Privacy Policy

Private Club Marketing Inc (“PCM,” “we,” “us,” or “our”) operates the website privateclubmarketing.com and the ClubCRM platform available at clubcrm.co. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our websites, use our platform, or otherwise interact with our services.

By using our services you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

1. Information We Collect

We collect information in several ways depending on how you interact with PCM and the ClubCRM platform. The categories below describe the types of personal information we may collect.

1.1 Account & Registration Data

When you create an account on ClubCRM or engage our consulting services, we collect:

• Full name, email address, and password
• Organization name and club type
• Plan selection and subscription details
• Job title, phone number, and timezone
• Profile photograph

1.2 Contact & CRM Data

ClubCRM enables our clients (private clubs and their authorized users) to manage their own membership and prospect databases. Data entered into the CRM by our clients about their contacts may include:

• Name, email address, secondary email address, phone number, and mobile number
• Company name, job title, and biography
• Full mailing address (street, city, state, zip, country)
• Social media profile URLs (LinkedIn, Facebook, Twitter/X, Instagram)
• Personal website URL and profile photograph
• Custom fields defined by the client and internal notes

PCM processes this data on behalf of our clients. The club or organization that entered this data into ClubCRM is the data controller for their contacts’ personal information.

1.3 Email Campaign Tracking Data

When emails are sent through the ClubCRM platform, we collect performance and engagement data including:

• Open events: timestamp, device type, user agent, IP address, and IP-derived geolocation (city, state, country, latitude/longitude)
• Click events: all of the above plus the specific URL clicked
• Bounce data: bounce type, reason, and affected email address
• Unsubscribe events: timestamp and email address

1.4 Website Visitor Tracking Data

ClubCRM includes website analytics tools that our clients may deploy on their club websites. When a visitor browses a client’s website with tracking enabled, we may collect:

• Persistent visitor identifier (stored via localStorage)
• Pages visited, referrer URL, and UTM campaign parameters
• Device fingerprint, IP address, and IP-derived geolocation
• Device type, browser, operating system, screen resolution, and user agent string
• Session data including page views and visit duration

1.5 Identity Resolution Data

To help our clients understand which known contacts are visiting their websites and engaging with their campaigns, ClubCRM performs identity resolution using:

• Hashed email addresses (SHA-256) and hashed phone numbers (SHA-256)
• Device fingerprints and IP clustering for household and office-level detection
• ID5 Universal ID for cross-platform identification
• Cross-device identity graphs with associated confidence scores

These identifiers are used to link anonymous website activity with known CRM contacts. No unhashed email addresses or phone numbers are transmitted to third-party identity providers.

1.6 Payment Data

Payment processing for ClubCRM subscriptions is handled by Stripe, Inc. PCM does not store credit card numbers, CVVs, or full payment account numbers on its servers. We do store:

• Stripe customer identifier and subscription identifier
• Billing email address
• Subscription plan, status, and billing cycle information

Please refer to Stripe’s Privacy Policy for details on how Stripe handles your payment information.

1.7 Social Media Data

ClubCRM integrates with Meta platforms (Instagram and Facebook) to help clients manage social interactions and advertising leads:

• Instagram Direct Messages: message content, sender information, profile pictures, media attachments, and associated lead scores
• Meta Lead Ads: form submission data including name, email, phone number, custom form fields, and campaign attribution information

This data is collected through authorized Meta API integrations that our clients configure through their own Meta Business accounts.

1.8 Messaging Data

ClubCRM provides multi-channel messaging capabilities. When clients use these features, we process:

• SMS, RCS, and iMessage conversations facilitated through third-party messaging APIs (Linq API and BlueBubbles)
• Message content, media attachments, and delivery status
• AI-suggested reply content generated to assist client staff

1.9 Enrichment Data

To help clients maintain accurate and complete contact records, ClubCRM may enrich CRM data using the Apollo API. Enrichment data may include:

• Company information and employment verification
• Job title verification and professional details
• Email address verification and deliverability status
• Estimated income range

1.10 Geolocation Data

We use the Abstract API to derive approximate geographic location from IP addresses collected during email opens, link clicks, and website visits. This IP-based geolocation includes city, state, country, and approximate latitude/longitude coordinates. We do not collect precise GPS-based location data.

