Privacy Policy

Next Commit Privacy Policy
Last Updated: March 19, 2025

Welcome to Next Commit’s Privacy Policy. Next Commit (available at nextcommit.ai) is an email application that helps athletes connect with college coaches through AI-powered email outreach. We are strongly committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information. This Privacy Policy explains what data we collect, how we use it, how we keep it secure, and your rights regarding your data. In this policy, “Personal Data” means any information that can identify you or be linked to you as an individual (for example, your name, email address, telephone number, billing information, or any other information associated with those identifiers).

Any capitalized terms not defined in this Privacy Policy have the meaning given to them in our Terms of Service. By using Next Commit, you agree to the practices outlined in this Privacy Policy. If you do not agree, please do not use our services. We encourage you to read this policy carefully and contact us if you have any questions.

Overview

Next Commit is an email platform designed to facilitate personalized communication between student-athletes and college coaches. We understand the sensitive nature of personal and professional communications, and we prioritize your privacy in every aspect of our service. This Overview summarizes our commitment:

  • Commitment to Privacy: We do not access or monitor the content of your personal emails or conversations unless you explicitly ask us to for support or it’s necessary for security or legal reasons.
    Your emails and data remain yours – we act as a custodian, processing them only to provide the Next Commit service to you.
  • Transparency: We will clearly explain what information we collect and why. We do not sell your personal data, and we never share it with third parties for their own marketing or advertising purposes.
  • Personal Data Definition: “Personal Data” refers to information that identifies you or can be used to identify you – such as your name, email address, contact details, billing information, or other data linked to you.
    Any information that is anonymized or cannot be linked back to you is not considered Personal Data.
  • Scope: This Privacy Policy applies to information we collect when you use the Next Commit website and application, including any associated services, features, and content (collectively, the “Services”). It does not apply to any third-party websites or services you might use in connection with Next Commit, which have their own privacy practices.

We are committed to complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA) for California residents, and to meeting the requirements of third-party platforms like Google (for our Gmail integration). The following sections provide detailed information on specific topics to ensure you understand how your data is handled.

Data Collected

When you sign up for or use Next Commit, we collect only the information that is necessary to provide our Services and manage your account. Below is an overview of the types of data we collect and what we do and do not collect:

  • Account Information: During registration, we collect personal details such as your name, email address, and a password (if you create a Next Commit account credentials). We may also ask for your graduation year, sport, or other profile information to better tailor the service to you. This information is used to create and administer your account (e.g., to log you in, identify you as a user, and personalize your experience).
  • Contact and Billing Details: If you subscribe to a paid plan, we collect billing-related information. This may include your billing name and address and payment details. Payment information (such as credit card numbers) is typically processed by our secure third-party payment processor and not stored on our servers – we only retain basic billing records (e.g. payment confirmations or the last four digits of a card) needed for account management and compliance.
  • Emails and Content You Provide: Next Commit is an email service, so when you write emails or messages using our platform, the content of those emails (including text, images, attachments) is processed through our system. We store the emails you send to college coaches so that you can access your sent messages, track responses, and manage your outreach history. However, Next Commit does not read or “mine” the content of your emails for any purpose other than to send them on your behalf and provide you with the service. We do not use your email content for advertising, profiling, or any purpose outside of providing Next Commit features. In addition, if you connect your Gmail account (see Section 4), we will have access to emails you send through Next Commit and metadata (like timestamps or if a message was replied to), but we will never allow our staff to view your private email content unless you explicitly request it for support or it’s required for safety/legal reasons.
  • Email Recipient Data: When you use Next Commit to contact third parties (for example, college coaches), we process the information you provide about those recipients. This typically includes the coach’s name, school, email address, and any other details you include (such as their title or athletic program). We do not collect these third-party contacts on our own; you provide them to us. We use this information only to send your emails and track their engagement, as directed by you. (See Third-Party Data and User Responsibility below for more on this.)
  • Engagement and Usage Data: Next Commit automatically collects certain data about how you and your email recipients interact with our service:
    • For athlete users (you): We log usage data such as when you log in, the type of device and browser you use, and your IP address when using the service. We also record actions in the app (e.g., when you send an email or click on a feature) to help us troubleshoot issues and improve the platform. This type of data is generally collected via cookies and analytics tools (see Use of Cookies and Analytics below) and is usually aggregated or anonymized.
    • For email outreach: We track email delivery and engagement metrics for your benefit. For example, we may record if and when an email you sent through Next Commit is opened by the recipient, if it bounces (fails to deliver), or if any links in the email are clicked. This helps you gauge interest from coaches (open rates, click-through rates, etc.). Note: This tracking is done via standard techniques like tracking pixels or unique links in the emails and is fully user-facing – meaning you as the athlete can see these analytics, but they are not used by Next Commit for any other purpose.
  • Support Communications: If you contact us for support or feedback (via email or through a contact form), we will collect the information you choose to provide in that correspondence (such as your contact details and a description of the issue). We use this information to assist you and resolve your inquiries.

What We Do Not Collect or Access: We want to emphasize that Next Commit does not collect any personal data that is not necessary for providing our service. We do not monitor or access the content of your personal emails in your email account inbox. For example, we do not scan your Gmail inbox or read your conversations with coaches outside of what our system automatically needs to send and track the emails you compose using Next Commit. In the rare case where troubleshooting is needed, we will only access your data with your explicit permission and only to the minimal extent necessary to fix the problem.

We do not collect sensitive personal information like social security numbers, government ID numbers, or financial account passwords.

No Sale or Unauthorized Sharing of Data: We treat your personal data with respect and confidentiality. Next Commit does not sell your personal data to any third parties. We also do not share your personal information with third-party companies for their own marketing or advertising purposes. Any sharing of data with third parties is solely for the purposes described in this policy (for example, using a secure email server to send your messages, or using a payment processor to handle billing) – and in such cases, the third parties are service providers bound by strict privacy obligations (see Purpose of Data Use below).

Purpose of Data Collection and Use

We collect and use your data only for specific, legitimate purposes related to operating Next Commit and providing you with our Services. Below is a list of the purposes for which Next Commit uses personal data:

  • Providing and Improving the Service: We use your information to provide the core functionality of Next Commit. This includes using your email address and account information to log you in and maintain your account, and using the email content and coach contact details you supply to send emails on your behalf. We also use data (like usage logs and feedback) to maintain and improve our Services – for example, fixing bugs, refining the user interface, and developing new features that make the recruiting outreach process easier.
  • Account Management: Your personal details (name, email, etc.) are used to create and administer your account. This involves authenticating you when you log in, allowing you to manage your profile, and enabling you to utilize features like saving email templates or viewing your email history. We may also use your email to inform you of important account-related information (such as subscription status, password changes, or critical service updates).
  • Email Composition and Sending: The primary purpose of Next Commit is to help you compose and send targeted emails to college coaches. We use the personal data you input (your email content and the coach’s contact information) to generate personalized emails (with the help of our AI features, if you use them) and to send those emails via your integrated email account. All of this processing of email content is done to carry out the service you have requested – which is connecting with coaches effectively.
  • Engagement Tracking and Analytics: We process email engagement data (opens, clicks, replies) to provide you with analytics about your outreach. For example, we use tracking pixels to note when a coach opens your email and we log that event for you to view. The purpose is to give you feedback on your recruiting efforts (e.g., to highlight which emails got responses). This data also helps us improve our service generally, by understanding what strategies lead to better engagement (in aggregated form, across users, without ever revealing personal email content to other users).
  • User Communication: We may use your email address or phone number (if provided) to communicate with you about the Service. This includes sending service notifications and important updates: for example, if there is a temporary downtime, a new feature release, changes to this Privacy Policy, or security alerts. We may also respond to any inquiries or support requests you send us. In some cases (and only if you have opted in), we might send newsletters or tips to help with your recruiting process – but you can opt out of such communications at any time.
  • Customer Support and Technical Assistance: If you reach out for help, we will use the information you provide to troubleshoot and resolve your issue. For instance, if you report that emails aren’t sending, we may need to review our email logs or certain settings on your account. In rare cases this could mean accessing a portion of your account data with your permission to diagnose the problem. The sole purpose of accessing this data is to provide you with the requested technical support.
  • Billing and Payments: For users on paid plans, we use personal data to handle billing. This includes processing your subscription payments, sending you invoices or receipts, and managing billing inquiries or disputes. Your payment details are processed securely via our payment provider, but we may store records of your transactions (e.g., subscription level, payment dates) to maintain accurate financial records and provide customer support related to billing.
  • Enforcing Terms and Legal Compliance: We may use personal data as necessary to enforce our Terms of Service and policies, to prevent fraudulent or illegal activities, and to comply with applicable laws and regulations. For example, we may review logs if we suspect abuse of our platform (such as someone using Next Commit to send spam, which is against our terms). We may also use and disclose data as required to respond to lawful requests by public authorities (e.g., in response to a subpoena or court order) – see “Legal Compliance” in Sections 7 and 11. Any such use will be in accordance with the law and with appropriate safeguards.
  • Service Improvements and Research: In order to improve Next Commit, we may use aggregated and anonymized data about our users’ interactions. For instance, we might analyze what percentage of emails get opened on average (across all users) or which features are most used, to guide product decisions. Importantly, when we do this, individual users are not identifiable – we remove or anonymize personal identifiers. This purpose is purely to make Next Commit better over time for all users.

We will not use your personal data for any purpose that is incompatible with the ones listed above without asking for your consent first. If we plan to process your information for a new purpose, we will update this Privacy Policy and notify you as needed or required by law. Additionally, if we ever need to use your information for marketing of Next Commit or related services, we will only do so in accordance with applicable laws and, where required, with your consent. As of the latest update of this Policy, any marketing communications (such as tips for recruiting or feature announcements) are optional and you can unsubscribe at any time.

Gmail API Specific Usage

Next Commit offers integration with your Gmail account to make sending and tracking emails convenient. If you choose to connect your Gmail (Google) account with Next Commit, our use of your Google data is highly restricted and in accordance with Google’s policies. We take Google API data usage seriously and comply with Google’s API Services User Data Policy, including its Limited Use requirements for Gmail data.

Access to Gmail Data: When you connect your Gmail account to Next Commit, you grant our application permission to perform specific actions (such as sending emails and reading email metadata) on your behalf. Specifically, Next Commit may request access to Gmail scopes that allow us to send emails from your Gmail account and read certain information (like email thread IDs or labels) needed to track replies or avoid duplicate follow-ups. These permissions are used solely to provide you with our service’s functionality – for example:

  • Sending the emails that you compose in Next Commit through your Gmail outbox (so the emails appear as if you sent them directly, and coaches can reply to your Gmail address).
  • Checking your Gmail inbox for replies from the coaches you emailed (so we can notify you in Next Commit that you got a response, or halt a scheduled follow-up if a coach has replied).
  • [If applicable] Managing email threads or labels to keep track of which emails were sent via Next Commit.

We do not request any unnecessary Gmail permissions. We do not have access to your entire inbox or contacts – only the minimum needed for the features you use. When you authorize Next Commit via Google OAuth, Google will show you exactly what permissions you are granting. You can revoke Next Commit’s access at any time via your Google Account settings.

Compliance with Google API Policies: Next Commit’s use and transfer of information received from Google APIs (such as Gmail data) will adhere to Google’s API Services User Data Policy.

