Club AIClub AI
← Back to home

CLUB AI

Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how Club AI Pty Ltd ("Club AI", "we", "us", "our") collects, uses, discloses and protects information when you use the Club AI Platform at club-ai.com.au (the "Service"). Club AI is operated from Victoria, Australia, and we comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

By creating an account or using the Service you agree to this policy. If you do not agree, please do not use the Service.

1. Who we are

Club AI is a software-as-a-service product for Australian hospitality venues (clubs, pubs, RSLs and similar). It is founded by Wayne and Ashley Sutton and operated from Victoria, Australia. You can contact us any time at admin@club-ai.com.au.

2. Information we collect

2.1 Account information

You sign in with either a Google account or a Microsoft account (including personal Microsoft accounts and Microsoft 365 work or school accounts). From your chosen provider we receive your basic account profile: your name, email address and, where available, your profile picture. We use this to create your account, identify you in the app and send you service messages. Your club’s data is stored in the drive of whichever provider the account owner signed up with (see section 2.2).

2.2 Cloud drive access (Google Drive or Microsoft OneDrive)

With your consent, the Service requests permission to store your club’s form data in your own cloud drive. We use a dedicated “Club AI” folder and only ever read or write inside the folders our app creates.

Google accounts. We use Google’s restricted drive.file scope. This means our app can only see and modify files that our app itself creates in your Drive, or files you explicitly open with our app. We cannot see, list or touch any other file in your Google Drive.

Microsoft accounts. For personal Microsoft accounts we use the app-folder permission, which limits us to our own folder. For Microsoft 365 work or school accounts, Microsoft does not offer that app-folder permission, so it grants the broader Files.ReadWrite permission (read and write access to your own OneDrive). Even where the permission Microsoft grants is broader, we restrict ourselves by design to a single “Club AI” folder and never read or modify anything else in your OneDrive.

We use this access to:

  • Create a per-form spreadsheet in your drive (a Google Sheet on Google, an Excel workbook on OneDrive) that mirrors each submission so you can view and edit your data in a tool you already use.
  • Create a folder in your drive for form attachments and upload files that respondents attach to a submission.
  • Read those files back when you ask us to (for example, the 'sync edits from spreadsheet' feature that pulls corrections you made in the spreadsheet back into the app), and to save outputs you choose to keep (for example QR codes and posters).

We store the OAuth access and refresh tokens your provider issues so the app can keep writing your submissions between sessions. Tokens are encrypted at rest in our database and are revoked when you disconnect or delete your account. You can revoke our access at any time from your Google Account permissions page or your Microsoft account privacy settings.

2.3 Form definitions and form content

When you build a form in Club AI, the form schema (field names, labels, validation rules, settings) and the submission records are stored in our database so we can render the form and process submissions. A copy of each submission is also written into your own Google Drive or Microsoft OneDrive as the spreadsheet and attachments described in section 2.2, so you always have your data in your own account.

2.4 Billing information

Subscription billing is handled by Stripe. We do not receive or store your full card number. We do store a Stripe customer ID and your subscription status so the app knows whether your subscription is active.

2.5 Technical information

Like most web services we log basic technical information when you use the Service: IP address, user agent, requested pages and error traces. We use this to keep the Service running, debug problems and detect abuse. We do not sell this data and we do not use it for advertising.

2.6 Reports you forward to us (Report Inbox)

Club AI can give your venue its own forwarding address (for example yourvenue@reports.club-ai.com.au). This is optional. If you point the daily reports your other systems already email (for example point-of-sale, gaming, payroll or reception reports) at that address, we receive those emails, read the attached files, and store a structured summary and the underlying figures in our database so they are searchable in the app and available to an AI you connect. We also file a copy of each report into a “Reports” folder in your own Google Drive or Microsoft OneDrive, next to your form data.

These reports are your venue’s own operational records, and you control which reports, if any, you forward. If a report you forward happens to contain personal information (for example a staff name in a payroll report), we handle it under this policy and only to provide the Service. The forwarded emails are received on our behalf by our email provider, Resend.

2.7 AI features inside the app

Club AI’s apps (Form Builder, Margin Calculator, Function Quotes, QR Code Generator and Poster Builder) follow fixed rules and do not send your content to any AI provider, and we do not run AI models over your content. If you want AI help with your data, you can connect your own AI assistant yourself. Section 5 explains how that works and what it means for your data.

3. How we use your information

  • To provide the Service: authenticate you, render your forms, accept submissions, save a copy of submissions to your Google Drive or Microsoft OneDrive, and run the apps in the Club AI suite (Form Builder, Margin Calculator, Function Quotes, QR Code Generator and Poster Builder).
  • To receive and organise the venue reports you forward to your Report Inbox, and file a copy into your own drive.
  • To send you transactional and service emails (for example, a notification when someone submits one of your forms, billing receipts, security alerts).
  • To process subscription payments via Stripe.
  • To improve and secure the Service: monitor performance, debug errors, prevent fraud and abuse.
  • To comply with our legal obligations.

We do not sell your personal information to any third party, and we do not use your forms, submissions, reports or Drive files to train AI models. Our apps do not run AI over your content; the only AI involved is an assistant you choose to connect yourself (see section 5), and then only to give you the result you asked for.

4. Who we share information with

We use a small number of trusted processors to run the Service. Each only receives the information they need to perform their role, and each is bound by their own privacy commitments.

  • Google (Sign-in, Drive, Sheets)

    Authentication and storage of your form data and attachments in your own Google Drive. Used when you sign in with Google.

  • Microsoft (Sign-in, OneDrive)

    Authentication and storage of your form data and attachments in your own OneDrive. Used when you sign in with a Microsoft account.

  • Stripe

    Subscription billing. Receives your name, email and payment details.

  • Vercel

    Application hosting and edge compute.

  • Neon

    Managed Postgres database (Sydney, Australia region) for your account, form schemas, submission records, billing metadata and encrypted OAuth tokens.

  • Resend

    Outbound transactional and notification emails (for example, new submission alerts), and receiving the system reports you forward to your Report Inbox.

  • Cloudflare

    Bot and spam protection (Turnstile) on our public form pages and sign-up. Receives technical signals such as IP address to tell genuine people from bots.

We may also disclose information if required by Australian law, court order or to protect the rights, property or safety of Club AI, our users or others.

5. Connecting an AI assistant to your data (optional)

Club AI is built so you can use your own AI assistant (such as ChatGPT, Claude, Gemini or Microsoft Copilot) to ask questions and build reports from your venue’s data. This is optional, you switch it on yourself, and the assistant runs under your own account with that provider, billed to you, not to us. There is no extra Club AI charge for it. There are two ways to connect, and you choose which to use.

Option A: your AI reads your own drive.You connect your AI assistant to the “Club AI” folder in your own Google Drive or Microsoft OneDrive, using that provider’s own drive connector. For this option your data never passes through us: it stays in your drive and your assistant reads it there, under your own account. We only give you the setup steps and a suggested prompt.

Option B: connect ChatGPT or Claude directly to Club AI. For a more reliable experience we also offer a direct connector. You add Club AI as a connector in ChatGPT or Claude and sign in once with the same Club AI account you already use. After that, when you ask your assistant a question, it securely requests your data from Club AI and we send back your own venue’s information, and only your venue’s, so the assistant can answer. The secure key your assistant uses is locked to your venue and only ever returns your own club’s data.

For both options:

  • You start the connection yourself and can disconnect it at any time from inside ChatGPT, Claude or your AI provider's settings.
  • Your AI assistant is a separate service you use under your own account and that provider's terms. Your question and the data it pulls are handled by that provider (for example OpenAI for ChatGPT, Anthropic for Claude).
  • We do not receive or store your chats with your AI. With the direct connector, your assistant asks our system only for the specific venue data it needs to answer you.
  • Please review the privacy terms of whichever AI provider you choose, and only connect data you are comfortable sharing with that provider.

