Ripperclub logo
Ripperclub
Privacy Policy

Protecting member data and respecting privacy obligations.

Ripperclub Pty Ltd (ABN 41 123 456 789) provides software-as-a-service for clubs and acts as a data processor on behalf of our customers. This policy describes how we collect, use, and safeguard personal information.

Information We Collect

  • Account details such as name, email, contact information, and organisation metadata.
  • Member, student, and guardian records imported by your organisation (attendance, progress, billing data).
  • Payment method tokens and transaction results managed by vetted PCI DSS compliant processors (Stripe).
  • Usage telemetry needed to secure the platform, detect anomalies, and improve performance.

How We Use Information

  • Deliver the contracted services including scheduling, billing, reporting, and communications.
  • Provide customer support, implementation assistance, and product updates.
  • Monitor, prevent, and detect fraud, abuse, or security incidents.
  • Comply with legal obligations and enforce agreements with your organisation.

Data Sharing & Transfers

  • Payment processors, email delivery partners, analytics providers, and cloud hosting vendors operate under strict data processing agreements.
  • We never sell personal data. Sub-processors are reviewed annually with security and privacy controls documented for customers.
  • Data may be processed outside your jurisdiction depending on infrastructure region selections; we align with Australian Privacy Principles and GDPR where applicable.

Security Controls

  • Encryption in transit (TLS 1.3) and at rest across Azure SQL, Blob Storage, and key vaults.
  • Role-based access control, least privilege policies, and audited session management.
  • Continuous vulnerability scanning, third-party penetration testing, and layered incident response plans.

Data Subject Rights

  • Organisations can access, correct, export, or delete member data using in-product tooling or support requests.
  • Parents/guardians may submit privacy requests via their club; we partner to action them within statutory timeframes.
  • We retain data for the duration of the customer agreement unless otherwise instructed or required by law.

Children's Privacy

  • Ripperclub operates under the direction of clubs serving minors. We handle data only as a processor and never market directly to children.
  • Clubs must obtain appropriate consents from guardians. Our workflows support waivers, consent tracking, and secure document storage.

Data Retention

Operational data is retained for the lifecycle of your agreement. Backups follow Azure retention policies and are encrypted. Upon termination, we provide exports and securely purge data within 60 days unless longer retention is required by law or requested by the customer.

Updates to this Policy

We may update this policy to reflect new features, regulatory requirements, or industry practices. We will notify customers via the admin portal and email prior to material changes. Continued use of the service after the effective date signifies acceptance.

Contact

Privacy enquiries, data requests, or complaints can be sent to privacy@ripperclub.au. We will respond within 7 business days.