Privacy Policy

1. Introduction

Welcome to Framework NIL ("Framework," "we," "us," or "our"). This Privacy Policy describes how Victreefi LLC, doing business as Framework NIL, collects, uses, shares, and protects personal information when you use our website at frameworknil.com, our mobile applications, and related services (collectively, the "Services").

Our Services provide Name, Image, and Likeness ("NIL") compliance, education, and deal disclosure management tools for student-athletes, educational institutions, athletic departments, and businesses. We are committed to protecting the privacy of all users, particularly student-athletes who may be minors.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, phone number, date of birth, and password when you create an account.
• Profile Information: Institution affiliation, sport, position, graduation year, and other athletic information.
• Disclosure Information: Details about NIL activities, compensation arrangements, business relationships, and deal terms submitted through our disclosure forms.
• Contact Form Submissions: Name, email, institution, phone number, and any message content when you contact us.
• Guardian/Parental Information: For minor student-athletes, we may collect parent or guardian name, email, phone number, and relationship to the athlete for consent and attestation purposes.
• Business Information: Company name, legal name, EIN, contact details, address, and business category for businesses participating in NIL deals.
• Payment Information: Payment card details and billing address, which are processed by our third-party payment processors.

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type, and unique device identifiers.
• Log Data: IP address, access times, pages viewed, links clicked, and actions taken within our Services.
• Usage Information: Features used, interactions with content, session duration, and navigation patterns.
• Location Information: General geographic location based on IP address.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Educational institutions that use our Services
• Athletic conferences and governing bodies
• Identity verification services
• Publicly available sources

2.4 Information We Do Not Collect

We do not knowingly collect:

• Educational records as defined by the Family Educational Rights and Privacy Act (FERPA), unless provided by you directly
• Social Security numbers
• Biometric data
• Genetic information

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Operate, maintain, and improve our NIL compliance, education, and disclosure management platform.
• Process Disclosures: Facilitate the submission, review, and approval of NIL deal disclosures between athletes, institutions, and businesses.
• Education Delivery: Provide NIL education courses, track completion progress, and issue certifications.
• Compliance Support: Help institutions maintain compliance with NCAA, NAIA, state, and conference NIL regulations.
• Parental Consent: Facilitate consent workflows for minor student-athletes as required by applicable regulations.
• Communication: Send service-related notifications, respond to inquiries, and provide customer support.
• Security: Detect, prevent, and address fraud, unauthorized access, and other harmful activities.
• Analytics: Understand usage patterns, improve our Services, and develop new features.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Your Institution

If you are a student-athlete, your NIL disclosures, education progress, and compliance information may be shared with your institution's athletic department and compliance office as necessary for their regulatory obligations.

4.2 With Athletic Governing Bodies

We may share disclosure information with the NCAA, NAIA, state athletic associations, or conference offices as required for compliance verification and reporting.

4.3 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers (e.g., cloud infrastructure)
• Email delivery services
• Payment processors
• Analytics providers
• Customer support tools

4.4 For Legal Reasons

We may disclose information if required to do so by law, court order, or governmental authority, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or other illegal activities
• Respond to government requests

4.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity.

4.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

AI and Automated Processing

AI-Powered Features

We use artificial intelligence ("AI") and machine learning technologies to provide certain features of our Services, including:

• Contract document analysis and observation scoring
• Compliance observations and considerations
• Content summarization and categorization

Third-Party AI Providers

Documents you upload for AI analysis may be transmitted to and processed by third-party AI providers, including:

• Google (Gemini AI)
• Anthropic (Claude AI)
• Other AI service providers as we may use

These providers process your documents under their respective privacy policies and terms of service. Documents are transmitted using encryption and are processed for the purpose of generating analysis results.

Data Retention by AI Providers

Third-party AI providers may temporarily retain your documents for processing purposes. We do not control data retention practices of third-party AI providers. Please review their privacy policies for more information:

• Google Privacy Policy
• Anthropic Privacy Policy

AI Processing Opt-Out

You may choose not to use AI-powered features. If you prefer not to have your documents processed by AI, do not upload them to AI analysis tools. Alternative non-AI compliance tools are available within our Services.

