Privacy Policy

1. Information We Collect

1.1 Information you provide directly

• Account information: name, email address, and password when you register.
• Organization information: organization name, logo, address, and settings you configure.
• Member data: names, email addresses, phone numbers, custom profile fields, guardian relationships, and membership tier details you enter or import for your members.
• Payment information: billing name, address, and card details. Card numbers are transmitted directly to our payment processor (WizPay / PayRoc) and are never stored on our servers.
• Communications content: messages, announcements, survey responses, and form submissions created within the platform.
• Support communications: emails or messages you send us when requesting help.

1.2 Information collected automatically

• Log data: IP address, browser type, pages visited, referring URL, and timestamps.
• Usage data: features used, actions taken within the platform, and error reports.
• Session cookies: a single secure, HTTP-only session cookie used to keep you logged in. We do not use advertising or tracking cookies.
• Device information: device type, operating system, and push notification token (on mobile, if you grant permission).

1.3 Information from third parties

We receive limited data from our infrastructure partners (listed in Section 4) strictly for the purpose of delivering the Service — for example, email delivery receipts from SendGrid or payment status from PayRoc.

2. How We Use Your Information

We use the information we collect to:

• Create and maintain your account and organization.
• Provide, operate, and improve the Service — including member management, event scheduling, invoicing, forms, surveys, fundraising, communications, and analytics features.
• Process payments and manage subscriptions through our payment partners.
• Send transactional emails (account verification, invoice receipts, password resets, event reminders) via SendGrid.
• Deliver push notifications to mobile devices when you or your organization administrators enable them via Firebase Cloud Messaging.
• Generate audit logs so organization administrators can review actions taken within their account.
• Diagnose technical problems, prevent abuse, and ensure platform security.
• Respond to your support requests and communicate service updates that materially affect the platform.
• Produce anonymized, aggregated analytics to understand how the Service is used and to guide product improvements.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your data to display third-party advertisements.

3. Legal Basis for Processing (EEA / UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing personal data are:

• Contract: processing necessary to provide the Service you signed up for.
• Legitimate interests: platform security, fraud prevention, and product improvement.
• Legal obligation: complying with applicable law (e.g., tax record retention).
• Consent: push notifications (you may withdraw consent at any time in device settings).

4. Third-Party Services and Sub-processors

We use the following third-party services to operate WizClubs. Each service processes your data only as necessary to fulfill its function and is bound by data processing agreements consistent with applicable privacy law.

All infrastructure is hosted within the United States. If you are accessing the Service from outside the US, you consent to the transfer of your information to the US in accordance with this Privacy Policy.

5. Organization Administrators and Member Data

WizClubs is a multi-tenant platform. Each organization you create or join is separate and independently managed.

• Organization administrators can view, edit, and export data for all members within their organization.
• Members can only access their own profile and the content made available to them by their organization.
• WizPro Software acts as a data processor on behalf of each organization (the data controller) for member personal data.
• Organizations are responsible for ensuring their use of member data complies with applicable law, including obtaining any necessary consent from their members.
• Data from one organization is never visible to another organization.

6. Data Security

We implement industry-standard security measures, including:

• TLS (HTTPS) encryption for all data in transit.
• Encryption at rest for database and file storage.
• HTTP-only, secure session cookies to prevent XSS token theft.
• Password hashing using bcrypt.
• Scoped access controls — each user session is limited to their authorized organizations and roles.
• Audit logging of sensitive administrative actions.

No system is perfectly secure. If you discover a security vulnerability, please report it immediately to support@wizprosoftware.com. We will investigate and respond promptly.

7. Data Retention

• We retain your account and organization data for as long as your account is active.
• After you cancel or close your account, your data is retained for 30 days to allow for account recovery. After 30 days, data is permanently deleted from our primary systems.
• Residual data in encrypted backups may persist for up to 90 days before being purged through routine backup rotation.
• You may request early deletion of your data at any time by contacting us (see Section 9). We will fulfill deletion requests within 30 days.
• Payment transaction records may be retained for 7 years as required by applicable accounting and tax law.

8. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data (subject to retention obligations).
• Portability: Request your data in a machine-readable format.
• Objection / Restriction: Object to or request that we limit certain processing of your data.
• Withdraw Consent: If processing is based on consent, withdraw it at any time (e.g., push notification permissions via your device settings).

To exercise any of these rights, contact us at support@wizprosoftware.com. We will verify your identity before fulfilling any data request and respond within 30 days.

Organization members should direct data requests to their organization administrator first, as the organization controls that data.

9. Cookies

WizClubs uses a single session cookie to keep you authenticated. This cookie is:

• Secure (HTTPS only) and HTTP-only (not accessible to JavaScript).
• Scoped to the WizClubs domain.
• Automatically deleted when your session expires or you sign out.

We do not use analytics cookies, advertising cookies, or third-party tracking pixels.

10. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Organizations that manage minor members (e.g., youth sports teams) are responsible for obtaining appropriate parental consent under applicable law. If you believe a minor's data has been submitted without consent, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and notify account administrators by email at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or data requests related to this Privacy Policy, please contact: