Last updated: July 5, 2026
ClearedFor (“ClearedFor,” “we,” “us”), operated by Accordance LLC (doing business as ClearedFor), is a service that lets parents and guardians review and electronically sign permission slips for youth activities, and lets activity leaders track who has signed and carry an emergency roster. This policy explains what information we collect, why, who we share it with, how long we keep it, and the choices and rights you have. It applies to people in the United States who use the service.
We built ClearedFor around data minimization. Sensitive information about a youth — medical conditions, allergies, medications, insurance, and emergency contacts — lives in the signing parent or guardian’s control, is encrypted, and is permanently destroyed a limited time after each activity ends. The organization that runs the activity keeps only a thin roster (names) plus a tamper-evident record that a valid signature existed.
A permission slip belongs to the organization (for example, a troop, club, congregation, or other group) that creates the activity. That organization and ClearedFor each act as a controller of the information described below for their respective purposes. ClearedFor provides the platform and the safeguards; the organization decides which activities to run and which leaders may view an activity’s emergency roster. If you signed a slip for a specific organization and want to exercise rights against that organization’s copy of a record, contact us and we will route the request appropriately.
We collect the following categories, depending on how you use the service:
We do not use third-party advertising or analytics trackers, and we do not build advertising profiles. The service uses the cookies and local storage strictly necessary to keep you signed in and to operate the signing flow, plus one optional first-party cookie: if you arrive through an organization’s referral link, we set a cookie holding that link’s code for 30 days. The code identifies the referring organization, not you — it is the same for everyone who follows that link. We read it only if you create an organization, so we can credit the group that referred it; we do not use it to track your browsing and we do not share it with anyone. If you never create an organization, the cookie simply expires.
We process this information to provide a service you (or your organization) requested and to meet our legal obligations. Where we rely on consent — including a parent’s consent to provide a child’s information — you may withdraw it as described below. We do not use your information for any purpose materially different from those listed here without telling you first.
ClearedFor is designed for use by adults (parents, guardians, and leaders) and is not directed to children. We do not knowingly let a child under 13 create an account or use the service directly, and we do not knowingly collect personal information from a child. Information about a youth is parent-provided, not child-directed: it is supplied by the youth’s parent or guardian, who reviews it and consents on the child’s behalf when they sign. This parent-provided model — collecting nothing from children themselves — is how we approach the U.S. Children’s Online Privacy Protection Act (COPPA).
If you believe a child provided us information directly without a parent or guardian, contact us at privacy@clearedfor.org and we will delete it.
A youth’s medical details, allergies, medications, insurance, and emergency contacts are sensitive information and we treat them accordingly. ClearedFor is not a healthcare provider and this information is not used as a medical record; it exists so a leader can respond in an emergency. We encrypt each slip’s sensitive payload under a unique per-slip key, the key material is held in a hardware-backed key-management service and never enters our application memory, and access is restricted to leaders assigned to that specific activity (and logged). When the retention window closes, we destroy the key so the data can no longer be read (“crypto-shredding”). We do not sell or share sensitive information, and we do not use it for any purpose other than the signing and emergency-roster purpose for which it was provided.
A document a parent uploads and the answers to an activity survey are protected the same way: each is encrypted under its own key and destroyed on the activity’s retention clock by crypto-shredding. A survey collects planning information for the activity — we do not treat it as a medical record, and we do not use survey answers or uploaded documents for any purpose other than running the activity they were provided for.
We share information only in these limited ways:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and encrypted file storage |
| Vercel | Application hosting and delivery |
| Google Cloud KMS | Encryption-key management (key material only) |
| Resend | Transactional email (one-time codes, signed-slip copies) |
| Stripe | Payment processing for organization credit purchases (card details handled by Stripe, not stored by ClearedFor) |
We do not sell personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under California law. We have no financial incentive to monetize your data.
We keep different categories of information for different periods, by design, so that sensitive data does not linger:
| What | How long |
|---|---|
| Encrypted slip payload (medical/contact details and the signed PDF) | Destroyed by crypto-shredding a limited period after the activity ends |
| Uploaded documents and survey answers (encrypted) | Destroyed by crypto-shredding a limited period after the activity ends, like the slip payload |
| Signature certificate (signer name, verified contact, IP, timestamp, document hash — no medical content) | Retained longer as a legal record; because the signer may have acted for a minor, the period can extend to reflect applicable limitation periods |
| Organization roster (names only) and account information | For as long as the account/organization is active; inactive organizations move to a deletion track |
| Billing records and audit logs | As required for accounting, security, and legal compliance |
On an erasure request we reduce a signature certificate to a non-identifying stub recording only that a signing existed and when it was withdrawn or erased. The specific retention windows are set with legal counsel and may be updated; if you want to know the current period for a record, contact us.
Depending on where you live, you have rights over your personal information. We honor these rights regardless of where you live, to the extent they apply. To exercise any of them, contact us at privacy@clearedfor.org. We will verify your request (typically by confirming control of the email tied to the information) and respond within the time the law requires. We will not discriminate against you for exercising your rights.
United States. Residents of states with comprehensive privacy laws — including California (CCPA/CPRA), Utah (UCPA), Virginia, Colorado, Connecticut, and others — generally have the right to:
California residents may also request the categories of information collected, the sources, the business purpose, and the categories of recipients (the disclosures in this policy describe these). You may use an authorized agent to submit a request.
You can withdraw consent to a permission slip at any time. Because signing creates a ClearedFor account, you can withdraw the slip from your family dashboard with one tap. There is no password to lose: signing in is a code sent to your account’s email address, so access to that email is what authorizes the change. Withdrawing consent removes the youth’s clearance to attend (a leader is notified) and an erasure request early-destroys the encrypted payload. Because a signed record snapshots the data as it stood at the moment of signing, editing or deleting a saved profile does not by itself retract or change a signature already given. For the same reason a signed slip cannot be edited in place: to correct information on a slip you have already signed, withdraw that slip and sign it again with the corrected details. The withdrawal and the new signature each leave their own record.
We protect information with measures including: per-slip encryption of sensitive payloads with keys held in a hardware-backed key-management service; database-enforced access controls that restrict an activity’s emergency data to its assigned leaders; one-time-code authentication rather than stored passwords; audit logging of sensitive reads and exports; and encryption of data in transit. No method of transmission or storage is perfectly secure, but we design the system so that the most sensitive data is short-lived and unreadable once its retention window closes.
ClearedFor and its service providers process and store information in the United States. We require our service providers to protect information consistent with this policy and applicable law.
We may update this policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the service after an update means you accept the revised policy.
Questions, requests, or complaints about your privacy? Contact us at privacy@clearedfor.org. We will respond within the time required by applicable law.