Skip to content

Legal

Privacy Policy

Last updated: 2 May 2026

VeriScout ApS (“VeriScout”, “we”, “us” or “our”) operates the VeriScout platform — a European scouting database used by US college soccer programs to identify and evaluate prospective student-athletes (the “Service”). This Privacy Policy explains what personal data we process, why we process it, who we share it with, and the rights you have over that data.

This Policy applies to:

  • visitors to veri-scout.com and any subdomains we operate;
  • staff at college soccer programs and other organisations who use the Service (“Customer Users”); and
  • the football players whose information appears in the Service (“Players”).

If you have any questions about this Policy or how we handle personal data, contact us at Hello@veri-scout.com.

A short, plain-language summary written for Players (and their parents or guardians) is also available at Notice to Players.

1. Who is the data controller?

VeriScout ApS is the controller of personal data processed through the Service.

  • Legal entity: VeriScout ApS
  • CVR number: 46154223
  • Registered address: Fogedvænget 98, 8722 Hedensted, Denmark
  • Email: Hello@veri-scout.com

We have not appointed a Data Protection Officer because we are not legally required to do so. You can reach the people responsible for privacy at the email address above.

2. The data we process

We process different categories of personal data depending on whether you are a Customer User, a Player, or a website visitor.

2.1 Customer Users (college staff and similar)

When a college subscribes to the Service, we process personal data about the people from that college who use it. This typically includes:

  • name, work email address, job title and the college you represent;
  • account credentials and authentication metadata (for example, login timestamps, IP address used to log in, and the session token stored as a cookie in your browser);
  • communications you send to us (for example, support requests and replies); and
  • billing contact details and invoice records (we do not collect or store payment card numbers — see Section 7).

We collect this data directly from you or from the person at your organisation who set up your account.

2.2 Players

VeriScout's database contains information about football players who may be of interest to college recruiters. We only include information about Players that is already publicly available. Typical fields include:

  • name, date of birth, nationality and primary playing position;
  • current and previous teams and competitions where this is publicly known;
  • match and performance information (appearances, minutes, goals, assists, etc.) drawn from publicly accessible information; and
  • publicly published video clips or screenshots, where available.

We do not collect financial information, government identifiers, health records, or any other data about Players that is not publicly available.

Players do not have user accounts on the Service and do not log in. Players are data subjects whose information is processed so that Customer Users can evaluate them for college recruitment purposes.

Because Player data is collected from sources other than the Player themselves, this Policy — together with our Notice to Players — serves as our notice to Players under Article 14 of the GDPR. Players, parents and guardians can use the contact details in Section 14 to exercise the rights described in Section 9, including the right to object to our processing and have a Player profile removed.

2.3 Website visitors

When you visit veri-scout.com without logging in, our hosting provider records standard server logs (IP address, user-agent string, requested URL and timestamp) for a short period for security and abuse-prevention purposes. The public pages of veri-scout.com do not load Google Analytics, Meta Pixel, LinkedIn Insight, Hotjar, or any other third-party analytics or advertising trackers. See our Cookie Policy for details.

3. Special protection for Players under 18

Some Players in our database are under 18. We are aware that processing data about minors requires extra care, even where the data is publicly available, and we apply the following additional safeguards:

  • we limit the data we hold about Players under 18 to information directly relevant to college recruiting (for example, team and competition records, match statistics and position) and exclude content that is not necessary for that purpose;
  • access to the Service is restricted to verified Customer Users at recognised college programs and similar organisations — the database is not publicly searchable;
  • if a Player or a Player's parent or legal guardian asks us to remove a Player under 18 from the database, we will honour that request promptly without requiring justification (see Section 9); and
  • we do not knowingly market to children, and we do not collect data directly from children through the Service.

If you are a parent or guardian of a Player and want their data reviewed or removed, contact Hello@veri-scout.com.

4. How we use personal data

We use personal data for the following purposes:

PurposeData used
Operating the Service (running the database, search, profile views, etc.)Customer User account data; Player data
Authenticating Customer Users and keeping accounts secureAccount credentials, login metadata
Providing customer support and responding to messagesCustomer User contact data, communications
Billing and invoicing subscribed organisationsCustomer User billing contacts
Improving the Service (debugging, fixing errors, evaluating database coverage)Server logs, aggregated usage data
Complying with legal obligations (for example, accounting and tax law)Billing records
Investigating misuse, fraud, or breach of our TermsAccount, log and Service data as needed

We do not sell personal data, and we do not use Player or Customer User data to target advertising.

5. Legal bases under the GDPR

For each purpose listed above, we rely on one or more of the following legal bases under Article 6 of the General Data Protection Regulation:

  • Performance of a contract (Art. 6(1)(b)): to provide the Service to subscribed organisations, manage Customer User accounts and process payments.
  • Legitimate interests (Art. 6(1)(f)): to operate the database of Players, secure the Service, prevent fraud and abuse, and improve the Service. Our legitimate interest is operating a B2B scouting tool that helps college programs evaluate prospective student-athletes from publicly reported information; we have weighed this against the rights and reasonable expectations of Players and applied the safeguards described in Sections 2 and 3.
  • Compliance with a legal obligation (Art. 6(1)(c)): to keep accounting records and respond to lawful requests from authorities.

Because we rely on legitimate interests for processing Player data, every Player has the right to object to that processing. Section 9 explains how.

6. Sources of Player data

All Player data in the Service comes from publicly accessible information — that is, information that is already published online and can be read without a login or paywall — together with notes that Customer Users add to a Player's profile (for example, observations from a match they have personally watched).

