Privacy Policy

Last Updated: April 30, 2026 Effective Date: April 30, 2026

Coliseum AI, Inc. ("Coliseum," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our websites (including meetcoliseum.com), our platform, and our services (collectively, the "Services").

This Privacy Policy is incorporated into and forms part of our Terms of Service.

1. Scope and Our Role

Coliseum provides an AI-powered platform that enables sports teams, venues, and event operators (each, an "Organization") to deploy AI agents for fan engagement, including outbound messaging campaigns and inbound conversational services across SMS, email, and other channels.

We play two distinct roles depending on whose data is involved:

1.1 Coliseum as a Business / Data Controller

With respect to information we collect directly — from visitors to our websites, from Organization personnel who use the platform, from prospects, and from job applicants — Coliseum is the "business" under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") and the "data controller" under similar laws. Sections 2 through 7 of this Policy describe how we handle that information.

1.2 Coliseum as a Service Provider / Processor

With respect to fan and contact information that an Organization uploads to or generates within the Services (for example, fan records imported by a sports team to run a campaign), the Organization is the "business" or "data controller" and Coliseum is the "service provider" or "data processor." We process that information on the Organization's behalf, under the Organization's instructions, solely to provide the Services. Section 8 describes that role.

If you are a fan or other recipient of messages sent through our platform and you have questions about how your information is used, please contact the Organization that sent you the message. You may also contact us at privacy@meetcoliseum.com and we will route your request appropriately.

2. Information We Collect (As a Business)

2.1 Information You Provide to Us

  • Account information: name, email address, phone number, employer, job title, and credentials when you register for an account or request a demo.
  • Communications: information you submit when you contact support, fill out a form on our website, respond to a survey, or otherwise communicate with us.
  • Billing information: company name, billing contact, billing address, and tax information (we do not store full payment card numbers; payment processing is handled by third-party processors).
  • Job applications: information submitted through hiring channels (resume, work history, references).

2.2 Information Collected Automatically

When you visit our websites or use the platform, we automatically collect:

  • Device and log data: IP address, browser type and version, operating system, referring URLs, pages viewed, links clicked, timestamps, and crash diagnostics.
  • Cookies and similar technologies: as described in Section 6.

2.3 Information from Third Parties

We may receive information about you from:

  • analytics, security, and fraud-prevention providers;
  • business contact databases and marketing data providers (for prospecting);
  • public sources (e.g., LinkedIn) when researching prospective customers;
  • our Organization customers, when they identify you as an Authorized User of their Coliseum account.

3. How We Use Information (As a Business)

We use the information described in Section 2 to:

  • provide, operate, secure, and improve the Services;
  • create and manage accounts, authenticate users, and process payments;
  • respond to inquiries and provide customer support;
  • send transactional messages (e.g., service notices, security alerts, billing notices);
  • send marketing communications about our Services (you can opt out at any time);
  • analyze usage to improve features, performance, and user experience;
  • detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service;
  • comply with legal obligations and enforce our agreements;
  • conduct corporate transactions (e.g., financings, mergers, acquisitions, due diligence).

4. How We Disclose Information (As a Business)

We disclose information in the following circumstances:

  • Service providers and subprocessors: vendors that perform services on our behalf, bound by contracts that limit their use of the information to providing services to us. See Section 9 for our key subprocessors.
  • Affiliates: members of our corporate family, consistent with this Policy.
  • Legal and safety: when required by law, subpoena, court order, or other legal process; to protect the rights, property, or safety of Coliseum, our customers, or others; to investigate fraud or security incidents; or to enforce our agreements.
  • Corporate transactions: in connection with a merger, acquisition, financing, sale of assets, or similar transaction. We will notify you (e.g., via email and/or a prominent notice on our website) of any change in ownership or use of your information.
  • With your consent or at your direction.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding twelve months.

5. SMS, Email, and Messaging Information

This Section applies to information processed in connection with messaging features of the Services, including SMS messages sent or received via Twilio and email messages sent or received via Resend.

5.1 What We Process

  • mobile phone numbers, email addresses, and other contact identifiers;
  • message content (drafted by AI agents, reviewed by Organization personnel, or sent by recipients in reply);
  • delivery metadata (timestamps, delivery status, error codes, opt-in and opt-out events);
  • carrier-provided metadata necessary to deliver messages.

5.2 No Sale or Sharing of Mobile Information

Mobile information (including phone numbers and SMS opt-in data) will not be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subprocessors (such as Twilio for message delivery) is limited to the purpose of operating the Services. This restriction applies to all SMS opt-in data and consent records, and no such information is sold to or shared with third parties for their independent marketing.

5.3 Opt-Out and Opt-In

Recipients can opt out of SMS messages at any time by replying with standard opt-out keywords (such as STOP, UNSUBSCRIBE, CANCEL, END, or QUIT). Recipients can request help by replying HELP. Opt-out events are recorded by the Services and honored on subsequent campaigns. We retain opt-out records for as long as necessary to honor the opt-out preference, which may be indefinite.

Email recipients can unsubscribe via the unsubscribe link included in marketing emails or by replying with an unsubscribe request.

5.4 Message Content and AI Processing

Messages drafted, sent, or received through the Services may be processed by AI models (including Google Gemini) to generate, classify, and respond to messages. Message content is processed only to provide the Services and is not used to train foundation models that are made available to third parties outside the Services.

5.5 Carrier Compliance

We comply with applicable carrier requirements, including A2P 10DLC registration, brand and campaign vetting, and the CTIA Messaging Principles and Best Practices. Organizations are responsible for obtaining all required consents from message recipients before any messages are sent.

6. Cookies and Similar Technologies

We use cookies and similar technologies on our websites to:

  • enable core site functionality (e.g., authentication, session management);
  • measure site usage and performance;
  • remember your preferences;
  • support marketing and analytics where appropriate.

You can control cookies through your browser settings. Disabling certain cookies may impact site functionality. Where required by law, we provide a cookie banner that lets you manage non-essential cookies.

We do not currently respond to "Do Not Track" browser signals because no consistent industry standard exists. We do honor recognized opt-out signals (such as the Global Privacy Control / GPC) for residents of jurisdictions where required by law.

7. Your Rights and Choices

Depending on where you live, you may have the following rights:

7.1 Rights Available to Many Users

  • Access: request a copy of personal information we hold about you.
  • Correction: request that we correct inaccurate personal information.
  • Deletion: request that we delete personal information we hold about you, subject to exceptions allowed by law.
  • Portability: request a copy of your personal information in a portable format.
  • Opt out of marketing: unsubscribe from marketing emails using the link in any marketing message, or contact us at privacy@meetcoliseum.com.

7.2 California Residents (CCPA/CPRA)

California residents have the rights described above and the additional rights to:

  • know the categories and specific pieces of personal information we have collected about them, the categories of sources, the purposes for collecting it, and the categories of third parties with whom we disclose it;
  • opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under the CCPA/CPRA);
  • limit the use of "sensitive personal information" (we do not use sensitive personal information for any purpose that requires this right);
  • non-discrimination for exercising any of these rights.

You may exercise California rights by emailing privacy@meetcoliseum.com or writing to the address in Section 12. We will verify your request using reasonable methods (which may include matching information you provide against information we have on file). You may use an authorized agent to submit a request on your behalf, subject to verification of the agent's authority.

7.3 Other U.S. State Rights

Residents of other states with comprehensive privacy laws (e.g., Colorado, Connecticut, Virginia, Utah, Texas, and others as those laws come into effect) may have similar rights, including the rights to access, correct, delete, and obtain a portable copy of personal information, and to opt out of certain processing. Submit requests to privacy@meetcoliseum.com.

7.4 Appeals

If we deny your request, you may appeal by replying to our denial or contacting privacy@meetcoliseum.com with the subject line "Privacy Appeal." We will respond within the timeframe required by applicable law.

7.5 Fans and Message Recipients

If you are a fan or other message recipient and you wish to exercise rights with respect to information processed on behalf of an Organization, please contact that Organization directly. We will assist the Organization in responding to your request as required by applicable law. You may also contact us at privacy@meetcoliseum.com and we will route your request to the appropriate Organization.

8. Information Processed on Behalf of Organizations

When an Organization uses the Services to engage with its fans or contacts, the Organization is responsible for the personal information it uploads to or generates within the Services, including:

  • fan and contact records (name, email, phone number, attendance and purchase history, preferences);
  • message content;
  • recipient responses and engagement signals.

In this capacity, Coliseum acts as a service provider (CCPA/CPRA) or processor (other privacy laws) and processes this information only:

  • to provide and support the Services for the Organization;
  • on the Organization's documented instructions (including those set in the platform's configuration);
  • as otherwise required or permitted by applicable law.

We do not sell or share this information, and we do not use it for our own independent marketing or to train foundation models offered to third parties outside the Services.

If you are an individual whose information has been uploaded to the Services by an Organization and you wish to exercise privacy rights, your request is generally directed to that Organization. We will support the Organization in responding.

9. Subprocessors

We engage trusted third parties to help operate the Services. As of the effective date of this Policy, our key subprocessors include:

SubprocessorPurposeCategories of Data
Google LLCAI model inference (Gemini), agent runtime, and cloud infrastructurePrompts, message content, fan profile data passed to the model, operational logs
Twilio Inc.SMS delivery, inbound message routing, and 10DLC compliancePhone numbers, message content, delivery metadata, opt-in/opt-out records
ResendTransactional and campaign email deliveryEmail addresses, message content, delivery metadata

Each subprocessor is bound by contractual obligations to handle personal information consistent with this Policy and applicable law. We may add or change subprocessors as our Services evolve. Material changes will be reflected in updates to this Policy or in our Master Agreements with Organizations.

10. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices include:

  • Account and billing records: retained for the life of the account and for a reasonable period thereafter for legal, accounting, and audit purposes (typically not more than seven years post-termination).
  • Customer Data submitted by Organizations: retained per the Organization's instructions and the Master Agreement; available for export for thirty (30) days after termination, after which it may be deleted in accordance with our deletion practices.
  • Raw message logs and engagement data: typically retained for up to eighteen (18) months, after which they are deleted or aggregated/de-identified.
  • Opt-out records: retained for as long as necessary to honor the opt-out preference, which may be indefinite.
  • Website logs and security telemetry: typically retained for up to twelve (12) months, longer if required for security investigations or legal obligations.
  • Aggregated and de-identified data: may be retained indefinitely.

11. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, audit logging, network segmentation, vendor security review, and personnel training.

No security measures are perfect or impenetrable. If you have reason to believe that your account or information is no longer secure, please notify us immediately at security@meetcoliseum.com.

12. International Users and Data Transfers

Coliseum is based in the United States, and our Services are operated from the United States. If you access the Services from outside the United States, your personal information may be transferred to, stored in, and processed in the United States and other jurisdictions where our subprocessors operate. Privacy laws in these jurisdictions may differ from those in your home country.

Where required, we rely on appropriate transfer mechanisms (such as the European Commission's Standard Contractual Clauses) to support international transfers. Contact us at privacy@meetcoliseum.com for additional information about transfer safeguards relevant to your jurisdiction.

13. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe we may have collected information from a child under 13, please contact us at privacy@meetcoliseum.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide reasonable notice (for example, by email, in-product notice, or a prominent notice on our website) and update the "Last Updated" date at the top of this Policy. Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy.

15. Contact

For privacy questions, requests, or to exercise your rights, contact us at:

Coliseum AI, Inc. Attn: Privacy 1014 Broadway #1125 Santa Monica, CA 90401 Email: privacy@meetcoliseum.com

For security concerns, contact security@meetcoliseum.com.

For general legal notices, contact legal@meetcoliseum.com or refer to our Terms of Service.