Privacy Policy

Last updated: January 15, 2026

1. Introduction

ScoutTrax LLC ("ScoutTrax," "we," "us," or "our") operates the ScoutTrax troop management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting the privacy of Boy Scouts of America (BSA) units, their members, and families. This policy complies with applicable data protection laws, including the Children's Online Privacy Protection Act (COPPA) and BSA Youth Protection requirements.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name (first and last name)
  • Email address
  • Username and password (encrypted)
  • Date of birth (to verify age and BSA eligibility)
  • Phone number (optional)
  • Role (Scout, Parent/Guardian, or Adult Leader)
  • Unit affiliation (Troop number and charter organization)

2.2 Youth Member Information

For Scout members under 18 years old:

  • Parental consent is required before account activation
  • Parent/guardian email and contact information
  • Household relationship information
  • We do NOT collect personal information from children under 13 without verified parental consent per COPPA requirements

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, device information)
  • Session activity (login times, pages viewed)
  • Feature usage patterns (to improve our service)
  • Security event logs (failed login attempts, authentication events)

2.4 Information You Provide

You may voluntarily provide:

  • Profile information (advancement progress, patrol assignments)
  • Communication preferences
  • Feedback and support requests
  • Content you create within the platform

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create and manage your account, enable troop management features, facilitate communication within your unit
  • Security: Authenticate users, prevent fraud and abuse, enforce BSA Youth Protection policies, maintain audit logs
  • Communications: Send transactional emails (password resets, account notifications, parent approval requests)
  • Compliance: Meet legal obligations, respond to legal requests, enforce our Terms of Service
  • Improve Service: Analyze usage patterns, fix bugs, develop new features (anonymized data only)
  • Support: Respond to your inquiries and provide customer support

4. Email Communications

We send transactional emails that are necessary for the operation of the service:

4.1 Required Emails (Cannot Be Unsubscribed)

  • Password reset requests
  • Two-factor authentication (2FA) notifications
  • Account security alerts
  • Parent approval requests (BSA Youth Protection requirement)
  • Critical service notifications

4.2 Optional Emails (Can Be Managed in Preferences)

  • Welcome emails and onboarding tips
  • Feature announcements
  • Security recommendations (2FA setup reminders)

4.3 Email Service Provider

We use Amazon Simple Email Service (SES) to send emails. Our email practices include:

  • All emails include our physical address per CAN-SPAM Act requirements
  • Bounce handling: Invalid email addresses are immediately suppressed
  • Complaint handling: Recipients who mark emails as spam are permanently removed
  • Authentication: All emails are DKIM-signed and SPF-verified
  • Monitoring: Daily review of delivery metrics and complaint rates
  • No email list rentals or purchases
  • No marketing or promotional campaigns

4.4 Managing Email Preferences

You can manage your email preferences by:

  • Logging into your account and visiting Settings → Notifications
  • Clicking "Manage Preferences" in any non-critical email
  • Contacting support at support@scouttrax.com

5. SMS Text Messaging

ScoutTrax offers optional SMS text messaging for time-sensitive notifications. SMS is reserved for urgent communications only; routine messages are sent via email.

5.1 SMS Opt-In and Consent

SMS messaging is entirely optional. To receive SMS notifications:

  • You must explicitly opt-in by providing your mobile phone number in your account settings
  • We will send a verification code to confirm your phone number ownership
  • You must enter the verification code to activate SMS notifications
  • By completing opt-in, you consent to receive transactional SMS messages from ScoutTrax

5.2 Types of SMS Messages

We only send transactional SMS messages for:

  • Two-factor authentication codes: Verification codes for secure login
  • Urgent event notifications: Running late alerts, arrival notifications, last-minute event cancellations
  • Emergency communications: Time-sensitive safety alerts requiring immediate parent/guardian notification

We do NOT send:

  • Marketing or promotional SMS messages
  • Non-urgent announcements (these are sent via email)
  • Automated surveys or feedback requests

5.3 SMS Service Provider

We use Amazon Simple Notification Service (SNS) to send SMS messages. Your phone number is:

  • Stored securely in our database with encryption
  • Used only for sending SMS notifications you've opted into
  • Never shared with third parties for marketing purposes
  • Never sold or rented to other organizations

5.4 Message Frequency and Costs

  • Frequency: SMS volume varies based on unit activity. Typical units send 1-5 urgent messages per month
  • Costs: Message and data rates may apply depending on your mobile carrier plan. ScoutTrax does not charge for SMS messages
  • Carrier compatibility: SMS works with all major US carriers (AT&T, Verizon, T-Mobile, Sprint, etc.)

5.5 Opt-Out and Unsubscribe

You can stop receiving SMS messages at any time:

  • Reply "STOP": Text "STOP" to any SMS message from ScoutTrax to immediately unsubscribe
  • Account settings: Log into your account and disable SMS notifications in Settings → Notifications
  • Contact support: Email support@scouttrax.com to opt-out

After opting out, you will no longer receive SMS messages. You will continue to receive email notifications for all communications. You may opt back in at any time through your account settings.

5.6 Youth Protection and SMS

SMS messages follow the same BSA Youth Protection policies as all ScoutTrax communications:

  • Scout-initiated messages automatically include adult supervisors (2-deep leadership)
  • Scouts cannot send SMS to individual adults without additional supervision
  • Parent/guardian consent is required before Scouts can receive SMS notifications
  • All SMS delivery is logged for compliance and safety auditing

5.7 SMS Compliance

Our SMS practices comply with:

  • TCPA (Telephone Consumer Protection Act): We obtain express written consent before sending any SMS messages
  • CAN-SPAM Act: All messages include clear identification and opt-out instructions
  • CTIA Guidelines: We follow mobile industry best practices for SMS messaging
  • Carrier regulations: Messages are sent via registered toll-free numbers or 10DLC phone numbers

Questions about SMS? Contact us at support@scouttrax.com.

6. Information Sharing and Disclosure

6.1 Within Your Unit

Information is shared with other members of your unit according to role-based permissions:

  • Adult leaders can view roster information for their unit
  • Parents can view their own Scout's information
  • Scouts can view limited information about other scouts in their patrol/unit

6.2 Service Providers

We share information with trusted service providers who assist in operating our service:

  • Hosting: Google Cloud Platform (Cloud Run) for application hosting
  • Database: Supabase (PostgreSQL) for data storage
  • Email: Amazon Web Services (SES) for transactional email delivery
  • SMS: Amazon Web Services (SNS) for transactional SMS delivery
  • Authentication: JWT-based authentication (managed in-house)

All service providers are contractually obligated to protect your information and use it only for providing services to us.

6.3 We Do NOT Share or Sell Your Information

We never:

  • Sell personal information to third parties
  • Share information with advertisers
  • Rent or lease email lists
  • Use your information for marketing campaigns

6.4 Legal Requirements

We may disclose information if required by law, such as:

  • To comply with legal process (subpoena, court order)
  • To enforce our Terms of Service
  • To protect the rights, safety, or property of ScoutTrax, our users, or others
  • In connection with BSA Youth Protection investigations

7. BSA Youth Protection Compliance

We implement BSA Youth Protection policies in our platform:

  • Parental Consent: Scout accounts require explicit parent/guardian approval before activation
  • 2-Deep Leadership: Scout communications automatically include adult supervisors per BSA requirements
  • No 1-on-1 Contact: Scouts cannot send direct messages to individual adults without additional supervision
  • Adult Visibility: Designated unit leaders can review Scout communications for safety monitoring
  • Audit Logging: All compliance actions are logged and retained for 7 years

8. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted over HTTPS (TLS encryption)
  • Password Security: Passwords are hashed using bcrypt (never stored in plain text)
  • Two-Factor Authentication: Optional 2FA available for all users
  • Access Controls: Role-based permissions and multi-tenant isolation
  • Security Monitoring: Automated detection of suspicious activity
  • Regular Updates: Security patches applied promptly
  • Audit Logging: Security events tracked for compliance and investigation

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your information as follows:

  • Active Accounts: Information retained while your account is active
  • Inactive Accounts: Accounts inactive for 365+ days may be archived
  • Deleted Accounts: Most data deleted within 30 days of account deletion
  • Compliance Records: BSA-related compliance logs retained for 7 years
  • Security Logs: Authentication and security events retained for 90 days
  • Email Delivery Logs: Bounce and complaint records retained for 90 days
  • SMS Delivery Logs: SMS send records retained for 90 days for auditing and compliance

10. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information via your account settings
  • Deletion: Request deletion of your account and personal information
  • Export: Request a portable copy of your data
  • Restriction: Request limitation on how we use your information
  • Objection: Object to certain processing of your information

To exercise these rights, contact us at privacy@scouttrax.com or through your account settings.

For Parents: If you are a parent/guardian of a Scout member, you have additional rights to review, modify, or delete your child's information.

11. Children's Privacy (COPPA Compliance)

ScoutTrax is designed for use by Boy Scouts of America units, which includes minors. We comply with the Children's Online Privacy Protection Act (COPPA):

  • We do not knowingly collect personal information from children under 13 without verifiable parental consent
  • Parent/guardian approval is required before any Scout account is activated
  • Parents can review their child's information at any time
  • Parents can request deletion of their child's information
  • We only collect information necessary for the service
  • Youth information is never shared with third parties for marketing purposes

If you believe we have inadvertently collected information from a child under 13 without proper consent, please contact us immediately at privacy@scouttrax.com.

12. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and security (JWT tokens)
  • Functional Cookies: Remember your preferences and settings
  • Analytics: Understand how you use our service (anonymized data)

We do NOT use:

  • Third-party advertising cookies
  • Tracking pixels for marketing purposes
  • Cross-site tracking

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use the service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice when you log in

Your continued use of ScoutTrax after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ScoutTrax LLC

30 N Gould St Ste N

Sheridan, WY 82801

Email: privacy@scouttrax.com

Support: support@scouttrax.com

15. Boy Scouts of America

ScoutTrax is an independent service provider and is not affiliated with, endorsed by, or sponsored by the Boy Scouts of America (BSA). We follow BSA Youth Protection policies as a best practice for safeguarding youth participants. For official BSA privacy policies, please visit www.scouting.org.

← Back to Home