LEGAL

Privacy Policy

Your trust matters. Here is how we handle your data.

Effective date: 21 March 2026

ClubPilot is operated by Finnovators Technologies. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. By using ClubPilot, you consent to the practices described below.

1. Data We Collect

We collect only the data necessary to deliver the ClubPilot service to your Rotary club. This includes:

Member Information

Names, email addresses, phone numbers, Rotary designations, blood groups, dates of birth, anniversary dates, and family member details as entered by club administrators.

Financial Data

Dues and billing records, payment receipts, bank statement data uploaded for reconciliation, Trust and Club treasury transactions, and accounting ledger entries.

Authentication Data

Google account identifiers used for sign-in (via Google OAuth). We do not store your Google password.

WhatsApp Session Data

If your club enables the WhatsApp integration, we store session tokens required to maintain the connection. Message content is processed for delivery and is not retained beyond what is necessary for the feature to function.

Usage Data

Basic interaction logs such as page visits and feature usage, collected to improve the platform. We do not use third-party analytics trackers.

2. How We Use Your Data

  • Club management — maintaining member directories, tracking designations, and managing family records.
  • Billing and accounting — generating invoices, recording payments, reconciling bank statements, and maintaining Trust and Club ledgers.
  • Communication — sending transactional emails (receipts, reminders) and WhatsApp messages on behalf of your club.
  • Platform improvement — understanding usage patterns to refine features and fix issues.
  • Legal compliance — fulfilling obligations under applicable Indian law, including the DPDP Act, 2023.

3. Data Storage and Security

All data is stored on secured servers. We implement the following safeguards:

  • Tenant isolation — each club's data is logically separated. No club can access another club's records.
  • Encryption — data is encrypted in transit (TLS) between your browser and our servers.
  • Access controls — administrative access to production systems is restricted to authorised personnel only.
  • Regular backups — automated backups protect against data loss.

4. Data Retention

We retain your club's data for as long as your subscription is active. After cancellation:

  • Your data is retained for 90 days to allow for reactivation or data export requests.
  • After 90 days, all personal data is permanently deleted from our production systems.
  • Backups containing your data are purged within 180 days of cancellation.
  • Financial records may be retained longer if required by Indian tax or accounting regulations.

5. Your Rights under the DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the following rights:

Right to Access

You may request a summary of the personal data we hold about you and how it is being processed.

Right to Correction

You may request correction of inaccurate or incomplete personal data. Club administrators can update most records directly within ClubPilot.

Right to Erasure

You may request deletion of your personal data. Upon a valid erasure request, we will delete the data within 30 days, except where retention is required by law.

Right to Grievance Redressal

If you have a concern about how your data is handled, contact us at support@clubpilot.in. We will acknowledge your request within 48 hours and resolve it within the timeframe prescribed by the DPDP Act.

6. Third-Party Services

ClubPilot integrates with the following third-party services to deliver its functionality:

Google OAuth

Used for secure sign-in. We receive your name and email address from Google. We do not access your Google Drive, contacts, or any other Google data.

Zoho SMTP

Used to send transactional emails (receipts, reminders, notifications) from support@clubpilot.in. Email addresses of recipients are shared with Zoho solely for delivery.

WhatsApp (via WA Web)

If enabled by your club, used for sending messages to members. Session data is stored to maintain the connection. This feature is optional and available on request.

Each third-party service operates under its own privacy policy. We encourage you to review those policies independently.

7. Cookies and Local Storage

ClubPilot uses the following browser storage mechanisms:

  • Authentication tokens — stored in localStorage to keep you signed in across sessions.
  • User preferences — theme and display settings stored locally for convenience.
  • Session cookies — used for CSRF protection and server-side session management.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Children's Data

ClubPilot is intended for use by Rotary club administrators and members who are 18 years of age or older. We do not knowingly collect personal data from children. If family member records include information about minors, that data is entered and managed by the club administrator acting as the responsible Data Fiduciary.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify registered users by email and update the effective date at the top of this page. Continued use of ClubPilot after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

For any questions, concerns, or requests related to your personal data, contact us at:

Finnovators Technologies

Operating as ClubPilot

support@clubpilot.in

Questions about your data?

Get in Touch