Privacy Policy

Last updated: February 2026

1. Introduction

Rowbot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Data Controller and Processor

For club member data, Rowbot acts as a data processor on behalf of rowing clubs, who act as data controllers. For platform user accounts and billing information, Rowbot acts as the data controller.

3. Information We Collect

Information you provide:

  • Account information (name, email address)
  • Club membership details
  • Payment information (processed securely via Stripe/GoCardless)
  • Session attendance and preferences
  • Communications with us

Information collected automatically:

  • Device and browser information
  • IP address and location data
  • Usage patterns and preferences
  • Cookies and similar technologies

4. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process memberships and payments
  • Send service-related communications
  • Improve and personalize the Service
  • Comply with legal obligations
  • Protect against fraudulent or illegal activity

5. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

  • Contract: To provide the Service you have requested
  • Legitimate interests: To improve our Service and prevent fraud
  • Consent: Where you have given explicit consent
  • Legal obligation: To comply with applicable laws

6. Data Sharing

We may share your information with:

  • Your rowing club (for member data)
  • Payment processors (Stripe, GoCardless)
  • Cloud service providers (AWS)
  • Analytics providers
  • Legal authorities when required by law

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Club member data is retained according to each club's retention settings. When you delete your account, we will delete or anonymize your data within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at privacy@rowbot.app.

10. Cookies

We use essential cookies to provide the Service and optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings.

11. International Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, for any international transfers.

12. Children's Privacy

The Service may be used by rowing clubs with junior members. Club administrators are responsible for obtaining appropriate parental consent for members under 18. We do not knowingly collect data from children under 13 without parental consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service.

14. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact our Data Protection Officer at privacy@rowbot.app.

15. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.