Legal > Privacy Policy

Privacy Policy

Updated November 2024

1. Introduction

Clubbera ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our community management platform.

This policy applies to all users of Clubbera, including community organizers and members.

Data Controller: Clubbera is the data controller for personal data processed through our platform, except where community organizers act as controllers for their community member data (explained in Section 4).

Legal Basis: We process your data under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Age (to verify you are 18+)
  • Gender (optional)
  • Password (encrypted)
  • Profile photo (optional)

Community and Event Information:

  • Communities you join or create
  • Events you register for or attend
  • Membership subscriptions
  • Event check-ins and attendance records

User-Generated Content:

  • Event experiences and reviews
  • Photos you upload
  • Poll responses
  • Posts, comments, and discussions
  • Messages to organizers or members

Payment Information:

  • Payment information is collected and processed by our payment processor, Stripe
  • We store only: transaction IDs, payment amounts, transaction dates, and payment status
  • We never store full credit card numbers or sensitive payment details

2.2 Information Collected Automatically

Usage Data:

  • Pages you visit on Clubbera
  • Features you use
  • Time spent on the platform
  • Clicks, scrolls, and interactions
  • Browser type and version
  • Operating system
  • Device type and identifiers

Location Data:

  • IP address
  • Approximate geographic location (city/region level)
  • Location you provide when creating or searching for communities

Cookies and Tracking Technologies:

  • Authentication tokens (essential cookies)
  • Google Analytics cookies (analytics)
  • Session identifiers
  • Preferences and settings

See our Cookie Policy for detailed information about cookies.

2.3 Information From Third Parties

Payment Data from Stripe:

  • Transaction confirmations
  • Payment success or failure status
  • Refund information

Social Media (if you connect accounts):

  • Profile information you authorize us to access
  • This feature may be added in future updates

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery (Legal Basis: Contract Performance)

  • Create and manage your account
  • Enable you to join and participate in communities
  • Process event registrations and payments
  • Facilitate communication between members and organizers
  • Display your profile and content to other users
  • Provide customer support

3.2 Platform Improvement (Legal Basis: Legitimate Interest)

  • Analyze usage patterns to improve features
  • Develop new features and services
  • Test and optimize platform performance
  • Conduct research and analytics
  • Prevent fraud and abuse

3.3 Communication (Legal Basis: Contract Performance and Legitimate Interest)

  • Send transactional emails (confirmations, receipts, notifications)
  • Send service announcements and updates
  • Respond to your inquiries
  • Send marketing communications (with your consent, where required)

3.4 Legal and Safety (Legal Basis: Legal Obligation and Legitimate Interest)

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud, spam, and abuse
  • Resolve disputes
  • Protect the safety and rights of users

3.5 Marketing (Legal Basis: Consent or Legitimate Interest)

  • Send information about new features
  • Promote relevant communities and events
  • Conduct surveys and request feedback
  • You can opt out of marketing communications at any time

4. Data Sharing and Controllers

4.1 Clubbera as Data Controller

For your account data, platform usage data, and authentication information, Clubbera acts as the data controller and is responsible for processing this data in accordance with this Privacy Policy.

4.2 Community Organizers as Data Controllers

When you join a community or attend an event, the community organizer becomes a data controller for information specific to their community:

Data Organizers Can Access:

  • Your name and profile information
  • Email address (for communication)
  • Event attendance records
  • Posts and comments in their community
  • Event experiences and feedback you share

Organizers' Responsibilities:

  • Organizers must handle this data in accordance with data protection laws
  • Organizers set their own retention and deletion policies for community-specific data
  • Organizers are responsible for responding to data subject requests related to their community data

Your Rights:

  • You can exercise your data rights (access, deletion, etc.) directly with organizers for community-specific data
  • You can also contact Clubbera, and we will facilitate requests where appropriate

4.3 Data Shared With Third Parties

We share data with the following categories of recipients:

Payment Processors:

  • Stripe (for payment processing)
  • See Stripe's privacy policy at stripe.com/privacy

Analytics Providers:

  • Google Analytics (for usage analytics)
  • See Google's privacy policy at policies.google.com/privacy

Infrastructure and Hosting:

  • Heroku (application hosting)
  • Netlify (web hosting)
  • Amazon Web Services (image storage via S3)
  • Microsoft Azure (database hosting)
  • These providers have access only to data necessary to perform their services

Legal and Safety:

  • Law enforcement or regulatory authorities when required by law
  • Legal advisors in connection with legal proceedings
  • Third parties in connection with fraud prevention or safety investigations

Business Transfers:

  • In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity

4.4 Public Information

The following information is publicly visible on Clubbera:

  • Your name and profile photo (if provided)
  • Communities you are a member of (unless the community is private)
  • Posts, comments, and reviews you share publicly
  • Event experiences you share publicly

You can control some visibility settings in your account preferences.

5. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

Retention Periods:

Active Accounts:

  • Account data: Retained while your account is active
  • Usage data: Retained for up to 2 years
  • Transaction records: Retained for 7 years (legal requirement)

Closed Accounts:

  • Account data: Deleted within 30 days of account closure, except:
    • Transaction records (retained for 7 years for legal and accounting purposes)
    • Data required for legal compliance or dispute resolution
  • User-generated content: Deleted within 30 days unless required for legal purposes

Closed Communities:

  • Community data may be retained for record-keeping purposes in accordance with GDPR requirements
  • Personal data is deleted or anonymized within 90 days unless:
    • Required for legal compliance
    • Subject to ongoing disputes or investigations
    • Necessary for fraud prevention

Legal Holds:

  • Data subject to legal proceedings, regulatory investigations, or valid legal requests is retained until the matter is resolved

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

6.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within 30 days of your request.

6.2 Right to Rectification

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain the data.

Exceptions:

  • Transaction records (must be retained for 7 years)
  • Data required for legal claims or compliance
  • Anonymized data used for analytics

6.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances, such as while we verify data accuracy.

6.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format (such as JSON or CSV).

6.6 Right to Object

You can object to processing based on legitimate interests, including for marketing purposes. We will stop processing unless we have compelling legitimate grounds.

6.7 Rights Related to Automated Decision-Making

We currently do not use fully automated decision-making. When we implement AI moderation, we will update this policy and ensure human oversight for significant decisions.

6.8 Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

6.9 How to Exercise Your Rights

To exercise any of these rights:

  • Email: privacy@clubbera.com
  • Use the data request form in your account settings
  • Contact community organizers directly for community-specific data

We will respond to requests within 30 days. For complex requests, we may extend this by an additional 60 days with notice.

7. International Data Transfers

Our infrastructure is located in the following regions:

  • United Kingdom (primary operations)
  • European Union
  • United States (AWS, Azure, Heroku infrastructure)

When we transfer data outside the UK or EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with third-party processors
  • Adequacy Decisions: We rely on adequacy decisions where available
  • Data Processing Agreements: All processors sign agreements ensuring GDPR compliance

You have the right to request information about these safeguards.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical Measures:

  • Encryption in transit (TLS/SSL)
  • Encrypted storage for sensitive data
  • Secure authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure payment processing via PCI-DSS compliant providers

Organizational Measures:

  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Incident response procedures
  • Regular policy reviews and updates

Your Responsibility:

  • Keep your password secure and confidential
  • Use strong, unique passwords
  • Log out of shared devices
  • Report suspicious activity immediately

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You use the Service at your own risk.

9. Children's Privacy

Clubbera is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18.

If we learn that we have collected data from someone under 18, we will delete it immediately. If you believe we have data from a minor, contact us at privacy@clubbera.com.

10. Cookies and Tracking

We use cookies and similar tracking technologies. See our Cookie Policy for detailed information about:

  • Types of cookies we use
  • Purpose of each cookie
  • How to control or delete cookies
  • Third-party cookies

11. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about data collected, sources, purposes, and third parties with whom it's shared Right to Delete: Request deletion of your personal information Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal data) Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact privacy@clubbera.com.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will notify affected users without undue delay
  • Notification will include the nature of the breach, likely consequences, and measures taken

13. Complaints and Supervisory Authority

If you believe we have violated your privacy rights, you can:

Contact Us First: Email: privacy@clubbera.com We will investigate and respond within 30 days

File a Complaint with the Supervisory Authority: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Website: ico.org.uk Phone: 0303 123 1113

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date
  • We will notify you via email or prominent notice on the platform
  • For significant changes, we may require you to accept the updated policy

Your continued use after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For questions about this Privacy Policy or our privacy practices:

Email: founders@clubbera.com