Back to privacy pack

ClubScope Legal / Customers, partners, and vendor-review teams

ClubScope Privacy and Data Protection Summary

High-level summary of ClubScope privacy posture, processing roles, and core controls.

Last updated: March 24, 2026Contact: support@clubscope.ai

Privacy Compliance Documents Maintained by ClubScope

  • Privacy Policy
  • Data Processing Addendum
  • Subprocessor List
  • Data Retention and Deletion Summary
  • Incident Response and Breach Notification Summary
  • Security questionnaire responses
  • Standard Contractual Clauses support where applicable

Product Role and Processing Model

ClubScope AI is a cloud-hosted analytics and reporting platform for private clubs. The platform ingests customer-provided or customer-authorized operational data, processes that data to generate dashboards, reports, forecasts, alerts, and AI-assisted insights, and presents information only to authorized users.

In the standard deployment model, the customer organization acts as the primary controller or business for customer-uploaded or customer-authorized data, ClubScope acts primarily as a processor under GDPR and as a service provider or contractor under CCPA/CPRA for that customer data, and ClubScope acts as a controller only for its own website, support, billing, and security operations data to the extent applicable.

ClubScope's standard service is not designed to require storage of payment card numbers, Social Security numbers, or bank account numbers.

GDPR Position

  • Customer data is processed only for defined service purposes and on documented customer instructions, except where otherwise required by law.
  • GDPR Article 28-aligned processor terms are provided through a Data Processing Addendum.
  • Confidentiality, access restriction, technical safeguards, and subprocessor controls are maintained.
  • Customers are supported in handling access, correction, deletion, restriction, portability, and end-of-service return or deletion workflows where contractually required and technically feasible.
  • International transfer terms, including Standard Contractual Clauses, can be incorporated where required.

CCPA / CPRA Position

  • ClubScope acts as a service provider or contractor under a written agreement.
  • ClubScope does not sell customer personal information in the standard SaaS model.
  • ClubScope does not share customer personal information for cross-context behavioral advertising in the standard SaaS model.
  • ClubScope does not retain, use, or disclose customer personal information outside the direct business relationship except as permitted by law and contract.
  • ClubScope supports customer privacy-rights workflows routed through the customer.

Implemented Controls

  • Role-based access control
  • Tenant/company scoping across the application and data model
  • Password hashing
  • OTP-based verification and trusted-device support
  • Refresh-token protection and rotation
  • Encryption in transit and encryption mechanisms for sensitive values
  • Audit-event logging
  • Security headers and CORS controls
  • Application, dependency, and infrastructure health checks
  • Backup and disaster-recovery procedures
  • Public-facing privacy disclosures and rights-request intake

Contact

Privacy and data-protection questions may be directed to support@clubscope.ai.