// TL;DR
- We collect what we need to run your group — your name, email, sport, skill level, the messages you send our agent, and your RSVPs. That's it.
- We don't sell your data. To anyone. Ever. No advertising, no data brokers, no "anonymized" data sales.
- Your chat with ClubBot is processed by Anthropic's Claude API to generate responses. Anthropic does not train on our API traffic.
- You can export or delete your data at any time by emailing [email protected].
- We're a small company (Avenue Six LLC, Florida) — not a giant. If anything here is unclear, email us and a human will reply.
01Who this policy is from
ClubBot is operated by Avenue Six LLC, a limited liability company organized under the laws of the State of Florida, United States. References to "we," "us," "our," and "ClubBot" in this policy mean Avenue Six LLC.
This policy describes what we collect when you use ClubBot (the web app at app.clubbot.ai, this website at clubbot.ai, our email communications, and the conversational agent), why we collect it, how we store it, and the choices you have.
02What we collect
Information you give us directly
- Account info: your email address (used for magic-link sign-in), and the name you tell us.
- Profile info: the sport you play (pickleball or tennis), your self-rated skill level, optional photo, optional phone number, your timezone.
- Group info: the groups you create or join, your role (member or admin), and any settings your admin configures.
- Activity: sessions you create, RSVPs you submit, beacons you send or respond to, scores you report (if your group tracks scores), and notification preferences.
- Messages: what you type in the chat with our agent. We store the conversation history so the agent can have continuity across sessions.
Information we collect automatically
- Technical: your IP address, browser type, device type, and the pages you visit on our site. Standard server logs.
- Cookies: a single session cookie (clubbot_session) to keep you signed in. We do not use third-party advertising cookies or analytics that track you across other sites.
- Errors: when something breaks, we capture a stack trace via Sentry (an error-tracking service) to help us fix it.
03What we don't collect
- We do not collect your phone's contacts, photos, location (beyond the IP-derived city we may see in logs), microphone, or camera.
- We do not use third-party advertising trackers, retargeting pixels, Facebook Pixel, Google Analytics, or anything similar.
- We do not read your other email, social media accounts, or any data outside what you explicitly share with ClubBot.
04How we use what we collect
We use the information above to:
- Run the service — sign you in, deliver messages, send RSVPs and reminders, schedule sessions, fan out pickup beacons.
- Improve the agent's responses for your specific group context (it knows your players, your courts, your usual nights).
- Send transactional emails — magic-link sign-in, session reminders, the Sunday digest, beacon notifications, facility-manager confirmations.
- Diagnose bugs and improve reliability (error logs, performance metrics).
- Detect and prevent abuse (rate limiting, suspicious activity).
We do not use your information to train AI models. We do not use it to send you marketing email from third parties. We do not sell, rent, or trade it.
05Who we share with (and why)
To run ClubBot we use a handful of trusted service providers. They process data on our behalf, under contract, only for the purposes we direct:
- Anthropic, PBC — runs the Claude language model that powers the agent's responses. Your chat messages are sent to Anthropic's API to generate replies. Per Anthropic's commercial API terms, your messages are not used to train their models.
- Fly.io — hosts the agent service and the Postgres database that stores your account and group data. Servers are in Virginia, USA.
- Cloudflare, Inc. — provides DNS for our domains.
- Resend — delivers transactional emails (magic links, reminders, digests).
- Sentry — collects error reports (stack traces, request metadata) when things break, so we can fix them. PII is scrubbed before sending where practical.
- Langfuse — receives observability data about our agent's interactions so we can monitor quality and cost. Conversation content is included in these traces.
That's the complete list. We will update this policy if we add or remove a service provider.
We will also disclose information if compelled by a valid legal process (subpoena, court order). We will push back on overreach and notify you if legally permitted.
06Where your data lives
Primarily in the United States (Virginia, on Fly.io infrastructure). Some processing may happen in other regions through our service providers' infrastructure (e.g., Anthropic, Cloudflare). If you are outside the US, by using ClubBot you consent to your data being transferred to and processed in the US.
07How long we keep it
- Account data: as long as your account is active. If you delete your account, we delete your personal data within 30 days (some entries in our notification log are kept for ~90 days for abuse prevention).
- Conversation history: kept indefinitely while your account is active so the agent has continuity. Deleted with your account.
- Server logs: 30 days, then automatically purged.
- Error reports (Sentry): 90 days.
- Email metadata (Resend): per Resend's retention policy (currently 30 days).
08Your rights
Regardless of where you live, you can:
- Access the data we have about you — email us for a copy.
- Correct anything that's wrong — most things you can edit in the app; for the rest, email us.
- Delete your account and your personal data — email us, we'll do it within 30 days.
- Export your conversation history and account data in a portable format.
- Object to specific kinds of processing — let us know.
- Withdraw consent for non-essential emails (digest, beacon, proactive nudges) via the notification preferences in the app.
To exercise any of these rights, email [email protected]. We will respond within 30 days, usually much sooner — there is one person reading this inbox today.
A note for California, EU, and UK residents: the CCPA, GDPR, and UK-GDPR grant you specific rights including access, deletion, portability, and the right not to be subject to automated decision-making. ClubBot's matchmaking suggestions are not automated decisions in the legal sense — they are suggestions a human (you or your admin) accepts or rejects. If you'd like to exercise any GDPR/CCPA right, email us.
09Children's privacy
ClubBot is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with information, please contact us and we will delete it.
10Security
We take reasonable steps to protect your data: HTTPS everywhere, sessions signed with strong cryptography (HS256 JWTs over Secure cookies), encrypted database connections, infrastructure run by reputable providers (Fly.io, Cloudflare, Anthropic) with their own security programs.
No service is perfectly secure. If we ever experience a data breach that affects you, we will notify you by email and through the app within 72 hours of discovery, and disclose what happened, what was affected, and what we're doing about it.
11Changes to this policy
If we make material changes, we will notify you by email and update the "Effective" date at the top of this page. Continued use of ClubBot after notice constitutes acceptance.
12Contact us
For any privacy question, request, or concern:
// This document is plain-English by design. If you need a more formal version for a corporate review, email us and we'll send one.