6. Where your data lives

  • Account records, form schemas, submission records, report summaries, billing status and (encrypted) OAuth tokens: stored in our managed Postgres database (Neon) in the Sydney, Australia region (AWS ap-southeast-2).
  • Application hosting and compute: Vercel, which may process requests in the United States or European Union.
  • A copy of your form submissions, uploaded attachments and forwarded reports: stored in YOUR own Google Drive or Microsoft OneDrive, under your own account, in folders our app creates. You own and control these files.
  • If you connect your own AI assistant (section 5): the data it reads is processed by whichever AI provider you choose, in their regions, under your own account.
  • Email delivery, and receipt of the reports you forward to your Report Inbox: handled by Resend.

Your primary data store (our database) is located in Australia. However, some of our processors (for example application hosting, payments and email delivery) are based outside Australia, so your information may be transferred to, stored or processed in the United States, the European Union or other countries where those processors operate. We take reasonable steps to ensure overseas recipients handle your information in line with the Australian Privacy Principles.

7. Data retention

  • While your subscription is active, we retain your account data, form schemas, submission records, OAuth tokens and billing records so the Service can continue to operate.
  • If you cancel your subscription, we retain your account in a closed state for up to 90 days so you can reactivate without losing your forms, then delete the account record.
  • If you delete your account, we delete your form schemas, submission records, OAuth tokens and identifying account data from our database within 30 days, except where we are required by law to keep certain records (for example, tax invoices).
  • The spreadsheets, uploaded attachments and other files our app created in your Google Drive or Microsoft OneDrive stay in your own drive. They are yours. We do not delete them when you cancel; you can keep, export or delete them yourself.
  • Backups and system logs are retained for up to 30 days for operational and security purposes.

8. Your rights under Australian privacy law

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Ask us to correct information that is inaccurate, out of date or incomplete.
  • Ask us to delete your personal information, subject to our legal record-keeping obligations.
  • Withdraw your consent to drive access at any time (by disconnecting your account in the app, or via your Google Account or Microsoft account settings).
  • Complain to us if you think we have mishandled your information, and complain to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied with our response.

To exercise any of these rights, email admin@club-ai.com.au. We will respond within a reasonable time, generally within 30 days.

9. Security

  • All traffic to and from the Service is encrypted in transit using TLS.
  • Data in our Postgres database is encrypted at rest.
  • OAuth tokens are encrypted at rest using authenticated encryption and are never exposed to your browser.
  • We request the minimum drive permissions each provider offers. On Google we use the drive.file scope, which only grants access to files our app creates or that you explicitly open with our app. On personal Microsoft accounts we use the app-folder permission. Microsoft 365 work accounts only offer a broader permission, but we confine ourselves by design to a single 'Club AI' folder.
  • Access to production systems is limited to the founders and is protected by single sign-on and multi-factor authentication.
  • Our public form and sign-up pages can be protected against bots and spam using Cloudflare Turnstile.

No system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and the OAIC as required by the Notifiable Data Breaches scheme.

10. Children

Club AI is a business tool for hospitality venue managers. It is not directed at children. You must be at least 18 years old to create an account. We do not knowingly collect personal information from anyone under 18. If you believe a child has given us their information, please contact us and we will delete it.

11. Cookies and similar technologies

We use a small number of strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising cookies or third-party tracking pixels for marketing.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via an in-app notice before the change takes effect. Continuing to use the Service after a change means you accept the updated policy.

13. Governing law

This Privacy Policy is governed by the laws of Victoria, Australia. Any dispute arising under it will be dealt with in the courts of Victoria, Australia.

14. Contact us

If you have a question about this policy, want to exercise a privacy right, or want to report a concern, email admin@club-ai.com.au.

Club AI Pty Ltd, Victoria, Australia.

← Back to home