In practical terms, this means:

  • User-Facing Features: Any data we access from your Google account is used to provide a prominent, user-facing feature in Next Commit that is apparent to you. We access your Gmail data to serve you – for instance, sending emails you wrote or showing you that a coach replied – and for no hidden purposes.
  • No Unauthorized Transfer: We do not transfer your Gmail data to third parties except as necessary to provide the Next Commit service (for example, sending an email obviously involves transferring the content to the recipient’s mail server) or as required for legal compliance (such as responding to a valid legal demand, see Section 7). We never sell or share your Gmail information with any third party for anything like advertising or marketing.
  • No Use for Advertising: Next Commit does not use any data obtained from your Gmail account for advertising purposes. We do not scan your emails to target you or anyone with ads. This is explicitly forbidden by Google’s policies and we abide by that rule.
  • Limited Human Access: We design our systems such that your Gmail data is processed automatically (by software) to deliver the service, and not manually read by humans. Our employees and team members do not read the content of your Gmail messages except in very specific situations where you authorize it (for example, if you request technical support and explicitly ask us to review a specific email to diagnose an issue) or where we must for security or legal reasons.
    Google’s policy allows human access only with user consent, for security, or for legal obligations, and Next Commit adheres to this standard. In short, we treat your Gmail data as highly confidential.
  • No Serving to Other Apps: We will not use or transfer your Gmail data to any service or application that isn’t an integral part of the Next Commit functionality you are using. The only exception would be if it’s necessary to comply with applicable laws or in the context of a merger/acquisition (and even then, we would provide notice as required).
  • No Retention Without Purpose: We do not store Gmail data longer than necessary. For example, if Next Commit caches some email metadata to show you a list of recent coach replies, we keep that only to serve you. (See Data Retention below for more on how long we keep data.) We also honor deletion—if you disconnect your Google account or delete your Next Commit account, any Gmail tokens and cached data will be deleted from our systems within a reasonable period.
  • No Use for AI Training: Although Next Commit uses AI to help draft emails, we do not use the content of your emails or any Gmail data to train generalized artificial intelligence or machine learning models outside of the specific feature you are using. In other words, we don’t feed your Gmail data into some separate AI system. Our AI email suggestions are either generated on the fly based on your input or from models that were trained on broad data sets, not on your personal emails. This ensures compliance with Google’s requirements (which forbid using Gmail data to improve AI models in a way that’s not user-facing). We do not retain or repurpose user data for any model training.

In summary, integrating your Gmail with Next Commit is meant to enhance your experience by streamlining email sending and tracking. We take great care to use that access only in ways that you have permitted and that benefit you, in strict alignment with Google’s policies and with this Privacy Policy. Next Commit’s use and handling of Gmail data has been designed to meet or exceed the privacy and security standards Google expects of developers.

If you have any questions about our Gmail integration or wish to revoke access, you can do so through your Google Security settings or by contacting us for help.

Third-Party Data and User Responsibility

When using Next Commit, you may input personal data that is not about yourself but about third parties – for example, the names and email addresses of college coaches or recruiters that you wish to contact. We want to clarify how such third-party data is handled and your responsibilities regarding it:

You Are the Data Controller for Recipient Data: If you provide personal information about others (such as a coach’s name, email, school, position, etc.), you are responsible for ensuring you have the right to use that data. In practical terms, this means you should only use Next Commit to contact coaches who are expecting to hear from prospective athletes or where it’s permissible to contact them (for instance, coaches who have made their contact information publicly available for recruiting purposes). If any law or regulation (such as anti-spam laws or privacy laws) requires that you obtain consent from a person before contacting them, you are responsible for obtaining such consent. Next Commit simply facilitates the communication; we cannot verify or manage the consents or permissions on your behalf.

Next Commit as a Data Processor: For third-party personal data that you input into our system, Next Commit acts as a “data processor” or service provider on your behalf. We process that data only to provide the Services you’ve asked for – namely, sending emails to those recipients and tracking their responses for you – and for no other independent purpose.

We do not claim ownership of the coaches’ data you enter, and we do not build our own contact lists or profiles of coaches using your data. In other words, if you input Coach Jane Doe’s email into Next Commit to send a message, we use it only to send that message and note any response; we do not use Coach Jane Doe’s information for anything that you didn’t direct us to do.

No Third-Party Marketing by Next Commit: We do not use the email addresses of coaches (or other third parties you interact with via our service) to send our own marketing messages to those third parties. For example, if you email Coach John through Next Commit, we will not independently email Coach John outside of your initiative, nor will we add Coach John’s info to any marketing database. The communication is strictly between you and the recipient; Next Commit is just the platform facilitating it.

Confidentiality of Third-Party Data: We treat the data about your email recipients with the same care as we treat your data. It is stored securely and not disclosed to anyone except as needed to send the emails (for instance, obviously an email address will go to our email sending service to route the message to that person) or as required by law. We consider your list of contacts and the content of your communications to be your private information. Our employees do not access the list of coaches you are contacting, except if necessary for support or legal compliance, similar to how we handle your personal data.

Obtaining Necessary Consents: In some cases (for example, if you are contacting coaches in regions with strict privacy laws, or if you’re including personal data about someone in an email), it may be required by law that you have the person’s consent or another legal basis to use their personal data. While Next Commit can’t know the circumstances of each communication, we advise you to only use our service in compliance with applicable laws. By using Next Commit to send emails, you represent that you have the appropriate rights or permissions to contact those recipients. If a recipient ever has questions or complaints about why you contacted them, that inquiry will generally come to you directly (as you are the sender of the email). We will assist you with any such issues as needed, but we expect users to use Next Commit responsibly and respect others’ privacy and communication preferences.

Indemnification for Third-Party Data: (This is more of a legal note usually found in Terms of Service, but worth mentioning in context.) If you misuse third-party data via our service – for instance, by spamming people who have not given consent – and it causes a legal issue for Next Commit, you may be responsible for that misuse. We encourage all users to follow best practices for email outreach (e.g., personalize emails, honor requests not to be contacted, etc.) not just because it’s legally prudent, but also because it’s the right way to build professional relationships.

In short, you control the data of the people you email, and Next Commit processes it strictly as a facilitator. We strive to protect that data and keep it confidential on our end. If you (or a college coach you contact) have any concerns about personal data being used via Next Commit, please reach out to us. We can assist in removing or retrieving any such data if needed, and we will cooperate with any legitimate requests or complaints from third parties about their data, in accordance with our obligations.

Data Retention Policy

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected (as described in this Privacy Policy) or as required by law. This section explains how long different types of data are kept and the options you have to manage your data.

  • Account Information: We retain the personal information associated with your account (such as your name, email, profile info, and settings) for as long as your account remains active. This allows us to provide the Service to you each time you log in. If you decide to delete your account, we will delete or anonymize your account information from our active databases as part of the account deletion process (typically within a short period following your request, as described below in “Data Deletion”). Certain basic information may be kept longer if necessary (for example, in our billing records or audit logs) but will be retained only to comply with legal or financial obligations.
  • Emails and Communications: The emails you send through Next Commit (including their content, subjects, timestamps, and recipient addresses) are stored so that you can review your sent communications and track responses. By default, we retain these sent emails indefinitely in your account, as many users find it useful to have a history of their outreach efforts over the course of high school recruiting (which can span several years). However, you have control over this data:
    • You can delete individual emails or conversations from within Next Commit if that functionality is available (for instance, removing a particular email from your sent list). Deleting an email in the Next Commit interface will remove the content and associated tracking data from our live systems, though it may remain in our secure backups for a limited time until those backups rotate out.
    • If you disconnect your email account or revoke Next Commit’s access to your Gmail, we may no longer be able to send new emails or track replies, but the data for emails already sent through Next Commit may remain in your account history unless you delete your account or those emails manually.
  • Engagement Data (Opens, Clicks, Replies): We retain the tracking data (e.g., open timestamps, click counts, reply indicators) associated with your sent emails as part of your account data for as long as the underlying email or thread is stored. This lets you go back and see which coaches engaged with which emails. If you delete a particular email from Next Commit, its engagement data will be deleted as well. We may also maintain aggregated statistics (for example, average open rate across all your emails, or overall platform engagement metrics) without personal identifiers. Such aggregated data, which no longer identifies any individual user or coach, may be retained indefinitely for analytical purposes, since it does not compromise anyone’s privacy.
  • Third-Party Contact Data: The list of coaches or other contacts you manage in Next Commit (names, emails, schools, etc.) is retained until you choose to remove those contacts or delete your account. You can edit or delete coach contact information at any time through the Next Commit interface. If you delete a contact, it will no longer be available in your account, though it may still exist in any emails you had sent to that contact (for example, their email might still be part of a sent message record until that message is deleted).
  • Support and Correspondence: If you contacted us for support, we may retain the correspondence (emails or chat logs) and any notes on the issue for a period of time after resolution. This helps us if you have follow-up questions and improves our support process. Typically, support records are retained for up to 2 years, unless you request their deletion sooner, except where we are required to keep them longer (for instance, if there was a serious incident that needs to be kept on record).
  • Logs and Backups: Our system logs (which may include IP addresses, login times, and actions taken in the app) are generally retained for security, debugging, and legal compliance. These logs are usually stored in a secure manner and purged periodically if not needed. Similarly, we perform routine backups of our databases to ensure data can be recovered in case of incidents; these backups are encrypted and stored securely. Backup data is typically retained for a limited duration (e.g., 30-60 days) before being overwritten with newer backups. If you delete data from your account, it will be removed from active databases immediately or within a short time, but it might persist in encrypted backups until those backups expire – during this period, we would not use the deleted data for any purpose other than disaster recovery.
  • Legal Retention Requirements: In certain cases, we may need to retain data for a longer period if required by law. For example, financial and billing records might be kept for several years to comply with tax and accounting laws. If we receive a legal hold or request (like a preservation order as part of a legal case), we will retain the relevant data for as long as instructed by the authority. We also retain data as necessary to resolve disputes or enforce our agreements. In all such cases, the data will be kept only as long as necessary for the stated requirement and then deleted or anonymized.

Data Deletion and Your Choices: We provide you with the ability to delete your personal data:

  • You can request deletion of your entire account at any time. The easiest way is to use any “Delete Account” or similar function in the account settings of Next Commit. If no such option is available, you may contact us at our support or privacy email to request account deletion.
  • Upon receiving a verified deletion request, we will deactivate your account and begin the deletion process. Account deletion typically involves removing your personal details, emails, contacts, and other identifiable data from our active databases. We will also instruct our service providers to delete any of your data that they may be storing on our behalf (for example, data cached on an email relay server).
  • We aim to complete such deletions promptly, generally within 30 days or as required by law (CCPA, for instance, requires us to respond to deletion requests within 45 days in most cases). We will confirm with you once your request has been completed.
  • After deletion, some information will remain in our system only in a depersonalized form. For instance, we might keep aggregated usage statistics that include your usage in an anonymized way (e.g., “number of emails sent this month”) but not in any way that can identify you. Also, as noted, encrypted backups containing your data might persist until they are rotated out; those backups are accessible only for disaster recovery situations.

If you have integrated Next Commit with your Google account, you should also revoke Next Commit’s access via your Google Account permissions if you delete your Next Commit account, just as an extra precaution. (When we delete your account, we will delete the stored Google OAuth tokens on our end, which invalidates our access, but removing it from your Google settings ensures no further access.)

Opt-Out of Tracking: If for some reason you wish to disable the tracking of email opens or clicks for messages you send (say you don’t want to track a particular email’s opens), you would typically control that via the email sending options in Next Commit (e.g., you might be able to uncheck “Track Opens” for a given email). If you disable tracking features, we will not collect that engagement data for those emails. Note that our system might still collect basic delivery information (like whether an email bounced) because that’s necessary for the functioning of the email service.

We believe in data minimization, meaning we strive not to keep your data longer than we need it. If you have specific questions about our retention practices or want a certain piece of information deleted, you can always contact us at our support or privacy contact (see Contact Information section). We will be happy to assist and provide more details as needed.

Security Measures

Next Commit takes the security of your personal data very seriously. We implement a variety of technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. However, it’s important to understand that no method of transmitting or storing data is completely foolproof. In this section, we outline how we safeguard your data and our security-related disclaimers.

