Interim beta — pending legal review. This copy is a plain-English placeholder so you know roughly what you're agreeing to. Final, lawyer-reviewed terms will replace this before Klubby leaves beta, and we'll email you if anything meaningful changes.

Data Processing Agreement

This sets out how Klubby handles personal data on behalf of your club, in line with UK GDPR Article 28. It's the short, plain-English version — a full lawyer-reviewed DPA lands before we leave beta.

Who does what

When you store committee member details, fixtures, finances and similar data in Klubby, your club is the data controller(you decide what goes in and why). Klubby is the data processor— we only handle that data to provide the service you've asked us to provide.

What we process

We process whatever personal data your club chooses to put into Klubby — typically committee member names, email addresses, roles, and any club-admin records (finances, fixtures, memberships). The data subjects are your committee members and whoever else you record.

Our obligations

We only process data on your documented instructions (i.e. what the Klubby features let you do). We keep your data confidential, require the same of everyone who works on Klubby, and apply reasonable technical and organisational security measures. We help you respond to data-subject requests and, where required, notify you promptly if we ever suffer a personal-data breach.

Sub-processors

We use Supabase, Vercel, Resend, Sentry and Upstash as listed in the Privacy Policy. If we add or change a sub-processor we'll update the Privacy Policy and email club admins before the change takes effect.

Deletion and return

When you delete your club, we delete the underlying data within 30 days. You can export your data from the Settings area at any time before deletion.

Questions

Contact the Klubby team directly for anything not covered here.