FieldPassSupport
← All articles

Account & platform

Security & Data

What data does FieldPass store?

FieldPass stores:

  • Account information: Your email address and role
  • Deal records: All deal fields you enter (athlete info, counterparty info, compensation, deliverables)
  • Uploaded documents: Files you attach to deals (contracts, campaign briefs, etc.)
  • Generated documents: NIL agreements and attestations produced by FieldPass
  • Packets: The compiled PDF files and their manifests
  • Submission outcomes: Accepted/rejected status and reviewer notes you log
  • Audit logs: A timestamped record of every action taken on your account and deals

Who can see my deals and packets?

  • You (the deal creator) can access your own deals and packets
  • ORG_ADMIN users can access all deals and packets in the system
  • No one else — there are no public URLs or link-based sharing for deal data

Are my documents stored securely?

Yes. Documents and packets are stored on the FieldPass platform and are only accessible through authenticated routes. There are no publicly accessible URLs to your files.

Every uploaded document is stored with a SHA-256 hash. If a file is modified after upload, the hash mismatch will be detectable.

How do I know my packet hasn't been tampered with?

Every packet includes a SHA-256 hash in its response headers and on the cover sheet. You can verify this hash yourself:

  1. Download the packet PDF
  2. Compute the SHA-256 hash of the file using any standard tool
  3. Compare it to the hash shown in FieldPass or in the packet response headers

A matching hash confirms the file has not been modified since generation.

What is the audit log?

FieldPass records a timestamped log entry for every significant action:

  • Deal created
  • Document uploaded
  • Packet generated
  • Packet downloaded
  • Submission outcome recorded
  • Deal deleted

Audit logs include the acting user, IP address, and user agent. ORG_ADMIN users can access the metrics dashboard which surfaces aggregate audit data. Full audit log exports are planned for Pro and org tiers.

Can I delete my data?

Yes. Deleting a deal permanently removes:

  • The deal record and all deal fields
  • All associated document uploads (files and database records)
  • All generated documents and packets
  • All submission outcomes
  • All audit log entries for that deal

Deletion is immediate and cannot be reversed. Download any packets or documents you need before deleting.

Is FieldPass HIPAA or FERPA compliant?

FieldPass is not a healthcare or educational records platform and does not process health information. It does process student-athlete PII (names, school, email). FERPA applicability is an institution-specific question — consult your compliance office if you have concerns about student records obligations.

What authentication method does FieldPass use?

The current pilot uses a lightweight authentication model. Production deployments will use proper authentication including multi-factor authentication for admin access. Contact the FieldPass team if you have specific security requirements for your institution.