Last updated: 23 June 2026
GoClubPro (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and your rights regarding that data.
1. Data We Collect
We collect the following categories of personal information when you use GoClubPro:
- Identity & contact: Full name, email address, mobile phone number, username.
- Account security: Hashed password (never stored in plain text), multi-factor authentication secrets.
- Club membership: Club association, team membership, role (e.g. Player, Coach, Club Admin).
- Activity data: Fixture availability responses, training attendance, event RSVPs, squad selections.
- Financial data: Payment status for fixtures, training, events, and season registration fees; fine records.
- Health information: Injury status and estimated return-to-play date, if entered by authorised club staff.
- Family relationships: Guardian–dependent links when a family account is configured.
- Performance statistics: Match stats entered by coaches (e.g. goals, assists) for sports that support it.
- Push notification tokens: Device tokens for in-app alerts; not used for tracking.
- Usage data: Standard server logs (IP address, browser type, pages visited), retained for up to 90 days.
2. How We Use Your Data
- Managing your club membership, availability, and squad participation.
- Processing and tracking payments, fines, and registration fees.
- Sending transactional notifications (fixture alerts, payment reminders, push notifications).
- Enabling family account management for guardians and their dependants.
- Displaying performance records and career statistics to you and your coaching staff.
- Supporting injury management and return-to-play planning by authorised club staff.
- Maintaining security of your account (authentication, MFA, session management).
We do not sell your personal data to third parties, use it for advertising, or share it outside your club except as described in Section 4.
3. Legal Basis for Processing
Where applicable under data protection law (including Australia’s Privacy Act 1988 and the GDPR for users in the EU/UK), we process your data on the following grounds:
- Contract performance: to deliver the club management services you or your club have signed up for.
- Legitimate interests: to maintain security, prevent fraud, and improve our services.
- Consent: for push notifications — you may withdraw consent at any time in your device settings.
- Legal obligation: where we are required to retain records by applicable law.
4. Data Sharing
Your data is shared only in the following circumstances:
- Within your club: Club Admins, Coaches, Selectors, and Treasurers can view member data relevant to their role.
- Email delivery: We use Resend to send transactional emails. Resend acts as a data processor under a data processing agreement.
- Push notifications: We use Firebase Cloud Messaging (Google). Your device token is transmitted to Firebase solely to deliver notifications.
- Database hosting (Supabase): Your data is stored in a Supabase-managed PostgreSQL database hosted on AWS infrastructure. Supabase acts as a data processor under a data processing agreement.
- Application hosting (Vercel): The application is served via Vercel’s global edge network. Request metadata (IP address, headers) may pass through Vercel infrastructure. Vercel acts as a data processor under a data processing agreement.
- Legal requirements: We may disclose data if required by law or to protect the rights and safety of our users.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. When a member is removed at a club admin’s request, personal identifiers (name, email, mobile) are anonymised rather than deleted, preserving non-identifying activity history such as match statistics. Server logs are retained for 90 days.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete data.
- Erasure / Anonymisation: Request that your personal identifiers be removed from our records.
- Restriction: Ask us to limit processing in certain circumstances.
- Portability: Request an export of your data in a machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Withdraw consent for push notifications via your device settings at any time.
To exercise any right, contact your club administrator or email us at the address in Section 8.
7. Security
We implement industry-standard measures to protect your data, including:
- TLS encryption for all data in transit.
- Bcrypt hashing for stored passwords.
- Optional multi-factor authentication (TOTP) for your account.
- Role-based access controls limiting data visibility to authorised staff.
- Secure, httpOnly cookies for session management.
No method of transmission or storage is 100% secure. If you suspect a security issue, please contact us immediately.
8. Contact Us
For privacy enquiries, data access requests, or complaints, please contact:
GoClubPro Privacy Team
Email: support@goclubpro.com
If you are in Australia and are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
9. Changes to This Policy
We may update this policy from time to time. The “Last updated” date at the top will reflect any changes. Continued use of the app after changes constitutes acceptance of the updated policy.