Privacy Policy
This Privacy Policy describes how GuestPass Plus collects, uses, and protects your personal information when you use our services.
Table of Contents
1. Introduction
GuestPass Plus ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our guest management platform, including our website, mobile applications, and related services (collectively, the "Services").
By using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
GuestPass Plus is headquartered in California, United States. This policy is designed to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
2. Information We Collect
2.1 Information You Provide Directly
We collect information you provide when using our Services, including:
- Contact information: name, email address, phone number, and mailing address
- Account credentials: email and password for staff and administrator accounts
- Waiver information: signature, date of signing, and waiver acceptance confirmations
- Marketing preferences: your choices regarding email and SMS communications
- Member information: membership details provided by clubs using our platform
- Communication content: messages you send to us or through our platform
2.2 Information Collected Automatically
When you use our Services, we automatically collect certain information:
- Device information: device type, operating system, browser type, and unique device identifiers
- Usage data: pages visited, features used, time spent on pages, and interaction patterns
- IP address: your Internet Protocol address, which may indicate your general location
- Check-in data: timestamps and locations of guest check-ins at club facilities
- Log data: error reports, performance data, and diagnostic information
2.3 Information from Third Parties
We may receive information about you from third parties, including:
- Clubs and venues that use our platform to manage guest visits
- Members who invite you as their guest
- Authentication providers if you sign in using third-party credentials
- Analytics providers that help us understand service usage
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- Process guest registrations and waiver signatures
- Generate and manage digital guest passes
- Facilitate guest check-ins at club facilities
- Verify your identity through SMS verification
- Maintain records of waivers for liability protection
3.2 Communications
- Send verification codes via SMS for identity confirmation
- Deliver check-in confirmations and guest pass notifications
- Provide customer support and respond to inquiries
- Send marketing communications (with your consent)
- Notify you of changes to our Services or policies
3.3 Improvement and Analytics
- Analyze usage patterns to improve our Services
- Debug and fix technical issues
- Develop new features and functionality
- Generate aggregated, anonymized analytics for our customers
3.4 Legal and Safety
- Comply with legal obligations and valid legal processes
- Protect our rights, privacy, safety, or property
- Enforce our terms of service and other agreements
- Prevent fraud, abuse, and other harmful activities
4. Information Sharing
We do not sell your personal information. We may share your information in the following circumstances:
4.1 With Clubs and Venues
When you register as a guest at a club or venue using our platform, we share your information with that organization so they can manage your visit, verify your waiver status, and communicate with you about your guest experience.
4.2 Service Providers
We work with trusted third-party service providers who assist us in operating our Services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting and storage | All account and transaction data |
| Twilio | SMS verification | Phone numbers and verification codes |
| Resend | Transactional emails | Email addresses and email content |
| GoHighLevel | CRM and marketing automation | Contact data, marketing preferences |
| Vercel | Website hosting and analytics | Usage data and performance metrics |
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Waiver records | 7 years minimum | Legal liability protection |
| Guest profiles | Until deletion requested | Service functionality |
| Check-in logs | 3 years | Analytics and dispute resolution |
| Account data | Duration of account + 1 year | Service provision |
| Marketing data | Until opt-out | Marketing communications |
| SMS verification tokens | 10 minutes | Security verification |
After the retention period expires, we securely delete or anonymize your information unless retention is required for legal, accounting, or compliance purposes.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Multi-tenant architecture with strict data isolation
- Rate limiting to prevent abuse and brute-force attacks
- Input validation and sanitization to prevent injection attacks
- Regular security assessments and monitoring
- Access controls limiting employee access to personal data
- Secure password hashing for all credentials
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Request that we delete your personal information (subject to certain exceptions)
- Portability: Request a copy of your data in a portable format
- Opt-out: Unsubscribe from marketing communications at any time
- Withdraw consent: Withdraw previously given consent for specific processing activities
To exercise any of these rights, please contact us at privacy@guestpassplus.com. We will respond to your request within 45 days.
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
8.1 Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we share it.
8.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions (such as completing transactions, detecting security incidents, or complying with legal obligations).
8.3 Right to Correct
You have the right to request correction of inaccurate personal information that we maintain about you.
8.4 Right to Opt-Out of Sale or Sharing
We do not sell your personal information. We also do not "share" your personal information for cross-context behavioral advertising purposes as defined under CPRA.
8.5 Right to Limit Use of Sensitive Personal Information
We only use sensitive personal information (such as phone numbers for SMS verification) for purposes authorized under CPRA, including providing the services you request.
8.6 Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different level of service because you exercised your privacy rights.
8.7 Authorized Agents
You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may still require you to verify your identity directly.
8.8 How to Submit Requests
To exercise your California privacy rights, you may submit a verifiable consumer request by:
- Emailing us at privacy@guestpassplus.com
- Writing to us at the address in the Contact section below
We will verify your identity before processing your request by matching information you provide with information we have on file.
10. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@guestpassplus.com. If we discover that a child under 16 has provided us with personal information, we will promptly delete it from our systems.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Policy periodically to stay informed about our practices.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
GuestPass Plus
Email: privacy@guestpassplus.com
General Inquiries: hello@guestpassplus.com
Location: California, United States
For California residents: You may also contact the California Attorney General's office to report privacy concerns or learn more about your rights at https://oag.ca.gov/privacy.