  • Encryption: All communications between your browser (or app) and Next Commit’s servers are encrypted using industry-standard encryption protocols such as HTTPS/TLS. This means that when you input personal information or send emails through our platform, the data is encrypted in transit to prevent eavesdropping. If we store sensitive data, we encrypt it at rest as well. For example, passwords are stored in hashed form (never in plain text), and any sensitive tokens (like Google OAuth tokens) are encrypted in our database.
  • Access Controls: We limit access to personal data strictly to those employees, contractors, and service providers who need it to operate or support the service. Internally, Next Commit operates on a principle of least privilege – team members have access only to the data and systems necessary for their role. For example, our support staff can view your account email and basic info to help with your tickets, but they cannot arbitrarily read your email content. Any elevated access for troubleshooting (such as accessing email logs) is done only if necessary and with management approval and user permission when applicable.
  • Network and Application Security: Our servers are protected by firewalls and monitored for potential intrusions. We keep our software and infrastructure up to date with security patches to guard against vulnerabilities. We also employ measures like intrusion detection systems, and we may run periodic security audits and penetration tests (sometimes via third-party security experts) to identify and fix potential weaknesses. Our application is designed with security in mind, including validation of input to prevent common attacks (like SQL injection or XSS).
  • Third-Party Security: We use reputable third-party providers for certain services (for example, cloud hosting, payment processing, email delivery). We ensure that these providers meet high security standards. We have agreements in place with them to protect your data, and they are obligated to implement strong security measures as well. For instance, our payment processor is PCI-DSS compliant (which is a security standard for payment data). We do not self-host sensitive infrastructure if a specialized secure solution exists – this helps us leverage industry-best security practices.
  • Monitoring and Prevention: We monitor our systems for suspicious activity. Unusual account behaviors (like many failed login attempts) may trigger alerts or protective measures (such as temporary locking of an account to prevent brute force attacks). We also encourage you to use a strong, unique password for Next Commit and to enable any additional security features we offer, such as two-factor authentication (2FA), if available.
  • Training and Policies: Our team is trained on data security and privacy best practices. We have internal policies to ensure that user data is handled safely and confidentially. Team members are required to acknowledge and comply with these policies, and breaches of policy can result in disciplinary action. We also require any subcontractors or agents who assist in servicing the platform to adhere to similar strict confidentiality obligations.
  • Incident Response: In the unlikely event of a data breach or security incident that affects your personal data, we have a response plan in place. We will notify you as soon as possible about what happened and what data may be affected, consistent with applicable laws and regulations. We will also notify regulators or authorities if required by law. Our notification would include information about what we know of the incident and advice on steps you may need to take to protect yourself (for example, resetting passwords if relevant). We would also take immediate steps to contain the incident and prevent further unauthorized access, and then work to remedy the vulnerabilities that led to it.

No Guarantee: While we are committed to protecting your information, we need to be transparent that no security measure is infallible. The internet by its nature cannot be 100% secure. Thus, we cannot guarantee absolute security of your data. You should also do your part to protect your account – for example, keep your password confidential and log out of the app when using a shared device. If you believe your account or data may have been compromised, please contact us immediately so we can help secure your account.

In summary, we apply industry-standard security practices to guard your data (and in many cases, go above the standard). We continuously improve our security measures as new technologies and best practices emerge. Your trust is critical to us, and we work hard to earn and maintain it by keeping Next Commit safe. Nevertheless, if you have any specific questions about security or would like to report a vulnerability or incident, please reach out to us at our Contact Information below.

International Data Transfers

Next Commit is a service that may be accessed by users around the world. We are based in the United States, and our servers and data centers are primarily located in the U.S. This means that if you are using Next Commit from outside the United States, your personal data will likely be transferred to, stored, and processed in the United States. We want to be clear about how we handle international data transfers and what that means for your data’s protection.

Data Location: All data that Next Commit collects (your personal information, emails, etc.) is stored on secure servers which may reside in the United States. Some of our service providers (such as cloud hosting services or email providers) may also be located in the U.S. or other countries. As a result, your personal data may be transferred to or accessed in a country different from your home country. For example, if you live in the European Union or Canada, your data will be sent to the U.S. for processing.

Adequacy and Safeguards: Different countries have different data protection laws. The United States may not have the same level of data protection as the laws in your jurisdiction (for instance, the EU’s GDPR). However, we take steps to ensure that your privacy is protected according to the standards of this Privacy Policy regardless of where the data is processed. These steps may include:

  • Contractual Clauses: If you are in a region like the European Economic Area (EEA) or the UK, we will rely on approved legal mechanisms to transfer data (such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum) which contractually require that your data receives a level of protection equivalent to EU law.
  • Privacy Frameworks: We will also monitor developments like the EU-U.S. Data Privacy Framework. If applicable, we will certify or comply with such frameworks to facilitate lawful and protected data transfers.
  • Service Providers Obligations: We ensure that any third-party service providers that help us process your data (like our data hosting providers) are also bound by similar data protection obligations. They either certify to frameworks or have signed data protection agreements with us including standard clauses.

Your Consent to Transfer: By using Next Commit and providing your information, you consent to the transfer of your personal data to the United States and other jurisdictions as necessary for the purposes described in this Privacy Policy. If you do not want your data transferred to the U.S., you should not use the Service. We want to be transparent that such transfers are inherent in our providing of the service to you.

Processing in the US: Once at our U.S. servers, your data will be processed according to U.S. law. However, our commitment is that we will handle it according to the privacy protections outlined in this policy, no matter where it is processed. So, for example, we will continue to respect your deletion requests or privacy rights (see Section 9) even if your data is stored in the U.S.

Government Access: It’s important to note that data stored in the United States may be subject to lawful requests by courts or law enforcement authorities in the U.S. In the event we receive any such request, we would only comply after a careful legal review and only if required by law. We would also do our best to notify you if allowed.

International Users – Additional Rights: If you are located in certain regions (such as the EU), you may have additional rights regarding your data (like the right to lodge a complaint with a data protection authority). We address some of these in the next section (User Rights and Control). We also provide contact details (in Section 12) if you have cross-border privacy questions.