Automated Decision-Making

AI Features assist users with informational analysis but do not make automated decisions that produce legal effects. Disclosure approval and compliance determinations are made by institution compliance personnel, not by AI.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Services.

5.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly, including authentication and security.
• Functional Cookies: Remember your preferences and settings to enhance your experience.
• Analytics Cookies: Help us understand how users interact with our Services so we can improve them.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

5.2 Third-Party Analytics

We use Google Analytics and Google Tag Manager to analyze usage of our Services. These services may collect information about your use of our Services and other websites. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.3 Your Cookie Choices

Most web browsers accept cookies by default. You can usually modify your browser settings to decline cookies or alert you when cookies are being sent. Please note that some features of our Services may not function properly without cookies.

5.4 Do Not Track

Our Services do not currently respond to "Do Not Track" signals from web browsers. However, you can manage your tracking preferences through your browser settings and the opt-out mechanisms described above.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations and regulatory requirements
• Fulfill the purposes described in this Privacy Policy
• Resolve disputes and enforce our agreements

NIL disclosure records and compliance documentation may be retained for extended periods as required by athletic governing bodies, state regulations, or institutional policies. Audit logs and compliance records are typically retained for a minimum of seven (7) years to support regulatory compliance and institutional record-keeping requirements.

When we no longer need your personal information, we will securely delete or anonymize it in accordance with applicable laws and our data retention policies.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure server infrastructure with access controls
• Regular security assessments and monitoring
• Employee training on data protection practices
• Limited access to personal information on a need-to-know basis

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing industry-standard protections.

8. Children's Privacy

Our Services are designed to support student-athletes, including those who may be minors (under 18 years of age). We take special precautions to protect the privacy of minor users.

8.1 Users Under 13

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will delete that information promptly.

8.2 Minor Student-Athletes (Ages 13-17)

For student-athletes between 13 and 17 years of age, we implement the following protections:

• Parental Consent: NIL disclosures from minors require parental or guardian consent and attestation before being processed.
• Limited Data Collection: We collect only the information necessary to provide our Services and facilitate compliance.
• Institutional Oversight: Minor athletes typically access our Services through their institution, which maintains oversight of their accounts.
• No Direct Marketing: We do not send marketing communications directly to users we know to be minors.

8.3 Parental Rights

Parents and guardians of minor users may:

• Review the personal information we have collected about their child
• Request deletion of their child's personal information
• Refuse to permit further collection or use of their child's information
• Withdraw consent previously provided

To exercise these rights, please contact us at privacy@frameworknil.com.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal information.
• Deletion: Request that we delete your personal information, subject to certain exceptions.
• Portability: Request a portable copy of your personal information in a structured, commonly used format.
• Opt-Out: Opt out of certain processing activities, such as marketing communications.
• Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@frameworknil.com. We will respond to your request within 30 days or as required by applicable law.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.

10.1 Your California Rights

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Framework does not sell personal information.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide our Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.2 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, phone number, IP address)
• Personal information under Cal. Civ. Code 1798.80(e) (name, address, phone number)
• Protected classification characteristics (age, date of birth)
• Commercial information (transaction history, service usage)
• Internet or electronic network activity (browsing history, interactions with our Services)
• Geolocation data (general location based on IP address)
• Professional or employment-related information (institution affiliation, athletic information)
• Education information (institution, graduation year)
• Inferences drawn from the above

10.3 How to Exercise Your California Rights

To submit a request, please:

• Email us at privacy@frameworknil.com with the subject line "California Privacy Request"
• Call us at (205) 253-3113
• Visit our Do Not Sell or Share My Personal Information page

We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

10.4 California Shine the Light

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As noted above, we do not share personal information with third parties for their direct marketing purposes.

11. International Data Transfers

Our Services are operated in the United States. If you are located outside of the United States, please be aware that information you provide to us will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our Services, you consent to the transfer of your information to the United States. We will take appropriate measures to ensure that your personal information remains protected in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email (for account holders) or by posting a prominent notice on our Services
• Obtain consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For California residents: Under California Civil Code Section 1789.3, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (800) 952-5210.