Privacy Policy

Effective date: May 28, 2026

1. Who We Are & Our Role

GatherGrove ("GatherGrove", "we", "us") is a club management platform operated by Ventora Labs, a Wyoming corporation, located in Sheridan, Wyoming. GatherGrove is offered as part of the Ventora Labs family of products. This policy explains how we handle personal information in connection with the GatherGrove website at gathergrove.club and the GatherGrove web and mobile applications (together, the "Service").

Our role depends on whose data is involved:

  • We act as a service provider / processor for the personal information that a club and its administrators upload, enter, or generate about their members through the Service (for example, a club's member roster). For that data, the club is the controller / business and decides why and how the data is used; we process it on the club's behalf and under our agreement with the club. Members should direct requests about that data to their club in the first instance, though we will assist as required by law.
  • We act as a controller / business for the data we collect directly to operate the Service - for example, account-registration details of club administrators, billing records, support communications, and website analytics.

2. Whose Data This Covers

  • Club administrators and organizers who register accounts and run clubs on the Service.
  • Club members whose information is added to a club by that club or who join through an invite.
  • Website visitors and prospective customers who browse our site or submit interest/marketing forms.

3. Information We Collect

Administrator account information

  • Full name and email address.
  • Password (stored only as a salted hash), or, if you sign in with Google or Apple, the identifier provided by that sign-in provider.
  • Account status, onboarding progress, and account-activity timestamps.

Club and member information (processed on a club's behalf)

  • Member name, email address, phone number, and postal address.
  • Membership type, status, join date, dues-paid dates, club/location assignment, and tags or segments.
  • Custom fields that a club chooses to define and collect about its members.
  • Directory listing preferences and the fields a member chooses to make visible.
  • Messaging preferences, where messaging features are used.
  • Event RSVPs, attendance, check-ins, waitlists, feedback/survey responses, and engagement scores.
  • Chat messages and communications sent through the platform.
  • Where a club enables it, a member's Social Security Number (SSN) may be stored. Where stored, this field is encrypted at rest using AES-256.

Payment information

  • Payments are processed by Stripe (including Stripe Connect for clubs that collect payments). Card details are entered with and handled by Stripe; we do not store full card numbers on our servers.
  • We store payment records such as amount, date, payment method (e.g. cash, check, or Stripe), and related notes, plus subscription/billing status for paid plans.

Information collected automatically

  • Usage and analytics events, session activity, page views, login activity, and feature-usage data.
  • Device and technical data such as platform, device type, operating system, and browser/user-agent string.
  • A hashed form of your IP address and a derived country code for analytics and security; we retain the hash rather than the raw IP for analytics sessions. Raw IP addresses may be transiently processed by our infrastructure and security providers.
  • Audit, security, and error logs used to operate and protect the Service.
  • Cookies and similar technologies (see "Cookies & Analytics" below).

4. How & Why We Use Information (GDPR Legal Bases)

Where GDPR or UK GDPR applies, we rely on the following lawful bases:

  • Performance of a contract (Art. 6(1)(b)): to create and manage administrator accounts, provide the Service, process payments and subscriptions, and provide support.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud and abuse, maintain audit and error logs, and understand and improve usage through analytics - balanced against your rights.
  • Consent (Art. 6(1)(a)): for non-essential cookies or analytics where required. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to retain records (e.g. financial records) and respond to lawful requests.

For member data we process on a club's behalf, the legal basis is determined by the club as controller; we process that data only to provide the Service to the club and per our agreement with it.

5. Sub-Processors & Service Providers

We share personal information with vendors who help us run the Service. Each is bound by contract to use the data only to provide their service to us. The vendors in use are:

  • Stripe - payment processing and payouts (Stripe Connect).
  • Resend - transactional and notification email delivery.
  • Microsoft Azure - application hosting and database hosting for the backend API.
  • Cloudflare - website/frontend hosting and delivery, and bot/abuse protection (Turnstile).
  • Google - Google sign-in (OAuth) and Google Analytics website measurement.
  • Apple - "Sign in with Apple" authentication.
  • Sentry - application error and performance monitoring.
  • PostHog - product analytics.

We do not sell personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. We may also disclose information to comply with law, enforce our terms, or protect the rights and safety of users and the public.

6. International Data Transfers

We and our vendors may process and store information in the United States and in other countries where those vendors operate. Where personal information protected by GDPR or UK GDPR is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or other lawful transfer mechanisms. You may request more information using the contact details below.

7. Data Retention

We retain personal information for as long as needed to provide the Service and for the purposes described in this policy. For member data we process on a club's behalf, retention is generally controlled by the club; we delete or return such data in accordance with our agreement with the club. We retain account and billing records only as long as needed and delete or anonymize them within a reasonable period when no longer required, unless a longer period is required by law. Logs (audit, security, error) and analytics data are similarly retained only as long as needed for the purposes for which they were collected.

8. Security

We use technical and organizational measures intended to protect personal information. Measures actually implemented in the Service include: passwords stored as salted hashes; encryption of designated sensitive fields at rest using AES-256; JWT-based authentication with role-based authorization; rate limiting and bot protection; and audit, security, and error logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

EU/UK (GDPR & UK GDPR)

Subject to the law, you may have the right to:

  • Access a copy of your personal information.
  • Correct inaccurate personal information.
  • Request erasure of your personal information.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your supervisory authority.

California (CCPA/CPRA)

If you are a California resident, you may have the right to:

  • Know and access the personal information we have collected about you.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt out of any sale or sharing of personal information (note: we do not sell or share personal information as those terms are defined under California law).
  • Limit use of sensitive personal information.
  • Not receive discriminatory treatment for exercising your rights.

For data we process on a club's behalf, please direct rights requests to your club; we will assist the club as required. For data we control, contact us using the details below. We will verify your request before acting on it.

10. Children's Privacy

Hobby clubs may include minors. The Service is intended to be used by club administrators and organizers, not directly by children. A club may add information about members who are minors; where it does, the club is responsible for obtaining any parental or guardian consent required by applicable law, and for ensuring it has a lawful basis to provide that information to us.

We do not knowingly collect personal information directly from children under 13 (or the applicable age in your jurisdiction) for our own purposes. If you believe a child's information has been provided to us improperly, contact us and we will take appropriate action.

11. Cookies & Analytics

We use cookies and similar technologies for essential functionality (such as keeping you signed in) and for analytics. We use Google Analytics and PostHog to understand how the Service is used, and Sentry to detect and diagnose errors. You can control cookies through your browser settings; disabling some cookies may affect how the Service works.

12. Changes to This Policy

We may update this policy from time to time. We will post the updated version on this page and revise the effective date above. Material changes will be communicated as required by law.

13. Contact Us

For privacy questions or to exercise your rights, contact us at privacy@gathergrove.club, or by mail at Ventora Labs, a Wyoming corporation, Sheridan, Wyoming.

Questions about our privacy practices? Contact our support team
Start Free Trial
Online