Local Data Storage: At this time, we do not offer an option to choose the region where your data is stored (all users’ data is handled in a unified system). In future, if we provide region-specific data hosting (for instance, for certain institutional clients or if required by law), we will update this policy accordingly and ensure proper safeguards for any inter-region transfers.

In summary, using Next Commit will result in your data being transferred to and processed in the United States. We protect that data with robust security (as described in Section 7) and adhere to strict privacy principles no matter its location. By maintaining these safeguards and complying with international transfer rules, we ensure your data continues to have a high level of protection. If you have concerns about international data transfers, please contact us – we will be happy to provide additional details about how we can accommodate your needs or clarify our practices.

User Rights and Control

We believe you should have control over your personal data. Next Commit recognizes and respects the rights you have regarding the information we hold about you. These rights may vary depending on your jurisdiction (for example, users in the European Union and California residents have specific legal rights), but as a policy, we aim to extend fundamental privacy rights to all our users. Below, we outline the various rights and choices you have, and how you can exercise them:

  • Right to Access Your Information: You have the right to request a copy of the personal data we have about you and to obtain information about how that data is being used. This is sometimes called a “Data Subject Access Request.” Upon request, we will provide you with a summary of the information we have on file about you, such as your account details, the emails sent from your account, and any other relevant data. In many cases, you can access much of this information directly by logging into your Next Commit account (for example, you can see your profile info and email history). If you need a more comprehensive export of your data, contact us and we will assist you.
  • Right to Correct or Rectify: If any of your personal data is inaccurate or outdated, you have the right to ask us to correct it. You can edit much of your information on your own (for instance, you can update your name or email in your account settings). For any details that you cannot change directly, you can reach out to us and request correction. We will update our records and confirm the change. It’s important that your information is up-to-date for the service to function properly (e.g., an outdated email address could cause you to miss important notices).
  • Right to Delete Your Data: You have the right to request deletion of your personal data (also known as the “right to be forgotten”). This includes the ability to delete your entire account or specific pieces of information. As described in Section 6 (Data Retention), you can delete certain data through the app (like removing a contact or an email), and you can request full account deletion by contacting us if an in-app option is not available. Once we verify such a request, we will delete your personal data from our systems (with the limited exceptions noted in Data Retention for legal requirements, etc.). After deletion, your account will no longer be accessible. Important: Deleting your data is irreversible – if you request account deletion, we won’t be able to recover your account later. We will inform you when the deletion process is complete.
  • Right to Data Portability: For certain data that you have provided to us, you may have the right to get that data in a commonly used, machine-readable format, and/or request that we transmit it to another service where technically feasible. For example, you might want a CSV or JSON file of all the coach contacts you uploaded, or the emails you sent. We will accommodate such requests to the extent possible. (This right is often applicable under laws like GDPR for EU users.)
  • Right to Opt-Out of Marketing Communications: If you have signed up to receive any marketing or non-essential communications from us (for instance, a newsletter or promotional emails about new features), you have the right to opt out at any time. You can typically do this by clicking the “unsubscribe” link in any such email, or by adjusting your notification preferences in the app (if available). Even if you opt out of promotional emails, we may still send you important administrative or transactional messages (like an email about an upcoming subscription renewal or a security alert), as those are not marketing but part of our service to you.
  • Right to Manage Cookies and Analytics: As detailed in Section 10 (Cookies and Analytics), you can control how cookies are used through your browser settings, and you can opt out of certain analytics tracking. This empowers you to limit passive data collection if you choose. (See that section for more details on how to exercise these controls.)
  • California Privacy Rights (CCPA/CPRA): If you are a resident of California, you have specific rights under the California Consumer Privacy Act (as amended by the CPRA) regarding your personal information. These include:
    • Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share that information. Essentially, you can ask “what personal information do you have about me and how is it used/shared?” (Much of this is already outlined in this Privacy Policy.)
    • Right to Delete: You can request that we delete the personal information we have collected from you (with certain exceptions as permitted by law, such as if the information is necessary to complete a transaction or for a legal reason). As noted above, we will honor deletion requests.
    • Right to Correct: You can request correction of inaccurate personal information we maintain about you (which, as mentioned, we facilitate as well).
    • Right to Opt-Out of Sale/Sharing: CCPA gives you the right to direct a business that sells personal information to stop selling it. However, Next Commit does not sell personal information (and does not share it for cross-context behavioral advertising either), so this right is more about our transparency: we confirm we don’t sell your data. If in the future we ever considered a “sale” of data as defined by CCPA (for example, if we integrated with an ad partner in a way that’s considered a “sale”), we would provide a “Do Not Sell or Share My Personal Info” link and honor opt-outs. But again, we do not do this.
    • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means if you choose to exercise your privacy rights (like requesting deletion or opting out of data sharing), we will not deny you our services, charge you a different price, or provide a different level of quality just because of that choice. (However, note that deleting essential data might affect our ability to provide the service – for instance, if you ask us to delete your email address, we can’t really run your email account – but we will inform you of any such consequences and it would be a result of you deciding to discontinue service, not a punitive action by us.)
  • Submitting Requests: California users (or their authorized agent) can submit requests to know, delete, or correct by contacting us via the methods in Section 12 (Contact Information). We will need to verify your identity (or authority of your agent) for security – this might involve confirming details we have on file or asking you to contact us from the email associated with your account, etc. We will respond to verifiable requests within the timeframe required by law (generally within 45 days, with an extension of another 45 if necessary and with notice).
  • EU/EEA and Other Regions: If you are in the European Union, EEA, UK, or other jurisdictions with similar laws (like Brazil’s LGPD, etc.), you likely have rights analogous to those above: access, rectification, deletion, portability, objection to processing, restriction of processing, and the right to file a complaint with a supervisory authority. Next Commit will endeavor to honor those rights globally. For example:
    • You have the right to object to certain processing (like objecting to direct marketing or to any processing based on legitimate interests – though in our case, we don’t do much processing based on “legitimate interests” outside of providing the service).
    • You have the right to restrict processing in some cases, such as while a correction request is pending.
    • If we ever process data based on your consent, you have the right to withdraw consent at any time (withdrawal won’t affect the lawfulness of processing done before the withdrawal).
    • If you are in the EU/UK, you also have the right to lodge a complaint with your country’s Data Protection Authority or the UK Information Commissioner’s Office if you believe we have infringed your data rights.
  • Automated Decision-Making: Next Commit does not make any legally significant decisions about you using purely automated means. For example, we don’t use algorithms to approve or deny something about you in a way that has significant effect. Our AI features (like email drafting) are user-initiated and for your benefit, not for making decisions about you. If this ever changes, you would have rights not to be subject to such automated decisions without human intervention in certain jurisdictions.
  • How to Exercise Your Rights: Most of the rights above can be exercised by contacting us at the email or mailing address provided in Section 12 (Contact Information). For certain requests (like access or deletion), we may provide self-service tools if available, or we will handle it for you on the back-end. When you contact us, please:
    • Indicate which right(s) you wish to exercise (e.g., “I’d like a copy of my data” or “Please delete my account”).
    • Provide sufficient information for us to verify that you are the individual associated with the account (we may ask you to do this if we don’t have enough info – like contacting us from your registered email, or providing a recent email subject you sent, etc., which only the user would know).
    • Provide any additional details that would help us fulfill your request (e.g., if you only want certain data deleted, specify which).