1.11 SEO & Search Data

ClubCRM integrates with Google Search Console to provide clients with search engine optimization reporting. Data collected through this integration includes:

• Search keywords and queries
• Impressions, click-through rates, and average search position

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To operate, maintain, and provide the features and functionality of ClubCRM and our consulting services
• Account management: To create and manage your account, process payments, and communicate about your subscription
• Email campaigns: To send email campaigns on behalf of our clients and to provide campaign performance analytics
• Website analytics: To track and report on website visitor behavior for our clients
• Identity resolution: To match anonymous website visitors with known CRM contacts for our clients
• Contact enrichment: To supplement client CRM records with verified professional and demographic data
• Social media management: To facilitate Instagram DM conversations and process Meta Lead Ad submissions for our clients
• Messaging: To facilitate SMS, RCS, and iMessage communications between our clients and their contacts
• Advertising attribution: To measure the effectiveness of digital advertising campaigns through the Meta Conversions API
• SEO reporting: To provide search engine optimization insights to our clients
• Security and fraud prevention: To protect against unauthorized access, detect abuse, and maintain platform integrity
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Product improvement: To analyze usage patterns and improve our platform and services

3. How We Share Your Information

We do not sell your personal information. We share information with the following categories of third parties as necessary to operate our services:

3.1 Service Providers & Subprocessors

• Amazon Web Services SES: Email delivery and sending infrastructure
• Stripe, Inc.: Payment processing, subscription management, and billing
• Apollo: Contact data enrichment, email verification, and professional information lookup
• Abstract API: IP-based geolocation services for email and website tracking
• ID5: Universal identity resolution for cross-device and cross-platform identification
• Linq API & BlueBubbles: SMS, RCS, and iMessage delivery infrastructure
• Slack: Internal team alerts and notifications (no end-user personal data is shared in Slack messages beyond what is necessary for operational alerts)
• WordPress: Content publishing for client websites

3.2 Meta / Facebook

When clients use ClubCRM’s advertising attribution features, we transmit data to Meta through the Conversions API (CAPI) for ad measurement and optimization. Data shared with Meta may include:

• Hashed email address, hashed phone number, hashed first and last name
• Hashed city, state, zip code, and country
• Client IP address and user agent string
• Facebook click identifier (fbclid) and browser cookie identifier (_fbp)
• Event data such as page views, leads, and conversions with associated timestamps

All personally identifiable information is hashed using SHA-256 before transmission to Meta. Please refer to Meta’s Privacy Policy for details on how Meta processes this data.

3.3 Legal & Compliance Disclosures

We may disclose personal information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of their personal information.

4. Cookies & Tracking Technologies

We and our clients use the following cookies and tracking technologies:

4.1 Session Cookies

We use session cookies to maintain your authenticated session on the ClubCRM platform. These cookies are essential for the platform to function and expire when you close your browser or after a period of inactivity.

4.2 LocalStorage

ClubCRM’s website tracking script stores a persistent visitor identifier in your browser’s localStorage. This identifier is used to associate multiple page views and return visits with a single visitor profile. Unlike cookies, localStorage data does not expire automatically.

4.3 Meta Cookies

When clients use ClubCRM’s Meta/Facebook integration, the following cookies may be set:

• _fbp: Facebook browser pixel cookie, used to identify the browser for ad attribution
• fbclid: Facebook click identifier, passed as a URL parameter and used to attribute website visits to specific ad clicks

4.4 Device Fingerprinting

ClubCRM’s website tracking collects device characteristics (browser type, operating system, screen resolution, installed fonts, and other browser attributes) to create a device fingerprint. This fingerprint is used for identity resolution and visitor deduplication.

4.5 Web Beacons & Tracking Pixels

Emails sent through ClubCRM may contain a small transparent image (tracking pixel or web beacon) that records when the email is opened. This allows us to provide email open tracking data to our clients.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active accounts: All account data, CRM data, email tracking data, and website analytics data are retained for the lifetime of the account.
• Closed accounts: Upon account closure or termination, we retain account data for 30 days to allow for reactivation or data export requests. After 30 days, account data is scheduled for deletion.
• Backups: Deleted data may persist in encrypted backup systems for up to 90 days after deletion from production systems.
• Email tracking data: Email open, click, bounce, and unsubscribe data is retained for the lifetime of the account.

If you wish to request deletion of your data before these retention periods expire, please contact us using the information provided in Section 12 below.

6. Your Rights & Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information. We honor these rights for all users regardless of jurisdiction where feasible.

