — to operate our business, secure our services, and prevent fraud, in a manner that does not override your rights;
Legal obligation — to comply with applicable laws.

6. How We Share Information

We share information only as described below.

6.1 Service providers (processors)

We share information with vendors who perform services on our behalf, under written agreements that restrict their use of the information to providing services to us:

Vendor	Purpose	Categories of data
Stripe	Payment processing	Name, email, billing data, card details (collected directly by Stripe), transaction metadata
Twilio	SMS, OTP verification	Phone, OTP codes, message logs, consent timestamps
SendGrid	Transactional email	Name, email, message content/metadata
Airtable	Registration database	Identifiers, registration data, payment status, check-in token
Vercel	Web and server hosting	All data passing through our application, server logs, IP
Webflow	Landing-page hosting	Page visit data, form submissions, cookies
Photo/video contractors	Capture and editing of Media	Audio-visual recordings, mechanics video

6.2 Social-media platforms

We post Media on platforms including Instagram, TikTok, YouTube, Facebook, X, Threads, and Pinterest. Once posted, those platforms' privacy policies apply to that content. For Athletes under 13, separate parental opt-in is required before public posting on any of these platforms (see Section 8).

6.3 Legal & safety

We may disclose information when we believe in good faith that disclosure is required or appropriate to:

comply with a subpoena, court order, or legal process;
respond to lawful requests from law-enforcement or regulatory authorities, including mandatory reporting of suspected child abuse under the Federal Safe Sport Act and state mandatory-reporter laws;
protect the safety, rights, or property of any person;
enforce our Terms & Conditions or investigate suspected fraud.

6.4 Business transfers

If Be The Blessing is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections and, where applicable, your consent.

7. Cookies & Tracking

Our website uses cookies and similar technologies for essential site function, analytics, and (where applicable) limited advertising measurement. You can:

adjust cookie settings in your browser to refuse some or all cookies;
opt out of analytics by using browser controls or extensions;
contact us at pitchingretreats@montanafouts.com to ask about specific technologies in use.

Disabling essential cookies may prevent registration or check-in from functioning correctly.

8. Children Under 13 — COPPA Enhanced Parental Notice

This Section is our Enhanced Parental Notice under 16 C.F.R. Part 312 (the FTC's COPPA Rule, as amended effective April 22, 2026).

8.1 What we collect from or about children under 13

The categories listed in Section 3 (above), to the extent they pertain to an Athlete under 13.
"Identifiable media" within the meaning of COPPA — namely, photographs, video, and audio recordings containing the under-13 Athlete's image or voice, plus performance/mechanics video.
Persistent identifiers associated with the Athlete's interaction with our site (where applicable), such as IP address, device identifier, and cookies.

8.2 How we use it

To register, schedule, supervise, and instruct the Athlete;
To communicate with the Parent (not with the under-13 Athlete directly);
To produce Media for marketing and promotion, only after obtaining the Parent's separate, verifiable opt-in for public posting (see Section 8.5);
To comply with legal obligations and protect safety.

8.3 Categories of third parties who receive information

Service providers: Stripe, Twilio, SendGrid, Airtable, Vercel, Webflow, and contracted photo/video producers — each under written contracts restricting use.
Social-media platforms (only with separate Parent opt-in): Instagram, TikTok, YouTube, Facebook, X, Threads, Pinterest.
Authorities, where legally required (mandatory reporting, subpoena, court order).
Ad networks / cross-context behavioral advertisers: NONE. We do not disclose information of children under 13 to ad networks for behavioral advertising.

8.4 Verifiable Parental Consent ("VPC")

Before we collect personal information from or about an Athlete under 13, we obtain verifiable parental consent using one or more FTC-approved methods, which may include:

a credit-card or debit-card transaction in connection with registration (where the transaction provides notification);
a signed consent form returned by upload, email, or fax;
a knowledge-based authentication step at the parental identity-verification screen;
a video-conference verification with trained staff, where applicable.

