Privacy Policy

1. Overview

MyClubTracker ("we," "us," or "our") is a club management platform built for nutrition club operators and owners. This Privacy Policy explains how we collect, use, and protect your information when you use our service at myclubtracker.com.

We take your privacy seriously. We collect only what we need to operate the platform and never sell your personal information to third parties.

2. Information we collect

We collect the following categories of information:

• Account information: Your name, email address, phone number, and display name when you create an account.
• Club & location data: Club name, address, and business settings you configure within the platform.
• Operational data: Daily sales figures, inventory counts, operator records, and payout information you enter into the app.
• Payment records: Check numbers, payment amounts, and payee names for records you log in the payment register. We do not collect or store credit card numbers or bank account details.
• Profile photos: If you choose to upload a profile photo, it is stored securely in our cloud storage.
• Usage data: Basic information about how you use the platform to help us improve the product.

3. Google Calendar integration

When you choose to connect Google Calendar to MyClubTracker, we request read-only access to your Google Calendar data (calendar.readonly scope) using OAuth 2.0. This integration is entirely optional.

Here is exactly what we do and do not do with your Google Calendar data:

• What we access: Event titles, descriptions, start times, and end times from the calendar you select.
• What we use it for: Matching calendar events to operator names to auto-fill shift hours in the staff payroll section.
• What we do not do: We do not store your Google Calendar events in our database. We do not read, modify, create, or delete calendar events. We do not share calendar data with any third party. We do not use calendar data for advertising.
• Token storage: Your OAuth access token is stored locally in your browser session and in your location settings to enable silent re-authentication. It is never shared or transmitted to third parties.
• Revoking access: You can disconnect Google Calendar at any time from the Staff Payroll section in the app. You can also revoke access directly from your Google Account permissions page.

4. How we use your information

We use the information we collect to:

• Provide and operate the MyClubTracker platform
• Display your club's data, history, and reports within the app
• Enable features such as inventory tracking, payout calculations, and staff scheduling
• Send transactional emails such as operator invite links (via Resend)
• Improve the reliability and performance of the platform
• Respond to your support requests

We do not use your data for advertising, and we do not build advertising profiles.

5. Data storage & security

Your data is stored in Supabase, a secure cloud database platform. Data is encrypted at rest and in transit using industry-standard TLS encryption. Access to your data is restricted by row-level security policies — you can only access data belonging to your location.

Profile photos are stored in Supabase Storage with access controls that prevent unauthorized viewing.

While we implement strong security measures, no system is 100% secure. We encourage you to use a strong, unique password for your account.

6. Data sharing

We do not sell your personal information. We share data only in the following limited circumstances:

• Service providers: We use Supabase (database & authentication), Resend (transactional email), and Square (payment processing). These providers process data only as necessary to provide their services.
• Within your organization: Club owners can see data entered by operators at their location. Organization leaders can see summary data for locations in their organization.
• Legal requirements: We may disclose information if required by law or to protect the rights and safety of our users.

7. Your rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct your personal information at any time from the Profile & Settings section of the app.
• Deletion: Request deletion of your account and associated personal data by contacting us at the address below.
• Portability: Request an export of your data in a structured format.
• Withdraw consent: Disconnect any third-party integrations (such as Google Calendar) at any time.

To exercise any of these rights, please contact us at support@myclubtracker.com.

8. Cookies & local storage

MyClubTracker uses browser localStorage and sessionStorage to maintain your login session and remember your preferences (such as your last selected location and display settings). We do not use third-party tracking cookies or advertising cookies.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact us

If you have questions about this Privacy Policy or how we handle your data, please contact us: