MySummitKeep

Children's Privacy Policy

COPPA Compliance

Effective:
June 1, 2026

MySummitKeep LLC (“we,” “us,” or “our”) is committed to protecting the privacy of children. This Children’s Privacy Policy supplements our general Privacy Policy and explains our practices regarding the collection, use, and disclosure of personal information from children under the age of thirteen (13) through the MySummitKeep platform (the “Service”). This policy is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501–6506, and the implementing regulations at 16 CFR Part 312 (as amended effective August 25, 2025).

1. Operator Information

MySummitKeep LLC Attn: Privacy Officer 5005 W Laurel St, Ste 100 #3250 Tampa, FL 33607 Phone: (813) 418-6800 Privacy contact: privacy@mysummitkeep.com General contact: support@mysummitkeep.com Website: www.mysummitkeep.com

MySummitKeep LLC is the operator of the Service for purposes of COPPA. Troop administrators and parents/guardians enter children’s information using the parental-consent workflows we provide; they cooperate with our consent collection, but the operator obligations under COPPA rest with MySummitKeep.

2. How Children’s Information Is Collected

The Service is designed for use by Scouting America (Boy Scouts of America) units and their adult leaders, parents, and guardians. We do not collect personal information directly from children under thirteen (13). Children’s personal information is entered into the Service by:

  • Troop Administrators. Adult leaders (Scoutmasters, Committee Chairs, and other authorized adult volunteers) who manage scout records.
  • Parents and Guardians. Parents or legal guardians who create family accounts and enter information about their children, including health forms and emergency contact details.

3. Direct Notice to Parents

Before any personal information of a child under thirteen is collected, we provide the child’s parent or guardian with a direct notice that includes:

  1. That we have collected the parent’s contact information so that we may seek verifiable parental consent.
  2. The categories of personal information that will be collected from the child (see Section 5).
  3. The purposes for which the information will be used (see Section 6).
  4. The categories of third parties to whom the information will be disclosed (see Section 7).
  5. Whether the disclosure is necessary to the Service or whether the parent may consent to collection and use without consenting to disclosure to third parties for purposes not integral to the Service.
  6. That the parent must consent to collection, use, and disclosure of the child’s personal information before any such activity occurs.
  7. That the parent may refuse to consent or revoke consent at any time, and the procedure for doing so.
  8. That MySummitKeep will not require a child to disclose more information than is reasonably necessary to participate.
  9. A link to this Children’s Privacy Policy.

A current sample of the direct notice is available on request from privacy@mysummitkeep.com.

We obtain verifiable parental consent before any collection, use, or disclosure of a child’s personal information. Our consent mechanisms include:

  • In-Platform Consent. When a troop administrator creates a scout profile for a child under thirteen, the Service sends an invitation to the child’s parent or guardian. The parent or guardian must create an account, complete identity verification, and affirmatively consent to the collection and use of their child’s information before the profile is activated.
  • Consent Form Method. Troop administrators may collect parental consent using electronic consent forms provided through the Service, which specify the types of information collected and how it will be used. Such consent is captured with timestamp and IP address, and the parent must affirmatively click to accept before the form is submitted.

We do not condition a child’s participation in any activity on the disclosure of more personal information than is reasonably necessary.

If we wish to disclose a child’s personal information to a third party for any purpose not integral to the Service (such as third-party advertising or analytics inside the Service), we will obtain separate, opt-in parental consent for that specific disclosure, distinct from the consent obtained for use of the Service itself.

5. Information We Collect About Children

Through the actions of troop administrators and parents/guardians, the following categories of information about children under thirteen may be entered into the Service:

  • Identity Information. First and last name, date of birth, BSA member ID number.
  • Contact Information. Home address (associated with the parent/guardian account), parent/guardian phone number and email address.
  • Scouting Records. Rank advancement, merit badge progress, camping nights, service hours, leadership positions, activity attendance.
  • Event Participation. Permission slip responses, event attendance, transportation arrangements.

Health information is not currently collected. The Service does not currently store medical or health information about children (e.g., the BSA Annual Health and Medical Record, allergies, medications). If health-record functionality is added, we will update this policy and obtain new parental consent before any child’s health information is collected.

We do not collect from children: health information (see note above), precise geolocation, biometric identifiers, photographs of the child uploaded by the child, audio or video recordings, persistent identifiers used for any cross-context behavioral advertising, social-security numbers, government identifiers other than the BSA member ID, or financial account information.

6. How We Use Children’s Information

We use children’s personal information solely for the following purposes:

  • To provide the troop management features of the Service (advancement tracking, event management, recordkeeping).
  • To enable authorized adult leaders and parents/guardians to manage and monitor their children’s scouting activities.
  • To generate advancement reports and records for the troop and the child’s family.
  • To support the safety and security of the Service.
  • To comply with legal obligations and respond to lawful requests.

We do not use children’s personal information for behavioral advertising, profiling, training third-party AI models, or any purpose not described in this Section 6.

7. Disclosure of Children’s Information

We do not sell, rent, or trade children’s personal information. We disclose children’s information only as follows:

Recipient categoryPurposeIntegral to the Service?
Within the unitAuthorized adult leaders and parent/guardian, per role-based access controlsYes
Cloud hosting (Microsoft Azure, U.S. regions)Storage and computeYes
Transactional email providerAccount and event emailYes
SMS provider (Microsoft Azure Communication Services)SMS delivery (parent/guardian only)Yes
Payment processorSubscription billing (parent/guardian only)Yes
Legal authoritiesCompliance with legal process or to protect the safety of any personYes

Scout-to-scout visibility within the Service is limited to name, patrol assignment, and advancement rank, unless configured otherwise by the troop administrator.

8. Written Information Security Program

We maintain a written information security program (“WISP”) that includes:

  • A designated security officer responsible for the program.
  • An annual risk assessment of foreseeable internal and external risks to the confidentiality, security, and integrity of children’s personal information.
  • Administrative, technical, and physical safeguards reasonably designed to protect children’s personal information, including:
    • Encryption in transit (TLS 1.2+) and at rest (AES-256).
    • Role-based access controls.
    • Audit logging of all access to children’s records.
    • Multi-factor authentication for administrator accounts.
    • Vendor due diligence and contractual safeguards.
  • Periodic testing and monitoring of the effectiveness of safeguards.
  • Annual review and update of the WISP and this policy.

A summary of the WISP is available on request from privacy@mysummitkeep.com.

9. Parental Rights

Parents and legal guardians have the following rights regarding their child’s personal information:

  • Right to Review. Review the personal information we have collected about the child by logging into the parent/guardian account or contacting us.
  • Right to Correction. Request correction of any inaccurate personal information.
  • Right to Deletion. Request deletion of the child’s personal information. Upon a verified deletion request, we will delete the child’s information within thirty (30) days, except where retention is required by law.
  • Right to Refuse Further Collection. Refuse to permit further collection of the child’s personal information. This may limit the child’s ability to participate in certain features of the Service.
  • Right to Revoke Consent. Revoke consent at any time. Upon revocation, we will cease processing the child’s data and delete it as described above.

To exercise these rights: log into your parent/guardian account; email privacy@mysummitkeep.com; or submit a request at https://www.mysummitkeep.com/privacy-request.

10. Data Retention Policy for Children’s Information

We retain children’s personal information only for as long as is reasonably necessary to fulfill the purposes for which it was collected. Specifically:

TriggerRetention period
Active scout recordDuration of active membership in the unit
Scout becomes inactive (no activity for 12 months)30 days, after which the record is deactivated and personal information beyond aggregated achievement records is deleted
Parental deletion request30 days from verification of request
Parental revocation of consent30 days from revocation
Account closure by troop30-day export window, then deletion within 60 days
BackupsChildren’s personal information is overwritten in backups within 90 days

Aggregated, de-identified data (e.g., total camping nights for the unit, not tied to any child) may be retained indefinitely.

11. No Third-Party Behavioral Advertising

We do not allow third-party behavioral advertising or third-party tracking inside the signed-in Service. We do not use children’s information for advertising of any kind, on or off the Service. The cookie consent options on our public marketing site do not apply to the signed-in Service.

12. Changes to This Policy

If we make material changes to this Children’s Privacy Policy, we will notify parents and guardians by email and through the Service. For material changes that affect the collection, use, or disclosure of children’s information, we will obtain new affirmative parental consent before the change takes effect.

13. Contact Information

MySummitKeep LLC Attn: Privacy Officer 5005 W Laurel St, Ste 100 #3250 Tampa, FL 33607 Phone: (813) 418-6800 Privacy: privacy@mysummitkeep.com Support: support@mysummitkeep.com Website: www.mysummitkeep.com

You may also contact the Federal Trade Commission:

Federal Trade Commission Children’s Privacy, Bureau of Consumer Protection 600 Pennsylvania Avenue, NW Washington, DC 20580 [ftc.gov — Children’s Privacy](https://www.ftc.gov/tips-advice/business-cen

↑ Back to top

Other Legal Documents

Terms of Service · Privacy Policy · Acceptable Use Policy · Cookie Policy · Children's Privacy (COPPA) · Data Processing Addendum · Business Associate Agreement · Cloud Service Agreement · SMS Notifications