We do not buy Player data from data brokers, we do not access information that is behind a login or paywall, and we do not disclose specific upstream providers.

7. Who we share data with

We share personal data only with:

  • Customer Users: Player data is, by design, made available to verified Customer Users for recruiting purposes. Customer User account data is shared internally within their college organisation.
  • Service providers (subprocessors): companies that help us run the Service. They process personal data on our instructions and under written data-processing agreements. The current key subprocessors are:
    • Amazon Web Services EMEA SARL — cloud hosting and storage (region: Frankfurt, Germany).
    • Google Ireland Limited (Google Workspace) — operating Hello@veri-scout.com and sending account, support and transactional email.
    • Stripe Payments Europe, Limited — issuing invoices and processing payment of subscription fees (we do not store full card numbers; Stripe handles them under PCI DSS).
  • Professional advisers: our accountants, auditors and lawyers, where reasonably necessary and bound by confidentiality.
  • Public authorities: where we are required to share data by law, court order or a binding regulatory request.

The current subprocessor list is published at /subprocessors. We will notify subscribed Customers by email at least 30 days before adding or replacing a subprocessor that processes Customer User or Player personal data, and Customers may object on reasonable data-protection grounds as set out in our Data Processing Agreement.

We do not sell personal data, and we do not “share” personal data for cross-context behavioural advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

8. International transfers

The Service is hosted in the European Union (AWS, Frankfurt). When we share data with our customers — US college soccer programs — that data is transferred from the EU to the United States. Our subprocessors Google and Stripe also operate group entities in the United States.

We rely on the following transfer mechanisms under Chapter V of the GDPR:

  • the EU–US Data Privacy Framework where the receiving organisation is certified under it; and
  • the European Commission's Standard Contractual Clauses (Decision 2021/914) where the receiving organisation is not certified under the Data Privacy Framework, supplemented by appropriate technical and organisational safeguards.

You can ask for a copy of the safeguards we use for any specific transfer by emailing Hello@veri-scout.com.

9. Your rights

9.1 Rights under the GDPR

If you are in the European Economic Area or the United Kingdom, you have the following rights in respect of your personal data:

  • the right to be informed about how we process your data (this Policy);
  • the right of access to the personal data we hold about you;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure (“right to be forgotten”);
  • the right to restrict processing in certain circumstances;
  • the right to data portability for data you have provided to us;
  • the right to object to processing carried out on the basis of legitimate interests — including our processing of Player data; and
  • the right to lodge a complaint with a data protection authority (in Denmark, Datatilsynet — datatilsynet.dk).

9.2 Rights for California residents (CCPA/CPRA)

If you are a California resident, you have the right to (a) know what categories and specific pieces of personal information we have collected about you, (b) have that information deleted, (c) correct inaccurate information, and (d) limit the use of any “sensitive personal information.” We do not sell or share personal information for cross-context behavioural advertising and we do not discriminate against people who exercise these rights.

9.3 How to exercise your rights

To exercise any of these rights, email Hello@veri-scout.com. We may need to verify your identity (or, for parents acting on behalf of a child, your relationship to the child) before responding. We will reply within one month of receiving a verifiable request, or sooner where the law requires it.

If you ask us to remove a Player from the database, we will do so promptly and confirm the deletion by email.

10. How long we keep data

  • Customer User account data — for as long as the account is active, plus up to 90 days after deactivation to allow for reactivation, then deleted.
  • Billing and accounting records — for 5 years from the end of the relevant financial year, as required by Danish bookkeeping law.
  • Player data — for as long as it remains relevant to college recruiting and the source remains publicly available. We periodically review profiles and remove records that are no longer needed.
  • Server logs — typically 30–90 days, then deleted or anonymised.
  • Encrypted backups — may persist for up to 35 days beyond active deletion of source data, after which they are overwritten as part of our normal backup-rotation cycle.

If you exercise a right to erasure or successfully object to our processing of Player data, we delete the data sooner unless we are legally required to keep it.

11. How we protect data

We apply technical and organisational measures appropriate to the risk, including encryption of data in transit (HTTPS/TLS) and at rest, access controls, audit logging, regular software updates, restricted administrative access, and a documented incident-response process. No system is perfectly secure; if we ever experience a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant authority within 72 hours and notify affected individuals where required.

12. Automated decision-making and profiling

The Service includes a scoring feature that helps Customer Users assess Players using information already in their profile. Producing this score is a form of profiling under Article 4(4) of the GDPR.

Scores are advisory only. They are presented alongside other information and final recruiting decisions are made by human coaches at the college. We do not use scores to make decisions that produce legal effects or similarly significant effects concerning a Player within the meaning of Article 22 of the GDPR.

A Player may, on request, obtain a plain-language explanation of how scoring is used at a general level. The underlying methodology is confidential. To make such a request, contact Hello@veri-scout.com.

13. Children

The Service is intended for use by adult professionals at college recruiting organisations. We do not knowingly create accounts for children, and Players never log in to the Service. The handling of Player data about minors is described in Section 3.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of the page and, where appropriate, notify Customer Users by email. Continued use of the Service after the effective date of an update means that you accept the updated Policy.

15. Contact

For any privacy question, request or complaint, contact:

VeriScout ApS
Fogedvænget 98, 8722 Hedensted, Denmark
CVR 46154223
Hello@veri-scout.com

You also have the right to complain to a data protection authority. In Denmark this is Datatilsynet — Carl Jacobsens Vej 35, 2500 Valby — datatilsynet.dk.