We do not rely on a single generalized signature to satisfy multiple consents. VPC for internal data processing is obtained separately from the additional opt-in described in Section 8.5.

8.5 Separate opt-in for public posting of Athletes under 13

We will not publicly post the image, video, or voice of an Athlete under 13 on any public social-media platform unless we have a separate, distinct, affirmative parental opt-in for that public disclosure. You may grant or refuse this opt-in at registration. Refusing this opt-in does not affect your Athlete's ability to participate, but the Athlete may still appear in non-public internal records and in incidental background footage in venue.

8.6 Retention and deletion of children's media and data

For Athletes under 13, we apply the following data-retention schedule:

Data category	Retention period
Registration record and contact info	24 months after the last Retreat the Athlete attended, then deleted or de-identified
Health & accommodation info	Deleted within 90 days of the Retreat unless required for an incident report
Payment metadata	7 years for tax/accounting (Stripe retains card data per its own policy)
OTP & SMS logs	12 months
Identifiable Media used in active marketing	While in active use; reviewed annually; deleted when the asset is no longer needed for the business purpose for which consent was obtained
Identifiable Media not in active use	Deleted or de-identified within 24 months of capture
Incident reports	7 years (or longer if required by law)
Waitlist records (joined a waitlist but did not convert)	Deleted within 12 months of waitlist entry
Friend Transfer and Release records	Deleted within 24 months of the related Retreat
Store credit balances	Retained until the credit is redeemed or expires (max 12 months from issuance), then deleted with a small audit-trail record kept per Section 9

When a retention period ends, we securely and permanently delete or de-identify the data, including from backups on the schedule on which backups rotate.

8.7 Parental rights (children under 13)

At any time, the Parent of an Athlete under 13 may:

review the personal information we have collected about the Athlete;
request deletion of that information;
refuse further collection or use, which may require us to withdraw the Athlete from the Retreat;
withdraw consent to any specific use (e.g., public posting).

To exercise these rights, email pitchingretreats@montanafouts.com from the email associated with the Parent's registration. We will verify your identity before acting.

8.8 Children's data security program

We maintain a written children's data security program consistent with COPPA's information-security requirements. It includes:

access controls limiting under-13 data to authorized staff and contractors with a documented business need;
transport encryption (TLS) for all data in transit and at-rest encryption for sensitive fields in our hosted databases;
vendor diligence and written data-protection agreements with all processors;
a written breach-response plan, with FTC and state attorney-general notification protocols where required.

9. Data Retention (All Athletes)

For Athletes age 13 and older, we generally apply the same retention schedule shown in Section 8.6, except that the under-13–specific deletion timelines do not apply by force of COPPA. We will, however, delete or de-identify personal information when it is no longer needed for the business purpose for which it was collected, unless we are required to retain it for a longer period by law (tax, employment, litigation hold, etc.).

You may request deletion at any time by emailing pitchingretreats@montanafouts.com. Some information may be retained in archival or backup systems for a limited period before deletion completes.

10. Data Security & Breach Notification

10.1 Safeguards. We use commercially reasonable administrative, technical, and physical safeguards to protect personal information against loss, theft, misuse, unauthorized access, disclosure, and alteration. These include TLS transport encryption, at-rest encryption for sensitive fields, role-based access controls, vendor-diligence agreements, regular security review, and a written incident-response plan.

10.2 No system is perfect. Despite reasonable safeguards, no system is fully secure.

10.3 Breach notification. If we become aware of a security incident that has resulted in, or is reasonably likely to result in, unauthorized acquisition, access, use, or disclosure of personal information, we will:

(a) Notify affected parents without unreasonable delay, and in any event within the timeframe required by applicable state law (typically 30 to 60 days);
(b) Notify the appropriate state attorneys general and other regulators where required by law;
(c) Notify the Federal Trade Commission if the breach involves a child under 13 and is of a type that triggers COPPA notification;
(d) Describe the categories of information affected, the date or estimated date range of the breach, the remediation steps taken, and how affected individuals can protect themselves; and
(e) Offer credit-monitoring or identity-protection services where appropriate and required by law.

