Privacy Policy
Effective Date: May 7, 2026
Parvelo (“we,” “us,” or “our”) is committed to protecting the privacy of golf course operators, staff, and members who use our platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services at www.parvelo.io.
1. Scope and Applicability
This Privacy Policy applies to all users of the Parvelo platform, including administrators, golf course staff, and end users (collectively, “you” or “users”). It covers information collected through our website (www.parvelo.io), our web and mobile applications, our APIs, and any other services we operate that link to this policy.
This policy does not apply to third-party websites or services that may be linked to or integrated with the Parvelo platform. We encourage you to review the privacy policies of any third-party services you use in connection with Parvelo.
2. Information We Collect
We collect information in the following categories:
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, job title, organization name, password (hashed) | Account creation, authentication, and support |
| Contact Information | Phone number, business address, billing address | Communication, billing, and service delivery |
| Payment Information | Credit/debit card details, billing history (processed via third-party payment processor) | Subscription billing and fraud prevention |
| Usage Data | Login timestamps, features accessed, actions performed, session duration | Service improvement and security monitoring |
| Golf Operations Data | Member bag tags, storage assignments, retrieval logs, member identifiers | Core service functionality |
| Device & Technical Data | IP address, browser type, operating system, device identifiers | Security, diagnostics, and analytics |
| Communications | Support tickets, emails, feedback forms, chat logs | Customer support and service improvement |
2.1 Information You Provide Directly
We collect information you provide when you register for an account, set up your organization's profile, enter member or operational data into the platform, contact our support team, or respond to surveys or communications.
2.2 Information Collected Automatically
When you use the Service, we automatically collect certain technical and usage data through cookies, log files, and similar technologies. This includes your IP address, browser and device information, pages visited, actions taken, and referring URLs. We use this data to operate and improve the Service and to detect and prevent fraud or abuse.
2.3 Information from Third Parties
We may receive information about you from third-party services you connect to Parvelo, such as payment processors or identity verification services. We only collect information from third parties that is necessary to provide the Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing and operating the Service, including processing transactions and managing your account
- Personalizing your experience and delivering features relevant to your role and organization
- Communicating with you about your account, updates, security alerts, and support requests
- Sending product news, feature announcements, and marketing communications (where you have consented or where permitted by law)
- Analyzing usage patterns to improve the performance, reliability, and usability of the Service
- Detecting, investigating, and preventing fraudulent transactions, abuse, or security incidents
- Complying with legal obligations and enforcing our Terms and Conditions
- Aggregating and anonymizing data for research, benchmarking, and business analytics
We do not sell your personal information to third parties. We do not use your operational data (e.g., member bag assignments) for advertising or marketing purposes.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
- Contract Performance — processing necessary to provide the Service you have contracted for
- Legitimate Interests — processing for fraud prevention, security, analytics, and service improvement, where our interests are not overridden by your rights
- Legal Obligation — processing required to comply with applicable law
- Consent — where you have given us explicit consent (e.g., for marketing emails), which you may withdraw at any time
5. How We Share Your Information
5.1 Service Providers
We share information with trusted third-party vendors who assist us in operating the Service, including cloud hosting providers, payment processors, email delivery services, customer support tools, and analytics platforms. These providers are contractually required to use your information only to perform services on our behalf and to maintain appropriate security standards.
5.2 Within Your Organization
If you use Parvelo as part of an organization account, your administrator may have access to your account information and activity within that account. We are not responsible for how your organization manages its internal data.
5.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect the safety of any person; (c) prevent fraud or address security issues; or (d) protect Parvelo's legal rights.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your information being transferred and becoming subject to a different privacy policy.
5.5 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, for industry research, analytics, marketing, or other business purposes.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files placed on your device that help us remember your preferences, authenticate sessions, and analyze usage.
6.1 Types of Cookies We Use
- Essential Cookies — required for the Service to function (e.g., session authentication). Cannot be disabled.
- Performance Cookies — help us understand how users interact with the Service (e.g., pages visited, errors encountered).
- Functional Cookies — remember your preferences and settings to improve your experience.
- Analytics Cookies — used to collect aggregated data on usage patterns to improve the Service.
6.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. For more information on managing cookies, visit www.allaboutcookies.org.
7. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:
- Account data is retained for the duration of your active subscription, plus up to 90 days following account closure to allow for reactivation or data export
- Operational data (e.g., bag room logs) is retained for the period configured by your organization administrator, subject to applicable legal minimums
- Usage and log data is generally retained for up to 12 months for security and analytics purposes
- Payment records are retained for up to 7 years to comply with financial and tax regulations
When data is no longer needed, we securely delete or anonymize it in accordance with our data disposal procedures.
8. Data Security
We implement industry-standard technical, administrative, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Access controls and role-based permissions limiting data access to authorized personnel
- Regular security assessments and vulnerability testing
- Employee training on data privacy and security practices
While we take these precautions seriously, no method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in risk to your rights or freedoms, we will notify you and relevant authorities as required by applicable law.
9. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
9.1 Access and Portability
You have the right to request a copy of the personal information we hold about you, in a structured, machine-readable format where technically feasible.
9.2 Correction
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
9.3 Deletion
You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain it by law or for legitimate business purposes).
9.4 Restriction and Objection
You have the right to request that we restrict the processing of your personal data in certain circumstances, or to object to processing based on legitimate interests.
9.5 Withdrawal of Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
9.6 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information is collected, sold, or disclosed; the right to opt out of the sale or sharing of personal information (we do not sell personal information); the right to non-discrimination for exercising your rights; and the right to correct inaccurate personal information.
9.7 Exercising Your Rights
To exercise any of the above rights, please contact us at privacy@parvelo.io. We will respond to your request within 30 days (or as otherwise required by applicable law). We may require verification of your identity before processing your request.
10. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe that a child under 16 has provided us with personal information without parental consent, please contact us at privacy@parvelo.io and we will take steps to delete such information.
11. International Data Transfers
Parvelo is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country.
For transfers from the European Economic Area, United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on Standard Contractual Clauses approved by the European Commission or equivalent mechanisms to ensure an adequate level of protection for your personal data.
12. Third-Party Services and Links
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information. We are not responsible for the privacy practices of third parties.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes, we will notify you by updating the Effective Date at the top of this policy and, where appropriate, by sending an email notification or displaying a prominent notice within the Service. We encourage you to review this policy periodically.
Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:
If you are located in the EEA or UK and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority.