Knowledge Hub / Governance, Safety & Identity

Governance, Compliance & Identity

Transform your club from a group of volunteers into a professionally managed entity. Learn how MyAthlete uses Polymorphic Identity, Scoped Permissions, and automated compliance tracking to protect your athletes and your committee.

In the current landscape of youth sports, the legal and moral liability on a club committee is higher than ever. Most platforms treat "Safeguarding" as a folder of PDFs and "Identity" as a simple login. MyAthlete treats them as a proactive, logic-driven governance framework.

By merging Polymorphic Identity with a Verifiable Compliance Pipeline, MyAthlete creates an environment where "unqualified" or "unauthorized" actions are mathematically filtered out before they can happen.

1. Architectural Choice: Role Polymorphism

In legacy systems, a user is a "Flat Type." If a Head Coach is also a Parent of a swimmer, they often need two separate email accounts to see different dashboards, leading to data fragmentation and insecure password sharing.

MyAthlete utilizes a Polymorphic Role Architecture. A single User object can simultaneously hold the properties of an Athlete, a Parent, and a Coach/Admin.

  • Context-Aware UI: The system detects the intersection of these roles at login. If a user is both a Parent and a Coach, their dashboard dynamically provisions a "Family Wallet" side-by-side with a "Meet Entry Review" tool.
  • The Benefit: One identity, one login, zero friction. It treats the user as a whole person, significantly reducing cognitive load and administrative "account cleanup" tickets.

2. The Scoped Permission Engine (PoLP)

MyAthlete moves away from the dangerous "Global Admin" status by implementing Fine-Grained Scoped Permissions based on the Principle of Least Privilege (PoLP).

Instead of giving an assistant coach full admin access just to take attendance, you grant specific, isolated scopes:

  • can_manage_finance: Only the Treasurer handles the Temporal Ledger and Batching tools.
  • can_manage_compliance: Only the Welfare/Safeguarding Officer handles compliance documents.
  • can_manage_entries: Only the Gala Secretary handles SD3 exports and meet approvals.

Protecting the Committee

Domain Isolation protects the club from internal data breaches and accidental deletions. It ensures that highly sensitive medical or financial data is mathematically restricted to those who legally require it for their role.

3. The Compliance Audit Trail (Audit)

Compliance is no longer a static checkbox. With the introduction of Audit, governance becomes a verifiable, real-time stream of evidence.

The system constantly cross-references your SmartGroups (who is on the pool deck) with your Credential Vault (who is vetted). If a discrepancy is found, it appears on the Audit Health Check instantly.

  • Programmable Manifests: Define what "Compliant" means for your club (e.g., Vetting + Safeguarding 1 + Level 2 Coaching Cert).
  • Forensic Proof: Every approval or rejection by a Compliance Officer is timestamped and cryptographically logged, protecting the officer from claims of negligence.

4. Governed Document Storage (Docs)

Governance requires a "Single Source of Truth." Docs provides a secure, hierarchical vault for sensitive club documentation that goes beyond standard file storage.

  • Inherited Security: Place documents in the "Committee" folder, and only users with the committee_scope can see them. Sub-folders automatically inherit these strict permissions.
  • SmartGroup Linking: Link a "Technical Manual" folder directly to the "Coaching Staff" SmartGroup. As soon as a coach leaves the club and is removed from the group, their access to those documents is revoked instantly.
  • Expiry Tracking: Set expiry dates on club policies (e.g., Constitution, Health & Safety). The 90/60/30-day alert system applies to documents just as it does to coaching credentials.

5. Proactive Safety: The 90/60/30 Early Warning System

MyAthlete features a temporal monitoring engine that continuously scans the validity dates of all approved credentials and governed documents.

  • 90 Days: The user gets a "Nudge" to book a renewal course.
  • 30 Days: The Admin receives an urgent dashboard alert.
  • Expired: The system triggers a "Critical Flag" and can optionally auto-suspend deck access.

6. The Medical & Consent Vault

Safety data must be directly integrated into the operational flow, not locked in a cabinet in the club office.

  • Emergency "Two-Tap" Access: In an emergency on deck, a coach can tap an athlete's name on their mobile device to instantly view Allergies, Medical Conditions, and Emergency Contacts.
  • Digital Consent Tracking: We track "Photo Consent," "Code of Conduct signatures," and "Emergency Medical Treatment consent" as discrete, timestamped data points.

7. Legacy Platforms vs. MyAthlete OS

Feature Legacy Competitors MyAthlete Advantage
User Roles Multiple logins for different roles. Polymorphic: One login, dynamic dashboard.
Permissions "All-or-Nothing" Global Admin access. Scoped: Domain-specific security (Finance vs. Welfare).
Auditing Manual spreadsheet checking. Audit: Real-time Health Checks & ZIP exports.
Document Control Third-party links (Dropbox/Drive). Docs: Integrated, SmartGroup-linked Vault.
Medical Access Paper folders or disconnected apps. Deeply Integrated: One-tap access on the pool deck.