We will respond to your request as soon as possible, and in any event within the time frame your jurisdiction mandates (if applicable). For example, under GDPR that’s generally one month, and under CCPA it’s 45 days. If we need more time or cannot fulfill your request for some reason, we will explain the reason (for instance, if a deletion request conflicts with a legal obligation, we’ll let you know). We will not charge you a fee for exercising your rights unless the requests are manifestly unfounded or excessive (in which case, as per law, we could charge a reasonable fee or refuse, but we’ve never had to do that).

No Account Required: Note that if you are not a registered user (say you’re a coach who was contacted by a Next Commit user and you want to exercise rights), you can still contact us. However, since we generally process third-party data on behalf of our users, in many cases we may refer you to the user (the athlete) who sent you the email, as they control that data. For example, if a coach doesn’t want to be contacted, they should inform the athlete to remove their info – and we can assist our user in honoring that. We will of course assist and cooperate in any legitimate request to the extent we can.

In summary, we want you to feel in control of your data on Next Commit. We have built features to let you view and manage your information, and our support team is ready to help with any requests regarding your privacy rights. We never want you to feel that your data is “locked in” or being used in a way you don’t like. If you have any concerns or questions about your rights, please reach out to us.

Use of Cookies and Analytics

Next Commit uses cookies and similar tracking technologies to ensure our website and application function correctly, to understand how users engage with our services, and to improve and personalize your experience. This section explains what cookies and tracking technologies we use, what information they collect, and how you can control them.

What Are Cookies?Cookies are small text files that websites send to your device (computer, phone, etc.) when you visit. They are stored by your browser and contain information that the website might need to reference later. Cookies can be “persistent” (lasting for multiple sessions) or “session” cookies that expire when you close your browser. Similar technologies include web beacons (pixel tags), local storage (like HTML5 localStorage), and scripts that run in your browser to collect information.

How Next Commit Uses Cookies:

  • Essential Cookies: These are necessary for the operation of our service. For example, when you log into Next Commit, we set a session cookie so you remain logged in as you navigate between pages. Essential cookies enable core functionality like authentication, security (e.g., preventing cross-site request forgery), and network management. Without these cookies, the service might not function properly. You cannot opt out of essential cookies because our service cannot run without them (other than by not using the service).
  • Preference Cookies: These cookies remember your preferences and settings to provide a more convenient experience. For instance, if our app has a setting for interface language or a “remember me” option at login, a cookie might store that selection so you don’t have to re-enter it each time. Similarly, if you dismiss a notification banner, a cookie might remember that so it doesn’t show again.
  • Analytics Cookies: We use analytics tools to collect information about how users use our website, so we can improve it. These cookies collect data about your interactions with our site, such as which pages you visited, how long you stayed, what links or buttons you clicked, and your IP address or device information. This helps us understand user behavior and preferences in aggregate. For example, we might learn that a lot of users spend time on the “How it Works” page, or that very few users click a certain feature – indicating we might need to make that feature more accessible. The information collected by these cookies is typically aggregated and anonymized – it does not directly identify you. We use this data for statistical analysis, not to profile individual users.

Tracking Pixels in Emails:

In addition to cookies on our site, as part of our service to you, the emails you send through Next Commit may contain a tiny image (tracking pixel) or unique links that allow us to see if the email was opened or a link was clicked. This is a form of “analytics” specific to your email outreach and is only used to report back to you on engagement. It’s not used for third-party marketing or tracking outside of your interactions with that email.

Advertising Cookies:

As of the latest update of this policy, Next Commit’s platform is focused on service to users and we do not host third-party ads on our application that would use targeting cookies. On our public informational website, we also currently do not run third-party advertising networks. There is a possibility we might use our own cookies to promote our services (for example, showing a banner about a new feature), but those are direct and not from external ad networks. If in the future we were to introduce advertising or integrate with ad platforms, we would update this policy and ensure compliance with consent requirements. Any cookies used for advertising would be clearly explained and allowed only with appropriate consent, especially in regions like the EU.

Third-Party Integrations:

If we integrate content or services from third parties, they may set cookies. For example, if we had a support chat widget from a third-party provider, that provider might use cookies to manage the chat session. Another example is embedding a YouTube video on our site – YouTube might set cookies. We will endeavor to minimize third-party cookies and only use reputable services. Our Cookie Policy (if available on our site) provides more detail on specific cookies and their purposes.

What Information Is Collected by Cookies/Analytics?

