Clubspot legal ยท Pilot privacy draft
Privacy policy
This policy explains how Clubspot handles personal information when clubs use the service for member records, operational tasks, bookings, and messaging.
Status
Draft for legal review before production launch.Contact
privacy@clubspot.co.nz for privacy questions and requests.Related pages
Terms & Conditions and cookie notice.Purpose
This notice describes how Clubspot collects, uses, stores, and discloses personal information when clubs and authorised users use the service.
It is a working draft, not legal advice. Confirm final wording with New Zealand legal counsel before production launch.
Information we collect
- account and contact information for administrators and authorised users
- member record data submitted by clubs (for example name, email, phone, tags, and consent flags)
- files clubs upload (for example CSV or spreadsheets) for knowledge or operational context, when that feature is offered
- event, booking, and club-task operational data
- messaging metadata and delivery outcomes
- technical and security telemetry needed to operate and secure the hosted service
How we use information
- to provide, secure, and improve the Clubspot service
- to process member-management, task, booking, and communication workflows requested by clubs
- to provide support and investigate incidents
- to meet legal obligations and enforce platform terms
Data roles
Clubs control the member and operational data they choose to place in Clubspot.
Clubspot provides the hosted software and related support used to process that information.
Retention
Data is retained while the club has an active service relationship.
Retention and deletion handling after termination follows the contract, offboarding terms, and legal obligations.
Where clubs connect email automation, personal data we store for that pipeline (for example message content and related processing records in our database) is intended to be kept for no more than twenty-four (24) months on a rolling basis. Historical import when a club first connects is limited to at most twenty-three (23) months. After go-live we plan a monthly deletion pass for data past that window. ClubOS memory on our automation hosts should follow the same window. Other data (such as member records) follows the relationship and offboarding rules above unless the policy is updated after legal review.
Security
Clubspot applies reasonable administrative and technical safeguards.
No internet service can be guaranteed perfectly secure.
Clubs must also maintain appropriate account-access controls and authorised-user governance.
International processors and subprocessors
This draft should be finalised with an explicit subprocessor list and data-location notes before launch.
Rights and requests
Privacy requests and questions should be directed to privacy@clubspot.co.nz.
Breach response
The production policy should align to Privacy Act 2020 obligations, including serious-harm breach notification pathways.
Draft notice
This is a pilot-stage draft and will be finalised before commercial launch.