6.1 Rights Under GDPR (European Economic Area, United Kingdom, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Right of access: You may request a copy of the personal information we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete personal information.
• Right to erasure: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to restrict processing: You may request that we limit how we use your personal information.
• Right to data portability: You may request a copy of your personal information in a structured, machine-readable format.
• Right to object: You may object to our processing of your personal information for direct marketing or where processing is based on legitimate interests.

6.2 Rights Under CCPA / CPRA (California)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with the following rights:

• Right to know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You may request that we delete the personal information we have collected about you.
• Right to correct: You may request that we correct inaccurate personal information.
• Right to opt-out of sale or sharing: You may opt out of the sale or sharing of your personal information. PCM does not sell personal information in the traditional sense; however, certain data sharing for advertising attribution (such as Meta Conversions API) may constitute “sharing” under the CCPA. You may opt out of this sharing by contacting us.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

6.3 Email Communication Preferences

• Unsubscribe: Every marketing email sent through ClubCRM includes an unsubscribe link. Clicking this link will immediately remove you from that sender’s mailing list.
• Email frequency preferences: Where available, you may adjust your email frequency preferences or pause emails for a specified period through the preference center linked in each email.

6.4 SMS Communication Preferences

• Opt-out: You may opt out of SMS messages at any time by replying STOP to any message received. Standard message and data rates may apply.

6.5 Manage Your Privacy Preferences

Use the controls below to opt out of non-essential tracking and advertising on this website. Essential cookies required for basic site functionality cannot be disabled. Your preferences are saved to your browser and take effect immediately.

6.6 Exercising Your Rights

To exercise any of the rights described above, or for requests that cannot be handled through the self-service controls, please contact us at privacy@privateclubmarketing.com. We will respond to verifiable requests within 30 days (or 45 days if an extension is necessary, in which case we will notify you of the extension and the reason). We may need to verify your identity before processing your request.

If your personal information was entered into ClubCRM by a private club or organization (i.e., you are a contact in their CRM database), we recommend contacting that club directly to exercise your rights, as they are the data controller for your information. We will assist the club in fulfilling your request.

7. Security

We implement industry-standard technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols.
• Password security: User passwords are hashed using the bcrypt algorithm and are never stored in plain text.
• CSRF protection: Cross-site request forgery tokens are used to prevent unauthorized actions on authenticated sessions.
• Rate limiting: API and login endpoints are rate-limited to prevent brute-force attacks and abuse.
• CORS restrictions: Cross-Origin Resource Sharing policies restrict which domains may access our APIs.
• Security headers: We implement HTTP security headers including HTTP Strict Transport Security (HSTS), X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy to protect against common web vulnerabilities.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

8. Children’s Privacy

Our services are not directed to children under the age of 13 (or 16 in jurisdictions where a higher age threshold applies). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age threshold, we will take steps to delete that information promptly. If you believe that a child has provided personal information to us, please contact us at privacy@privateclubmarketing.com.

9. International Data Transfers

PCM is based in the United States, and all data collected through our services is stored on servers located in the United States. If you are accessing our services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using our services, you consent to the transfer of your personal information to the United States. Where required by applicable law, we will implement appropriate safeguards (such as standard contractual clauses) to ensure your personal information is adequately protected during international transfers.

10. Meta Platform Data Deletion

In compliance with Meta Platform requirements, PCM implements a data deletion callback mechanism. When a user removes or deauthorizes the ClubCRM integration from their Facebook or Instagram account, we receive an automated data deletion request from Meta. Upon receiving this request, we:

• Delete all data obtained through the Meta integration for that user
• Issue a confirmation code that can be used to verify the deletion was completed
• Complete the deletion process within the timeframe required by Meta’s platform policies

If you have questions about Meta-related data deletion, please contact us at privacy@privateclubmarketing.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Effective Date” at the top of this page and, where required by law, provide additional notice (such as an email notification or a prominent notice on our website). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Private Club Marketing Inc
Email: privacy@privateclubmarketing.com
Phone: 949.743.5793
Offices: Los Angeles, CA  •  Philadelphia, PA  •  Jackson, WY

For data protection inquiries from the European Economic Area, you may also have the right to lodge a complaint with your local supervisory authority.

This Privacy Policy is effective as of February 2026. © 2026 Private Club Marketing Inc. All rights reserved.