Privacy Policy

Last updated: March 2026

1. Who we are

Rowbot is a club management platform operated by Experiential Technologies Ltd ("we", "us", "our"), a company registered in England and Wales (Company No. 12585767). We provide software that helps rowing clubs manage their members, schedules, equipment, and more.

This policy explains what personal data we collect, why, and what your rights are.

2. Our role in relation to your data

Rowbot serves two roles depending on the type of data:

  • Data Controller — We are the controller for data related to your Rowbot user account (your email address, login credentials, and platform-level profile). We determine how this data is used to provide and secure the platform.
  • Data Processor — For data that your club stores about you in Rowbot (membership details, squad assignments, attendance, lineup selections, equipment usage, etc.), your club is the data controller. We process this data on their behalf and according to their instructions.

If you have questions about how your club uses your data within Rowbot, contact your club directly. If you have questions about your Rowbot account or the platform itself, contact us.

3. What data we collect

Account data (we are the controller)

When you create a Rowbot account, we collect:

  • Email address
  • Name
  • Password or authentication tokens (for magic link / social login)
  • Profile information you choose to add (e.g. profile photo)

We use this data to:

  • Authenticate you and keep your account secure
  • Provide access to clubs you belong to
  • Send you essential communications (login links, security alerts)

Lawful basis: Legitimate interests (providing and securing the service) and, where applicable, performance of a contract.

Club data (your club is the controller)

Your club and its administrators may store the following about you:

  • Contact details (phone number, emergency contacts)
  • Club membership information (membership type, dates, status)
  • Squad and group assignments
  • Attendance and availability
  • Lineup and crew selections
  • Coaching notes and certifications
  • Equipment allocations
  • Financial information (invoices, payment status)
  • Any other information your club chooses to record

We process this data on your club's behalf. The lawful basis for this processing is determined by your club — typically legitimate interests (running the club) or performance of a contract (your club membership).

Health and activity data

If you choose to connect a fitness platform (e.g. Strava, Concept2, Apple Health) or log training data, Rowbot may process:

  • Workout and activity records (distance, duration, stroke rate, splits)
  • Heart rate data
  • Other fitness metrics from connected services

This is special category data under UK GDPR. We only process it with your explicit consent, which you give when you connect a service or enable activity tracking. You can disconnect at any time, and we will stop syncing new data. You can also request deletion of previously synced data.

Your club's coaches and administrators may be able to view your activity data within Rowbot, depending on your club's settings and permissions. Your club will inform you of who has access.

Technical data

We automatically collect limited technical data when you use Rowbot:

  • IP address and approximate location
  • Browser or device type
  • Pages visited and actions taken within the platform
  • Error logs

Lawful basis: Legitimate interests (maintaining and improving the service).

4. How we share your data

We do not sell your data. We share it only with:

  • Your club's administrators and authorised users — according to your club's permission settings
  • Sub-processors — third-party services that help us run the platform (see below)
  • Legal requirements — if required by law, regulation, or legal process

Sub-processors

We use the following third-party services to operate Rowbot:

  • Amazon Web Services (AWS) — Hosting, database, file storage (UK, London)
  • Postmark — Transactional email (US)
  • Stripe — Payment processing (US)
  • GoCardless — Direct debit payment processing (UK)

Where data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses, adequacy decisions).

Fitness platform integrations (Strava, Concept2, etc.) are initiated by you and governed by those platforms' own privacy policies.

5. How long we keep your data

  • Account data — Retained while your account is active. If you delete your account, we delete your account data within 30 days.
  • Club data — Retained while your club uses Rowbot. If a club leaves the platform, their data is deleted within 30 days of termination unless they request an export. Individual member data is deleted on request from you or your club.
  • Health and activity data — Retained until you disconnect the integration and/or request deletion.
  • Technical logs — Retained for up to 12 months.

6. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data (request a copy of what we hold)
  • Correct inaccurate data
  • Delete your data (right to erasure)
  • Restrict processing in certain circumstances
  • Port your data (receive it in a structured, machine-readable format)
  • Object to processing based on legitimate interests
  • Withdraw consent for health data processing at any time

For data where we are the controller (your account), contact us directly. For data where your club is the controller, contact your club — we will assist them in fulfilling your request.

To exercise any of these rights, email us at privacy@rowbot.app.

7. Cookies

We use essential cookies to provide the Service (authentication, session management). We do not use third-party tracking or advertising cookies. You can manage cookie preferences through your browser settings.

8. Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest
  • Tenant isolation (your club's data is separated from other clubs')
  • Role-based access controls
  • Regular security reviews

9. Children

Rowbot is not intended for use by children under 16. We do not knowingly collect data from children under 16 without parental consent. If you believe a child's data has been collected without appropriate consent, please contact us.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top of this page will always reflect the most recent version.

11. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO):

We'd appreciate the chance to address your concern first — please contact us before escalating to the ICO.

12. Contact us

Experiential Technologies Ltd (Company No. 12585767)

For data protection queries: privacy@rowbot.app

For general support: support@rowbot.app