Your rights to your data.

1. Introduction to Reclub's Privacy Policy

This section establishes the foundational understanding of Reclub's privacy commitments, the policy's scope, and the critical aspect of user agreement.

1.1. Purpose and scope of the policy

This Privacy Policy outlines Reclub PBC's practices for collecting, using, disclosing, and protecting personal information. It applies to everyone interacting with Reclub's ecosystem, including its website (https://reclub.co), mobile application (Reclub App), and auxiliary services such as activity hosting, community engagement features, and integrated payment functionalities (pending). This document serves as a set of guidelines that users agree to follow when using the service.

1.2. Acceptance of Terms

By accessing, viewing, registering for, or using any part of Reclub's service, users accept the terms outlined in this document, forming a contractual relationship with Reclub. This acceptance can occur through explicit actions, such as clicking a "Signup" button, or implicitly through continued use of the platform after the policy is posted. Reclub recommends explicit consent, especially for personal data handling, to ensure clear awareness and genuine agreement.

1.3. Effective date and updates

This Privacy Policy takes effect on August 1, 2025. Reclub reserves the right to update this policy periodically to reflect changes in data practices, technology, or legal requirements. Continued use of Reclub after any modifications constitutes acceptance of the updated terms. Reclub commits to regularly reviewing and updating its Privacy Policy to ensure ongoing compliance.

2. Information we collect

2.1. Categories of personal information collected

Reclub collects various types of personal information based on your interactions with its services, your choices, and the features you use. This includes, but is not limited to:

Identifiers: First and last names, email addresses, phone numbers, usernames, passwords, IP addresses, device IDs, and other authentication data.
Contact information: Physical addresses for purposes like sending physical tickets.
Social media login data: If you register using social media accounts (like Facebook or Twitter), Reclub may access profile information such as your name, email address, friends list, profile picture, and other public information.
Application data: If you use Reclub's mobile application, Reclub may request access to geolocation information, mobile device access (calendar, contacts, social media accounts), and automatically collect mobile device data (ID, model, manufacturer, operating system, etc.). Reclub may also request to send push notifications. This data is primarily for security, operation, troubleshooting, and internal analytics.
User-generated content: Content data, including posts, messages, photos, videos, and audio.
Usage data: Information about how users interact with the platform, including service-related, diagnostic, usage, and performance information (Log and Usage Data).
Device data: Information about your computer, phone, tablet, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, and other technical information.
Location data: Precise or imprecise device location.
Financial information: Payment information included in the payments section.
Event-specific information: For event hosting and community features, additional data points may include social media handles, headshots for speaker profiles, industry or demographic information for audience analysis, dietary requirements, disability information for accessibility accommodations, and comments or feedback.

2.2. Sensitive personal information

Reclub generally does not process sensitive personal information. Any collection of sensitive data will be conducted with heightened security measures and in strict adherence to legal requirements, including transparent communication about privacy implications and data deletion protocols.

2.3. Sources of information collection

Reclub collects personal information primarily through direct user interaction. Users provide much of this information during account creation, profile setup, content submission, or when interacting with forms on the platform. Information is also collected automatically through cookies and other tracking technologies as users navigate the website or application. Reclub does not receive information from third parties.

2.4. User-generated content (UGC)

Content that users create, upload, or share on the Reclub platform, including posts, comments, photos, videos, and audio, constitutes user-generated content. Reclub collects this content, and information shared in public areas (e.g., comments) may be viewed by all users and made publicly available. Reclub provides specific guidelines for content creation and sharing, detailing what is acceptable and what is prohibited.

Table 1: Categories of personal information collected by Reclub

Category of Information	Specific Examples	Source of Collection	Purpose of Collection
Identifiers	Name, Email Address, Phone Number, User ID, IP Address, Device ID, Username, Password	Directly from User, Automatically via Device/Browser	Account Creation, Communication, Reclub Delivery, User Authentication
Device Data	Device ID, Model, Manufacturer, Operating System, Language Preferences, Referring URLs, Country	Automatically via Device/Browser	Security, Operation, Troubleshooting, Internal Analytics
Location Data	Precise or Imprecise Device Location	Automatically via Device Permissions	Security, Operation, Troubleshooting, Internal Analytics, Reclub Features
Activity Data	Industry/Demographic Info	Directly from User (Optional)	Audience Analysis, Accessibility, Speaker Promotion

3. How we use your information

3.1. Purposes of data processing

Reclub uses personal information to provide, improve, and administer its services, communicate with users, ensure security, prevent fraud, and comply with legal requirements. These purposes include:

Reclub delivery and account management: To create and manage user accounts, facilitate platform access, process event registrations, and provide core functionalities.
Personalization and user experience: To tailor content, features, and recommendations to enhance the overall user experience.
Communication: To send booking confirmations, provide updates, respond to inquiries, and deliver relevant notifications.
Product improvement and research: To support research, statistical analysis, and surveys aimed at improving existing products and developing new features. This involves market research, identifying trends, and gaining insights into customer behavior through surveys, polls, and social listening.
Marketing and advertising: To deliver targeted advertisements and marketing communications, and to measure campaign effectiveness, optimizing return on investment (ROI).
Security and fraud prevention: To detect and prevent fraudulent activities, ensure platform security and integrity, and protect users.
Legal and regulatory compliance: To adhere to applicable laws, regulations, and industry standards.