When you visit our site or use the app, the information collected by cookies and similar tech can include:

  • Your device’s IP address (which may give a general location, like city or country).
  • Device identifiers, browser type, and operating system.
  • Pages or screens you viewed, the time spent, and navigation paths (which page you came from, which page you go to next).
  • Clicks, scrolls, and interactions with page elements.
  • For analytics cookies, a random unique ID may be assigned to your browser to distinguish you from other visitors – but this ID doesn’t reveal who you are (we don’t tie it to your name or email).
  • Time of access and errors or performance data (to help debug).
  • For email tracking pixels: whether and when the email was opened, and IP/device info of the opener.

User Controls Over Cookies:

  • Cookie Banner/Consent (if applicable): If you’re in a jurisdiction that requires cookie consent (like the EU), you will see a cookie banner when you first visit our site, asking you to consent to non-essential cookies (like analytics). You can choose to allow or reject those. Your preference will be remembered via a cookie. If you reject analytics cookies, our site will still function, but we won’t include your visit in our analytics.
  • Browser Settings: Regardless of where you are, you have the ability to control cookies through your web browser settings. You can usually set your browser to refuse some or all cookies, or to prompt you before accepting. You can also delete cookies that have already been set. Please note that if you disable all cookies, our site may not function properly. For example, you won’t be able to stay logged in (since the session cookie would be blocked). It’s recommended to at least allow “essential” cookies.

Policy Updates and Notifications

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. It’s important to us that you are informed about any significant changes, so we will take steps to notify you appropriately. Here is what to expect regarding updates:

Notification of Changes: If we make any material changes to this Privacy Policy, we will notify users in a timely manner. “Material changes” could include, for example, using personal data for a new purpose not originally disclosed, changing the types of personal data we collect, or making changes that affect your rights. Notification methods may include:

  • An email to the address associated with your Next Commit account, informing you of the update.
  • A prominent notice on our website or within the app (such as a banner or pop-up notification) when you log in, alerting you to review the new Privacy Policy.
  • In some cases, we might also provide an in-app message or direct communication especially if required by law.

Posting Date: Minor updates or clarifications that don’t substantially affect the policy may be posted without a direct notification, but the “Last Updated” date at the top of the Privacy Policy will always reflect the latest revision. We encourage you to check this page periodically to stay aware of how we are protecting your information. When we update the policy, we will also maintain an archive or change log (if appropriate) so you can see what’s changed.

Your Continued Use as Consent: Continued use of Next Commit after a Privacy Policy update signifies your acceptance of the changes, to the extent permitted by law. However, if the changes are significant, we will give you a reasonable chance to review the revised policy and, if you do not agree, you can choose to stop using the service or exercise any rights you have (for example, deleting your account). For example, we might say in the notice, “Changes will become effective in 30 days. If you have objections, contact us or discontinue use before that date.” This gives you control.

Regulatory Compliance: Sometimes we may need to update this policy to comply with new laws or regulations (for instance, if a new privacy law comes into effect). We reserve the right to make such changes and will inform you as required. In certain jurisdictions, we might need to get your consent for some changes (especially if we were to start collecting new sensitive data or using data in a new way that requires consent). If that ever happens, we would seek consent accordingly.

Non-Material Changes: Not all updates will significantly affect users. We might update wording for clarity, fix typographical errors, or make organizational changes to the policy to improve readability. These types of edits would not impact how your data is used, and so we may not send out a formal notification aside from updating the date on the policy page. It’s all part of keeping the information accurate and clear.

Previous Versions: For transparency, we may keep previous versions of this Privacy Policy available (for example, by keeping an accessible archive on our site or providing a “Last Updated” summary of changes). That way, you can see how our policy has evolved. If you have questions about a previous version, you can always contact us.

By being users of Next Commit, we consider that you have acknowledged that it is your responsibility to review this Privacy Policy periodically for any modifications. We will do our best to make that easy by signaling changes clearly.

Your privacy is not something we would change lightly, so major shifts in practice are unlikely – but as our service grows or laws change, we want to keep this document up to date. If at any time you do not agree with an updated Privacy Policy, you have the right to stop using Next Commit and request the deletion of your data. We sincerely hope, however, that our updates will only strengthen your trust in how we handle your information.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or about your personal data, please do not hesitate to contact us. We are here to help and address any issues related to privacy and data protection.

Contact Us via Email: For privacy-specific inquiries (such as questions about this policy, data access or deletion requests, etc.), you can email our privacy team at privacy@nextcommit.com.

Contact Us via Mail: You can also reach us by postal mail. Our mailing address for privacy and data protection inquiries is:

Next Commit – Privacy Officer
123 Recruitment Avenue
Seattle, WA 98101
United States of America

Please address your letter to “Privacy Officer” or “Attn: Privacy” to ensure it is routed correctly. If you are mailing from outside the United States, please note that international mail can take some time to reach us. We will reply as appropriate either by mail or by the contact method you provide.

Contact Us via Phone: (If we had a phone number for privacy inquiries, it would be listed here. The contact provided in the site footer is a placeholder. In practice, email or mail is preferable for a written record of requests like data deletion.)

Additional Contact Avenues: You may also use the contact form on our website (Contact Us page) if one is provided. If you do so, please mention that your inquiry is about privacy, so it can be forwarded to the right team. If you’re a California resident or from a jurisdiction with specific requirements, you can use the above contact methods to exercise your rights (as described in Section 9). You may also designate an authorized agent to make a request on your behalf by providing us with written permission for that agent or other proof of authorization, but we will still need to verify your identity directly in such cases as required by law.

We value your feedback and questions. Communication with our users helps us ensure we’re meeting your expectations and addressing any issues. Whether you have a question about opting out of analytics, need help retrieving your data, or have concerns about a potential privacy breach, we encourage you to reach out.

Effective Date: This Privacy Policy is effective as of the “Last Updated” date stated above.

Thank you for reading our Privacy Policy. We appreciate your trust in Next Commit for your important communications, and we are committed to honoring that trust by handling your data with care and transparency.

Last Updated: March 19, 2025