Privacy Policy

Last updated: 10 June 2026

ClubEasy ("we", "us", "our") provides gym management software at clubeasy.app. We are committed to protecting personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Who this policy covers

ClubEasy is used by martial arts gyms ("Gyms") to manage their members. When a Gym uses ClubEasy, the Gym collects member information and we process it on the Gym's behalf. If you are a gym member, your gym is the primary holder of your information — contact them first with questions about how your information is used. This policy also covers information we collect directly, such as gym owner accounts and visitors to our website.

What we collect

• Account information — name, email address, phone number, and login credentials (managed by our authentication provider, Clerk).
• Member records — entered by your gym: name, contact details, date of birth, emergency contacts, belt rank and training history, attendance, technique progress, injury notes you or your gym record, and signed waivers.
• Family accounts — parents or guardians may manage accounts for children. Children's records are created and controlled by the parent and the gym.
• Payment information — processed by your gym's chosen payment provider (Stripe, Square, GoCardless, or Pin Payments). We never store full card or bank account numbers on our servers.
• Technical data — IP address, browser type, and error diagnostics (via Sentry) used to keep the service running and secure.

How we use it

• Providing the service: class bookings, attendance, belt and grading management, billing, and member communications.
• Sending transactional emails and SMS on behalf of your gym (class reminders, grading notifications, payment receipts). You can manage notification preferences in your member portal profile, and every email includes an unsubscribe/manage link.
• AI-assisted features (such as promotion readiness summaries) process training data through Anthropic's Claude API. This data is not used to train AI models.
• Diagnosing faults and improving reliability.

We do not sell personal information, and we do not use member data for advertising.

Storage and security

Data is stored on servers located in Australia. Credentials and payment provider keys are encrypted at rest. Access is restricted by role-based permissions, and connections are encrypted in transit (TLS). Some service providers we use (listed below) may process limited data overseas.

Third-party service providers

• Clerk — authentication and login (US)
• Stripe, Square, GoCardless, Pin Payments — payment processing, as selected by your gym
• Twilio — SMS delivery (US)
• Anthropic — AI features (US)
• Sentry — error monitoring (US)

Access, correction and deletion

You can view and update most of your information in the member portal. For access, correction, or deletion requests, contact your gym, or email us at [email protected]. When a gym closes its account, member data is deleted after a retention period unless the law requires otherwise.

Data breaches

We comply with the Notifiable Data Breaches (NDB) scheme. If a breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC).

Complaints

If you have a privacy concern, contact us at [email protected] and we will respond within 30 days. If you are not satisfied with our response, you may complain to the OAIC at oaic.gov.au.

Changes

We may update this policy from time to time. Material changes will be notified via the app or email.