ClubScope Data Retention and Deletion Summary

General Principles

• Retain data only as long as reasonably necessary for service delivery, security, support, legal compliance, and legitimate business operations.
• Limit operational access to retained data by role and need.
• Delete or return customer data at the end of service in accordance with customer instructions and contract terms.
• Allow backup and archival copies to age out on normal backup cycles where immediate deletion is not technically feasible.

Standard Data Categories

• Customer account and profile data: retained while the customer account remains active and afterward only as needed for support, billing, legal, and security obligations.
• Customer uploaded or integrated operational data: generally retained for the duration of the service relationship unless a different period is agreed or required by law.
• Derived analytics, dashboards, and reports: retained while required to provide the services and customer reporting history.
• Authentication and session security records: tokens and OTP artifacts are short-lived by design; trusted-device records expire automatically unless renewed or revoked.
• Audit and security logs: retained for a reasonable period for security monitoring, support, troubleshooting, and compliance review.
• Backups and disaster-recovery copies: maintained according to ClubScope backup and disaster-recovery procedures and deleted through scheduled retention and overwrite cycles.

Deletion Handling

• Delete or disable data from active production use
• Remove associated access paths and active-service visibility
• Preserve limited records only where required for security, legal compliance, fraud prevention, accounting, or backup integrity
• Allow residual backup copies to expire through normal backup-retention cycles

Rights Requests