Privacy Policy
Last updated: 3 July 2026
1. Who we are
SquadRota ("we", "us") provides web-based management software for shared-asset clubs at squadrota.com. For questions about this policy or your data, contact hello@squadrota.com.
2. Controller and processor
When a club (an "organisation") uses SquadRota to manage its members, bookings, documents and finances, the club is the data controller of its members' information and SquadRota acts as a data processor on the club's behalf. For account-holder information (your login, email, billing for your SquadRota subscription), SquadRota is the controller.
3. What we collect
- Account data — name, email address and password hash when you register or are invited.
- Club data — the information your club enters: members, assets, bookings, usage logs, maintenance and compliance records, invoices, ledger entries and messages.
- Documents — files your club uploads (invoices, statements, certificates), stored securely and readable only by your club.
- Payment data — card payments are processed by Stripe; we never see or store full card numbers. Club member payments settle in the club's own Stripe account.
- Technical data — essential cookies for sign-in sessions, and standard server logs (IP, user agent) for security and reliability. We do not use advertising trackers.
4. How we use it
- To provide the service — bookings, billing, accounting, document management and the other features your club enables.
- To read documents you upload using AI (Anthropic Claude) so data can be extracted and proposed for your confirmation. Documents are processed for extraction only and are not used to train AI models.
- To send transactional email (invites, booking confirmations, invoices, notifications) via our email provider.
- To secure, support and improve the service.
We do not sell personal data, and we do not use your club's data for advertising.
5. Where data lives
Data is hosted with reputable cloud providers: application hosting on Vercel, databases on Neon (PostgreSQL), uploaded files in Amazon Web Services S3 (EU region), transactional email via Resend and card processing via Stripe. Each provider processes data under its own compliance programmes and our data-processing terms with them.
6. Retention
Your club's data is retained while the club's account is active. Deleted records are soft-deleted first (recoverable by your club's administrators) and removed from live systems when the club account is closed. Financial records may be retained where required for legal or tax obligations.
7. Your rights
Under UK/EU data-protection law you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. If your data is held within a club's account, we may direct your request to that club (as controller) and will assist them in fulfilling it. Contact hello@squadrota.com to exercise any right. You can also complain to the ICO (ico.org.uk).
8. Changes
We'll post any changes to this policy on this page and update the date above. Material changes will be notified to organisation administrators by email.