ClearedFor

Privacy Policy

Last updated: July 5, 2026

ClearedFor (“ClearedFor,” “we,” “us”), operated by Accordance LLC (doing business as ClearedFor), is a service that lets parents and guardians review and electronically sign permission slips for youth activities, and lets activity leaders track who has signed and carry an emergency roster. This policy explains what information we collect, why, who we share it with, how long we keep it, and the choices and rights you have. It applies to people in the United States who use the service.

We built ClearedFor around data minimization. Sensitive information about a youth — medical conditions, allergies, medications, insurance, and emergency contacts — lives in the signing parent or guardian’s control, is encrypted, and is permanently destroyed a limited time after each activity ends. The organization that runs the activity keeps only a thin roster (names) plus a tamper-evident record that a valid signature existed.

At a glance

  • We collect only what is needed to sign a slip, clear a youth for an activity, and keep a legal record of the signature.
  • A youth’s medical and emergency details are encrypted and crypto-shredded after the activity — they are not kept long-term.
  • We never sell personal information and never use it for advertising or data monetization.
  • You can withdraw consent and request deletion at any time (see Your rights).
  • The service is intended to be used by an adult parent or guardian. Information about children is provided by that adult, who consents on the child’s behalf.

Who controls your information

A permission slip belongs to the organization (for example, a troop, club, congregation, or other group) that creates the activity. That organization and ClearedFor each act as a controller of the information described below for their respective purposes. ClearedFor provides the platform and the safeguards; the organization decides which activities to run and which leaders may view an activity’s emergency roster. If you signed a slip for a specific organization and want to exercise rights against that organization’s copy of a record, contact us and we will route the request appropriately.

Information we collect

We collect the following categories, depending on how you use the service:

  • Account information (leaders, owners, and parents). Your display name, email address, and the authentication method you used (a one-time code sent by email). Signing a slip creates a free account tied to your email. We do not store passwords for sign-in; we use one-time email codes.
  • Signer verification and signature record. When a slip is signed we record the signer’s name, the verified email they confirmed by one-time code, the IP address and browser/device user-agent at signing, the authentication method, timestamps, the consent text version, an attestation that the signer is the youth’s parent/guardian (or is signing for themselves), and a cryptographic hash of the signed PDF. This is the legal e-signature certificate.
  • Youth/child profile and slip data. The youth’s name, and the details a parent or guardian enters for a slip: birthdate, allergies, medications, medical notes, insurance information, and emergency contacts (name, relationship, phone). This lives in a parent-owned profile, tied to the signer’s account, that can be reused and edited across activities.
  • Documents you upload. If an activity requires a document that was completed and signed outside the service (for example, a provider-completed health form or physical), the parent or guardian uploads it, and we store the file, encrypted, so the activity’s assigned leaders can confirm it was provided. We do not verify who completed it or whether its contents are accurate. An uploaded document may contain a youth’s medical or other sensitive information; we treat it as sensitive (see below).
  • Survey answers. If a leader includes a short survey (for example, shirt size, meal choice, pickup arrangement, or skill level), we store the answers a parent or guardian provides for their youth. Surveys collect planning information for the activity; they are not signed documents or consents. Because an answer box can hold whatever a parent types, we treat survey answers as sensitive and encrypt them.
  • Roster information held by an organization. A deliberately thin reference — a youth’s display name, sub-unit or group, and optionally age or grade. No medical information is stored at the organization level.
  • Activity and billing information. Activity details that leaders create, and, for organizations that purchase credits, payment records and a credit ledger (amounts, currency, processor reference, and status). Card details are handled by our payment processor, not stored by ClearedFor.
  • Access and audit logs. When a leader views an emergency payload, an uploaded document, or a survey answer, or exports a packet or report, we log who acted, the action, the target, IP, and time. These logs protect the youth’s data and let us show who accessed what.

We do not use third-party advertising or analytics trackers, and we do not build advertising profiles. The service uses the cookies and local storage strictly necessary to keep you signed in and to operate the signing flow, plus one optional first-party cookie: if you arrive through an organization’s referral link, we set a cookie holding that link’s code for 30 days. The code identifies the referring organization, not you — it is the same for everyone who follows that link. We read it only if you create an organization, so we can credit the group that referred it; we do not use it to track your browsing and we do not share it with anyone. If you never create an organization, the cookie simply expires.

How we use information

  • To let parents and guardians review and electronically sign permission slips.
  • To verify control of the email used to sign, which is the basis for attributing a signature.
  • To give activity leaders an emergency roster and confirm which youth are cleared to attend.
  • To collect the documents and survey answers an activity requires, and to let its assigned leaders confirm they were provided.
  • To create and keep a legally valid record of consent (as required by U.S. ESIGN/UETA and equivalent rules) and to honor consent withdrawals.
  • To process organization payments and maintain the credit balance.
  • To credit the organization whose referral link introduced a newly created organization.
  • To secure the service, prevent abuse, debug problems, and comply with legal obligations.

We process this information to provide a service you (or your organization) requested and to meet our legal obligations. Where we rely on consent — including a parent’s consent to provide a child’s information — you may withdraw it as described below. We do not use your information for any purpose materially different from those listed here without telling you first.

Children’s and minors’ information

ClearedFor is designed for use by adults (parents, guardians, and leaders) and is not directed to children. We do not knowingly let a child under 13 create an account or use the service directly, and we do not knowingly collect personal information from a child. Information about a youth is parent-provided, not child-directed: it is supplied by the youth’s parent or guardian, who reviews it and consents on the child’s behalf when they sign. This parent-provided model — collecting nothing from children themselves — is how we approach the U.S. Children’s Online Privacy Protection Act (COPPA).

  • A parent or guardian provides, reviews, and can edit or delete the youth’s information.
  • We collect only what an activity needs and we minimize how long any of it is retained (see Retention).
  • We do not require a child to disclose more than is reasonably necessary to participate, and we never condition signing on collecting unnecessary data.
  • A parent or guardian may review the youth’s information, refuse to allow its further use, and request its deletion by contacting us.

If you believe a child provided us information directly without a parent or guardian, contact us at privacy@clearedfor.org and we will delete it.

Sensitive and medical information

A youth’s medical details, allergies, medications, insurance, and emergency contacts are sensitive information and we treat them accordingly. ClearedFor is not a healthcare provider and this information is not used as a medical record; it exists so a leader can respond in an emergency. We encrypt each slip’s sensitive payload under a unique per-slip key, the key material is held in a hardware-backed key-management service and never enters our application memory, and access is restricted to leaders assigned to that specific activity (and logged). When the retention window closes, we destroy the key so the data can no longer be read (“crypto-shredding”). We do not sell or share sensitive information, and we do not use it for any purpose other than the signing and emergency-roster purpose for which it was provided.

A document a parent uploads and the answers to an activity survey are protected the same way: each is encrypted under its own key and destroyed on the activity’s retention clock by crypto-shredding. A survey collects planning information for the activity — we do not treat it as a medical record, and we do not use survey answers or uploaded documents for any purpose other than running the activity they were provided for.

How we share information

We share information only in these limited ways:

  • With the organization and its assigned leaders. A leader assigned to an activity can see who has signed and, for that activity, the emergency roster. Leaders cannot see another guardian’s account or signers’ contacts beyond what is on the signing record.
  • With service providers (sub-processors) that operate the service on our behalf, under contracts that limit them to our instructions:
    ProviderPurpose
    SupabaseDatabase, authentication, and encrypted file storage
    VercelApplication hosting and delivery
    Google Cloud KMSEncryption-key management (key material only)
    ResendTransactional email (one-time codes, signed-slip copies)
    StripePayment processing for organization credit purchases (card details handled by Stripe, not stored by ClearedFor)
  • For legal reasons. If required by law, valid legal process, or to protect the rights, safety, and security of users or the public.
  • In a business transfer. If ClearedFor is involved in a merger, acquisition, or sale of assets, information may transfer subject to this policy.

We do not sell personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under California law. We have no financial incentive to monetize your data.

Data retention and deletion

We keep different categories of information for different periods, by design, so that sensitive data does not linger:

WhatHow long
Encrypted slip payload (medical/contact details and the signed PDF)Destroyed by crypto-shredding a limited period after the activity ends
Uploaded documents and survey answers (encrypted)Destroyed by crypto-shredding a limited period after the activity ends, like the slip payload
Signature certificate (signer name, verified contact, IP, timestamp, document hash — no medical content)Retained longer as a legal record; because the signer may have acted for a minor, the period can extend to reflect applicable limitation periods
Organization roster (names only) and account informationFor as long as the account/organization is active; inactive organizations move to a deletion track
Billing records and audit logsAs required for accounting, security, and legal compliance

On an erasure request we reduce a signature certificate to a non-identifying stub recording only that a signing existed and when it was withdrawn or erased. The specific retention windows are set with legal counsel and may be updated; if you want to know the current period for a record, contact us.

Your rights

Depending on where you live, you have rights over your personal information. We honor these rights regardless of where you live, to the extent they apply. To exercise any of them, contact us at privacy@clearedfor.org. We will verify your request (typically by confirming control of the email tied to the information) and respond within the time the law requires. We will not discriminate against you for exercising your rights.

United States. Residents of states with comprehensive privacy laws — including California (CCPA/CPRA), Utah (UCPA), Virginia, Colorado, Connecticut, and others — generally have the right to:

  • Know and access the personal information we hold about you and how it is used and shared.
  • Correct inaccurate information. Your account details and saved profiles can be edited directly. A slip that has already been signed is a snapshot frozen at the moment of signing, so it is corrected by withdrawing it and signing again with the corrected details (see below).
  • Delete your information, subject to legal-record exceptions.
  • Opt out of any sale or targeted-advertising use — note we do neither.
  • Limit the use of sensitive information to what is necessary to provide the service — which is already how we operate.
  • Be free from discrimination for exercising these rights.

California residents may also request the categories of information collected, the sources, the business purpose, and the categories of recipients (the disclosures in this policy describe these). You may use an authorized agent to submit a request.

Withdrawing, correcting, and erasing a signed slip

You can withdraw consent to a permission slip at any time. Because signing creates a ClearedFor account, you can withdraw the slip from your family dashboard with one tap. There is no password to lose: signing in is a code sent to your account’s email address, so access to that email is what authorizes the change. Withdrawing consent removes the youth’s clearance to attend (a leader is notified) and an erasure request early-destroys the encrypted payload. Because a signed record snapshots the data as it stood at the moment of signing, editing or deleting a saved profile does not by itself retract or change a signature already given. For the same reason a signed slip cannot be edited in place: to correct information on a slip you have already signed, withdraw that slip and sign it again with the corrected details. The withdrawal and the new signature each leave their own record.

Security

We protect information with measures including: per-slip encryption of sensitive payloads with keys held in a hardware-backed key-management service; database-enforced access controls that restrict an activity’s emergency data to its assigned leaders; one-time-code authentication rather than stored passwords; audit logging of sensitive reads and exports; and encryption of data in transit. No method of transmission or storage is perfectly secure, but we design the system so that the most sensitive data is short-lived and unreadable once its retention window closes.

Where your information is processed

ClearedFor and its service providers process and store information in the United States. We require our service providers to protect information consistent with this policy and applicable law.

Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the service after an update means you accept the revised policy.

Contact us

Questions, requests, or complaints about your privacy? Contact us at privacy@clearedfor.org. We will respond within the time required by applicable law.

Privacy·Terms·Support

ClearedFor · sensitive details encrypted, then purged on a retention clock.

© 2026 Accordance LLC · ClearedFor is a service of Accordance LLC.