Back to privacy pack

ClubScope Legal / Customers and contracting teams

ClubScope Data Processing Addendum

Standard data processing terms for customer data handled by ClubScope.

Last updated: March 24, 2026Contact: support@clubscope.ai

Purpose

This Data Processing Addendum supplements the agreement between ClubScope AI and the customer for the provision of ClubScope services where ClubScope processes personal data on behalf of the customer.

Roles

  • The customer acts as controller under GDPR and as business under CCPA/CPRA for customer data submitted to or authorized for processing by ClubScope.
  • ClubScope acts as processor under GDPR and as service provider or contractor under CCPA/CPRA for that customer data, except for ClubScope's own business-administration data where ClubScope acts as controller as applicable.

Subject Matter and Nature of Processing

ClubScope provides cloud-hosted analytics, reporting, forecasting, alerting, dashboarding, data-ingestion, and AI-assisted workflow services for private-club operations. Processing may include collection, hosting, organization, retrieval, analysis, display, export, and deletion of customer-authorized data.

Processing Instructions

  • Only on documented customer instructions
  • Only for the purpose of providing and securing the services
  • Only to the extent reasonably necessary for contracted business purposes
  • As otherwise required by applicable law, with notice where legally permitted

Security Measures

  • Role-based access control
  • Tenant-scoped application access
  • Password hashing
  • Authentication security controls including OTP verification and trusted-device workflows
  • Token management and refresh-token protection
  • Encryption in transit
  • Encryption mechanisms for sensitive application secrets or protected values
  • Audit-event logging
  • Monitoring, health checks, and operational alerting
  • Backup and disaster-recovery procedures

Subprocessors and Transfers

ClubScope may use approved subprocessors for hosting, storage, email delivery, monitoring, and AI processing. ClubScope maintains a subprocessor list and imposes written confidentiality and data-protection obligations appropriate to the processing.

If personal data subject to transfer restrictions is transferred outside the relevant jurisdiction, the parties can incorporate an applicable transfer mechanism, including the 2021 European Commission Standard Contractual Clauses where required.

CCPA / CPRA Service Provider and Contractor Terms

  • ClubScope will process personal information only for the limited and specified business purposes set out in the agreement.
  • ClubScope will not sell personal information.
  • ClubScope will not share personal information for cross-context behavioral advertising in the standard SaaS model.
  • ClubScope will not retain, use, or disclose personal information outside the direct business relationship with the customer except as permitted by law and contract.
  • ClubScope will provide reasonable assistance enabling the customer to respond to consumer requests and will require downstream subprocessors to observe corresponding restrictions where applicable.

Contact

Privacy and data-protection inquiries may be directed to support@clubscope.ai.