Back to landing

Clubspot legal

Pilot privacy draft

Privacy policy

How we handle personal information when your club uses Clubspot for member records, tasks, bookings, and operational messaging. Read alongside our Terms & Conditions and cookie notice.

Effective date (draft)1 April 2026
Review onboarding

Status

Draft for legal review — confirm with New Zealand counsel before production launch.

Contact

privacy@clubspot.co.nz for privacy questions and requests.

Related pages

Terms, cookie notice, and commercial docs in the repo legal pack.

Purpose

This notice describes how Clubspot collects, uses, stores, and discloses personal information when clubs and authorised users use the service.

It is a working draft, not legal advice. Confirm final wording with New Zealand legal counsel before production launch.

Information we collect

  • account and contact information for administrators and authorised users
  • member record data submitted by clubs (for example name, email, phone, tags, and consent flags)
  • files clubs upload (for example CSV or spreadsheets) for knowledge or operational context, when that feature is offered
  • event, booking, and club-task operational data
  • messaging metadata and delivery outcomes
  • technical and security telemetry needed to operate and secure the hosted service

How we use information

  • to provide, secure, and improve the Clubspot service
  • to process member-management, task, booking, and communication workflows requested by clubs
  • to provide support and investigate incidents
  • to meet legal obligations and enforce platform terms

Data roles

Clubs are responsible for the member and operational data they submit.

Clubspot acts as the service provider for hosted processing and support operations.

Retention

Data is retained while the club has an active service relationship.

Retention and deletion handling after termination follows the contract, offboarding terms, and legal obligations.

Where clubs connect email automation, personal data we store for that pipeline (for example message content and related processing records in our database) is intended to be kept for no more than twenty-four (24) months on a rolling basis. Historical import when a club first connects is limited to at most twenty-three (23) months. After go-live we plan a monthly deletion pass for data past that window. OpenClaw memory on our automation hosts should follow the same window. Other data (such as member records) follows the relationship and offboarding rules above unless the policy is updated after legal review.

Security

Clubspot applies reasonable administrative and technical safeguards.

No internet service can be guaranteed perfectly secure.

Clubs must also maintain appropriate account-access controls and authorised-user governance.

International processors and subprocessors

This draft should be finalised with an explicit subprocessor list and data-location notes before launch.

Rights and requests

Privacy requests and questions should be directed to privacy@clubspot.co.nz.

Breach response

The production policy should align to Privacy Act 2020 obligations, including serious-harm breach notification pathways.

Implementation note

This page reflects the repository draft in docs/legal/privacy-policy-draft.md. It should be reviewed and finalised with New Zealand legal counsel before taking live paying customers.