11. Your Rights & Choices

Subject to applicable law, you may have the right to:

Access the personal information we hold about you and your Athlete;
Correct inaccurate or incomplete information;
Delete personal information (subject to legal-retention exceptions in Section 9);
Withdraw consent to marketing communications or to specific uses of Media;
Opt out of SMS marketing (reply STOP) and email marketing (use the unsubscribe link);
Receive a copy of your information in a portable format (data portability, in some jurisdictions);
Opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising, but we honor the right);
Limit the use and disclosure of sensitive personal information (where applicable under California law);
Not be discriminated against for exercising your privacy rights.

State-specific rights

California (CCPA/CPRA): the rights to know, delete, correct, portability, opt out of sale/sharing, limit use of sensitive PI, and non-retaliation. We do not sell personal information. We do not knowingly engage in cross-context behavioral advertising of any individual under 16.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other states with comprehensive privacy laws: equivalent rights as adopted in each state's statute, including the right to appeal a denied request.
Other states with breach-notification, data-broker registration, or sensitive-data laws: we comply as applicable.

Authorized agents

Where state law permits, you may submit a request through an authorized agent. We will verify both the agent's authority and your identity before acting.

Global Privacy Control

We respect the Global Privacy Control ("GPC") signal sent by some browsers and extensions and treat it as a valid opt-out of the "sale" or "sharing" of personal information for users in jurisdictions that recognize GPC.

How to exercise your rights

Email pitchingretreats@montanafouts.com from the email associated with your registration, with the subject line "PRIVACY REQUEST" and a description of what you are asking for. We will:

Acknowledge your request within 10 business days;
Verify your identity (or that of the Athlete you are inquiring about, if applicable);
Substantively respond within 45 days (extendable once by an additional 45 days if reasonably necessary, with notice to you).

Requests are free. We may charge a reasonable fee for repeated, excessive, or manifestly unfounded requests, as permitted by law.

12. Marketing Communications

Email: every marketing email contains an unsubscribe link.
SMS: reply STOP to opt out of marketing messages; transactional messages required to deliver the Retreat (OTP, payment, check-in) may continue.
Phone: if applicable, you may opt out by emailing us or stating your preference during a call.

13. Do Not Track & Global Privacy Control

13.1 DNT. Some browsers transmit a "Do Not Track" signal. Because no consistent DNT standard has emerged, we currently do not respond to DNT signals in a uniform way.

13.2 GPC. We honor the Global Privacy Control signal as a valid opt-out of "sale" or "sharing" of personal information in jurisdictions that recognize GPC (see Section 11).

13.3 No cross-context behavioral advertising of children under 16. We do not knowingly engage in cross-context behavioral advertising of any individual we know or have reason to believe is under 16, regardless of any other signal.

14. International Transfers

We are based in the United States. If you access the Retreat or our website from outside the United States, your information will be transferred to and processed in the United States and may be processed in other countries where our service providers operate. By using our services or registering for the Retreat, you consent to such transfers.

15. Third-Party Links

Our website and emails may include links to third-party sites (e.g., social-media platforms, vendor partners). We are not responsible for the privacy practices of those sites. Review their policies before submitting information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date reflects the current version. Material changes that affect how we handle previously collected information will be communicated by email. Continued use of our services after notice constitutes acceptance.

17. Contact Us

Be The Blessing Privacy inquiries: pitchingretreats@montanafouts.com Web: https://montanafouts.com

For COPPA-specific concerns about a child's information that have not been resolved by us, you may contact the Federal Trade Commission at https://reportfraud.ftc.gov or the relevant state attorney general.