Legal

Privacy Policy

Effective date: March 18, 2026

TroopPlanner (“we,” “us,” or “the platform”) is a web-based troop management platform for Scouts BSA troops. This policy explains what personal information we collect, how we use it, and the commitments we make to protect it.

1. Who Controls Your Data

Each troop that uses TroopPlanner is a separate tenant. The troop's administrators (typically the Scoutmaster and Committee Chair) control the data entered for their troop. We operate the infrastructure that hosts that data, but we do not own or direct its use.

If you have questions about how your troop manages its records, contact your troop's leadership directly.

2. Information We Collect

Data is entered by troop administrators and members. The categories we store are:

Member profiles — Name, email address, phone number, home address, date of birth, BSA member ID, registration expiration date, and photo (if uploaded).
Training records — Training type, completion date, and expiration date. This includes Safeguarding Youth Training (SYT) status for adult leaders.
Medical form status — Expiration date of the annual health and medical record. The form itself is not stored in TroopPlanner.
Advancement records — Rank requirement completions (date and signer), merit badge progress and blue card workflow, Scout leadership position history, Scoutmaster conference and Board of Review outcomes.
Event data — RSVP responses, attendance records, camping nights, hiking miles, and service hours credited per event.
Equipment records — Checkout and return history, associated with the member who checked out each item.
Campout planning records — Participant lists, compliance checklist status, daily notes, and after-action records for each campout.
Communications — Newsletter drafts and archives, broadcast message history, and communication log entries created by leaders.
Account credentials — Username and a hashed (never plain-text) password, or a one-time magic login token.
Audit log entries — Records of significant actions taken within the platform (who did what and when), retained for troop review.

3. Children’s Data

Scouts BSA troops include minors. TroopPlanner stores personal information about scouts, some of whom may be under 13 years of age.

Troop responsibility: The troop administrator is responsible for ensuring that appropriate parental or guardian consent has been obtained before entering a minor’s information into the platform, in accordance with applicable law (including COPPA in the United States).

We do not knowingly solicit personal information directly from children. All minor member records are created and managed by authorized adult troop leaders.

4. How We Use Information

Information stored in TroopPlanner is used solely to operate the platform for the troop that entered it:

Displaying roster, advancement, event, equipment, and campout information to authorized troop members.
Enforcing permission levels so each member sees only what they are authorized to see.
Sending email notifications and newsletters on behalf of the troop (when configured).
Generating exports (Scoutbook CSV, Eagle PDF, equipment CSV) requested by troop leaders.
Providing audit logs so the troop can review activity within their account.

We do not use troop data for advertising, analytics sold to third parties, or any purpose beyond operating the platform.

5. Third-Party Sharing

We do not share, sell, rent, or trade any member data with third parties.

We use infrastructure providers (hosting, email delivery) to operate the platform. These providers process data only as necessary to provide their service and are bound by data processing agreements. They do not receive member data for their own purposes.

We may disclose information if required by law or to protect the safety of users, but we will notify affected troop administrators to the extent permitted by law.

6. Platform Administrator Access to Troop Data

As the platform operator, we do not routinely view or access individual troop data. Troop data is isolated per tenant and is not visible to other troops.

We may access a troop’s data only when genuinely necessary — for example, to investigate a reported technical issue, respond to a support request, or address a security incident. Such access is:

Limited — restricted to what is needed to resolve the specific issue.
Logged — recorded in the platform audit log.
Visible to the troop — the access log entry is visible to the troop’s administrators in their Audit Log view.

7. Cookies and Local Storage

We use cookies and browser storage for the following purposes:

Session cookie — Required to keep you logged in. Set when you sign in and expires when your session ends or you log out. Without this cookie the application does not function.
CSRF token — A security token attached to form submissions to prevent cross-site request forgery. Required for the application to function.
Preference storage — Your dark/light mode preference is stored in your browser’s local storage so it persists across sessions.
Performance cache — The mobile app (“/app/”) uses IndexedDB to cache advancement records, event data, and other content for offline access. This data is stored locally on your device and is synchronized with the server when you are online. It contains the same information visible to you in the application.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Data Security

We protect data through:

Encrypted connections (HTTPS/TLS) for all traffic.
Hashed password storage (plain-text passwords are never stored).
Per-tenant database isolation (each troop’s data is stored in a separate PostgreSQL schema).
Permission-level enforcement on every view and API endpoint.

No system is perfectly secure. If you discover a security issue, please contact us immediately at the address below.

9. Data Retention

Data is retained for as long as a troop’s account is active. When an account is closed, troop data is held for a minimum of six (6) months to allow for export, then deleted. Audit log entries are retained for the lifetime of the account.

Individual member records can be archived or deleted by the troop’s administrators at any time.

10. Your Rights

Members can request access to, correction of, or deletion of their personal information. For records held within a troop account, the appropriate contact is the troop’s leadership, who can update or remove records through the platform.

If you believe your data has been mishandled or you have a concern that the troop cannot resolve, contact us at the address below.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to troop administrators via email at least 14 days before they take effect. The effective date at the top of this page will always reflect the current version.

Continued use of TroopPlanner after the effective date of a change constitutes acceptance of the updated policy.

12. Contact

Questions or concerns about this privacy policy or the handling of personal data can be sent to:

TroopPlanner Privacy
perkinsms+troopplanner@gmail.com

We aim to respond to all privacy inquiries within five business days.