Privacy Policy

Privacy Policy for ClubOS

Your privacy matters. This policy explains what data we collect, why we collect it, how we protect it, and what rights you have.

Effective Date: February 11, 2026  ·  Last Updated: February 22, 2026

ClubOS ("we", "us", "our") operates the ClubOS platform (clubos.ca), a club management platform designed for student organizations at Canadian universities and colleges. This Privacy Policy describes how we collect, use, disclose and protect personal information when you use our platform. By using ClubOS, you consent to the practices described in this policy.

01

Information We Collect

We collect only the information necessary to provide and improve our services. This includes:

Account Information

  • Full name and email address
  • University or college affiliation
  • Profile photo (optional)
  • Club memberships and roles
  • If you sign in or connect features with Google OAuth: your Google account basic profile data (such as name, email address, and profile image) and any additional Google data you explicitly authorize for enabled features

Club Data

  • Club names, descriptions, and branding
  • Events, meetings, and calendar entries
  • Documents, forms, and uploaded files
  • Member lists and communication records

Financial Information

  • Transaction summaries, payment statuses, and invoice records
  • Bank account connection metadata via Plaid (we never receive or store your bank login credentials)
  • Payment card processing is handled entirely by Stripe — we never see, store, or process card numbers

Technical & Usage Data

  • IP address, browser type, device information
  • Pages visited, features used, and interaction patterns
  • Cookies and similar technologies for session management
02

Why We Collect Your Data

We collect and process personal information for the following purposes:

  • Providing our services — enabling clubs to manage members, events, finances, documents, and communications
  • Account creation & authentication — verifying your identity and managing access
  • Financial management — facilitating dues collection, budgeting, reimbursements, and financial reporting for clubs
  • Communication — sending notifications, event reminders, and platform updates
  • Platform improvement — analyzing usage patterns to enhance performance, reliability, and user experience
  • Safety & security — detecting and preventing fraud, abuse, and unauthorized access
  • Legal compliance — meeting our obligations under applicable Canadian laws
03

Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • Service providers — trusted partners who help us operate (e.g. Stripe for payments, Plaid for bank connections, Supabase for infrastructure). These providers are contractually bound to protect your data.
  • Google API Services (when you connect Google) — we access and use Google user data only as needed to provide the user-facing features you choose (for example, authentication and approved integrations), and only within the scopes you grant
  • Club administrators — club executives can see member information relevant to their club's operations
  • Legal requirements — when required by law, court order, or to protect the rights and safety of ClubOS or its users
  • With your consent — in any other circumstance, only with your explicit permission

Important: We never share data with third parties for advertising or marketing purposes.

Google OAuth & Google API Services Disclosure

Required disclosure for Google account connections

If you connect a Google account to ClubOS (including Google Sign-In or other Google integrations), ClubOS's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements where applicable.

  • We request the minimum scopes needed for the features you choose, and we do not request Google permissions for future or unrelated features
  • We use Google user data only to provide and improve prominent, user-facing ClubOS features you authorize
  • We do not sell Google user data and we do not use Google user data for advertising, retargeting, personalized ads, or data-broker purposes
  • We do not allow humans to read Google user data except where necessary for security, legal compliance, or support for a specific issue with your affirmative permission
  • We do not transfer Google user data to third parties except as necessary to provide the requested feature, for security, to comply with law, or as part of a business transfer with required user consent
  • If we change how we access, use, or share Google user data, we will update this Privacy Policy and obtain any additional consent required before using the data for the new purpose

Managing Google access: You can disconnect your Google account in ClubOS settings (if available), request deletion via privacy@clubos.ca, and you can also revoke ClubOS access directly from your Google account permissions page.

Google API Services User Data PolicyManage Google App Access
04

Plaid Technologies — Bank Account Connections

Plaid Integration Disclosure

Financial data connection

We use Plaid Technologies Inc. to securely connect bank accounts for club financial management features. By using this feature, you agree to Plaid's Privacy Policy. When you connect a bank account through Plaid:

  • Your bank login credentials are entered directly into Plaid's secure interface — ClubOS never sees, receives, or stores your banking username or password
  • Plaid may share account information (e.g. account name, balance, and transaction history) with ClubOS as authorized by you
  • All data transmitted between Plaid and ClubOS is encrypted using industry-standard security protocols
Plaid End User Privacy PolicyPlaid Privacy Policy
05

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy:

  • Active accounts — data is retained while your account remains active and you use our services
  • After account deletion — personally identifiable information is deleted within 30 days of an account deletion request. Anonymized, aggregated data may be retained for analytics.
  • Google OAuth tokens and connected-account data — when you disconnect a Google integration, revoke access, or delete your account, we will stop using the Google data for that connection and delete or de-identify related stored data and tokens according to our retention obligations and backup cycles
  • Club data — when a club is deleted, all associated data (members, events, documents, financial records) is permanently removed within 30 days
  • Legal holds — data may be retained longer if required by law or ongoing legal proceedings
  • Backups — encrypted backups are automatically purged on a rolling schedule (maximum 90 days)
06

Your Rights — Access, Correction & Deletion

Under Canadian privacy law (PIPEDA), you have the right to:

Access

Request a copy of all personal information we hold about you

Correction

Request corrections to any inaccurate or incomplete information

Deletion

Request complete deletion of your account and personal data

Withdraw Consent

Withdraw consent for data processing at any time (may limit service access)

Revoke Google Access

Revoke ClubOS access to your Google account in ClubOS settings or in your Google account permissions

To exercise any of these rights, contact our Privacy Officer at privacy@clubos.ca. We will respond to all requests within 30 days.

07

How We Protect Your Data

We implement industry-standard security measures to protect your personal information:

  • All data in transit encrypted using HTTPS (TLS 1.2+)
  • Sensitive data at rest encrypted at the database level
  • Passwords are securely hashed and never stored in plain text
  • Role-based access controls restrict data access to authorized personnel only
  • Regular security reviews and monitoring for vulnerabilities
  • OAuth tokens and credentials are handled using secure storage and access controls, and are revoked/deleted when no longer needed

For full details about our security practices, visit our Security & Privacy page.

08

Cookies & Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze platform usage through Google Analytics to improve our services

We do not use advertising cookies or tracking pixels for third-party marketing. You may disable cookies in your browser settings, but some features may not function properly.

09

Children's Privacy

ClubOS is designed for use by post-secondary students and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@clubos.ca.

10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, providing a notice through the platform or via email. We encourage you to review this policy periodically.

11

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of Ontario, Canada.

Questions About Your Privacy?

We're committed to transparency. If you have any questions about this Privacy Policy or how we handle your data, don't hesitate to reach out.

privacy@clubos.caTerms of Service

ClubOS  ·  Toronto, Ontario, Canada  ·  privacy@clubos.ca

Privacy Policy — ClubOS | ClubOS