3.2. Legal Bases for Processing

Reclub processes personal information only when there is a valid legal reason. For users in the European Union (EU), European Economic Area (EEA), or the UK, Reclub relies on specific lawful bases as mandated by the GDPR:

Consent: When the user has given explicit, specific, informed, and unambiguous consent for processing their personal data for specific purposes. This is particularly relevant for sensitive personal information or certain marketing activities.
Contractual necessity: When processing is necessary to perform a contract with the user or to take steps at the user's request before entering a contract. This applies to data processed for account management, service delivery, and payment processing.
Legal obligation: When processing is necessary to comply with a legal obligation. This covers data retention for tax purposes or disclosures to law enforcement.
Vital interests: When processing is necessary to protect the vital interests of the user or another person. This typically applies in emergency situations.
Legitimate interests: When processing is necessary for legitimate interests pursued by Reclub or a third party, provided these interests don't override the fundamental rights and freedoms of the data subject. Reclub will identify the specific legitimate interest when this basis is used.

For Canadian residents, Reclub may process information with express or implied consent, or in exceptional cases without consent as permitted by law (e.g., for fraud detection, business transactions).

4. How we share your information

4.1. Sharing with third parties

Reclub may share personal information in specific situations with certain categories of third parties to facilitate services, enhance user experience, and comply with legal obligations. These third parties include:

Ad networks: For delivering personalized advertisements and measuring campaign effectiveness.
Social networks: If users connect their accounts or for advertising purposes.
Performance monitoring tools: To analyze platform performance and user interaction.
Communication & collaboration tools: For internal and external communications.
User account registration & authentication services: For managing user accounts and verifying identities.
Google maps platform APIs: For location-based services.
Payment processors: Third-party entities responsible for securely handling financial transactions.
Business partners: In cases of collaborations or joint ventures.
During business transfers: Reclub may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of its business to another company.

Reclub explicitly discloses the categories of third parties with whom personal information is shared and the purposes for such sharing. Reclub implements rigorous vendor management practices and comprehensive data sharing agreements with third parties to ensure data protection.

4.2. International data transfers

If personal data is transferred outside the user's country of residence, particularly outside the EU/EEA, Reclub ensures adequate safeguards are in place to protect the data. Reclub may use Standard Contractual Clauses (SCCs), which are pre-approved model data protection clauses designed to facilitate legal data transfers to countries without an adequacy decision from the European Commission. These clauses incorporate specific data protection safeguards and may involve a "modular" approach. A Transfer Impact Assessment may also be conducted to evaluate the laws and practices of the recipient country.

Alternatively, for transfers from the EU/EEA, UK, and Switzerland to the United States, Reclub may rely on its participation in the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. This framework provides a mechanism for U.S.-based organizations to self-certify their compliance and publicly commit to adhering to the DPF Principles.

4.3. Cooperation with Law Enforcement

Reclub cooperates with law enforcement authorities when legally required. This involves complying with requests from law enforcement agencies in connection with investigations or legal proceedings, which may include providing information, documents, or access to records relevant to an inquiry. Reclub reserves the right to cooperate with appropriate legal authorities in investigations of alleged illegal activity involving its services or users. Reclub may provide information about user activity to legal authorities in response to requests, subpoenas, court orders, or similar requests when disclosure is reasonably determined to be appropriate, warranted, and permitted by applicable law.

Table 2: Data Sharing Scenarios and third-party categories

| --- | --- | --- | --- |

5. Your privacy rights and choices

5.1. Overview of user rights

Depending on your geographical location, applicable privacy laws may grant you certain rights regarding your personal information. Reclub is committed to facilitating the exercise of these privacy rights under applicable data protection regulations, including:

Right to be informed: The right to know what personal data is collected and how it is processed.
Right of access: The right to request a copy of the personal information Reclub holds about you, including categories of data, specific pieces of information, sources of collection, purposes of use, and categories of third parties with whom data is shared. This information must be provided for the 12-month period preceding your request and free of charge.
Right to rectification: The right to request that Reclub correct or update inaccurate personal data, or complete incomplete data.
Right to erasure: The right to request the deletion of personal information under certain circumstances.
Right to data portability: The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.