Your data,
in plain English.
Rowbot is built for clubs, and clubs own their members' data. We just run the platform. We don't sell your data, and we don't train AI on it. This page explains how it all works - and what you can control.
Last updated: April 2026
- Your club owns most of your data. Your membership, attendance, lineups, coaching notes - that's all controlled by your club, the same way it would be in a paper file or spreadsheet.
- Rowbot only controls your login. Your email, password, and account profile - the bits you need to sign in to any club you belong to.
- Sensitive stuff is opt-in, always. Heart rate, fitness data, AI features, photo tagging - none of it happens unless you switch it on, and you can switch it off any time.
- Hosted in London, encrypted everywhere. Your data sits on AWS servers in the UK, encrypted in transit and at rest. We never sell it. Nothing is used to train AI models.
Who's in charge of what
Different bits of your data are controlled by different people. Here's the split.
Your club controls
Your club is the data controller for everything stored about you in Rowbot for club purposes.
- • Contact details and emergency contacts
- • Membership type, dates, status
- • Squad and group assignments
- • Attendance and availability
- • Lineups and crew selections
- • Coaching notes and certifications
- • Equipment allocations
- • Invoices and payment status
Rowbot controls
We're only the data controller for the bits that make your account work across clubs.
- • Your email address
- • Your password / login tokens
- • Your name and profile photo
- • Login security alerts
- • Technical logs (errors, IP for security)
You control (opt-in)
Sensitive features are off by default. They only turn on when you say so, and you can switch them off again any time.
- • Connecting Strava, Concept2 or Apple Health
- • Sharing health and activity data with coaches
- • Photo tagging / facial recognition
- • AI-powered training recommendations
A note on the legal terms. Where we say "your club controls" we mean your club is the data controller under UK GDPR - they decide what gets entered and why. We're the processor: we run the platform and follow their instructions. Even for opt-in things like health data and AI, your club is still the controller - the difference is the law requires an extra layer of your consent because the data is more sensitive. So you get a personal switch.
The sensitive stuff is yours to switch on
These features all start off. They only process your data once you opt in, and you can opt out at any time from your account settings.
Health & fitness data
If you connect Strava, Concept2, or Apple Health - or log workouts manually - Rowbot can show your training data alongside the rest of your club life.
Default: Private. Not connected.
Who sees it: Only you and the coaches your club gives access to - and only after you opt in.
Turn it off: Disconnect the integration in Settings. Sync stops immediately. You can request deletion of previously synced data.
AI features
Some clubs enable AI for things like training suggestions, reporting, and natural language queries. AI runs on data you've already shared with your club.
Default: Off, club-wide. Your club has to enable it.
Where it runs: AWS Bedrock in London. Anthropic (Claude) is the model provider but never receives your data directly.
Training: Your data is never used to train AI models - not by us, not by AWS, not by Anthropic.
Photo tagging
Optional facial recognition that automatically tags members in club photos. Uses AWS Rekognition, hosted in London.
Default: Off. Your club must enable it, and you must give explicit consent for your face.
Withdraw consent: Anywhere, any time. Your facial recognition data is deleted immediately and existing tags are removed.
Wrong tag? You can correct or remove any tag yourself.
How we keep your data safe
Security isn't a feature, it's the default. Here's what that looks like in practice.
Encrypted everywhere
TLS in transit, encryption at rest. Your data is never moved or stored in the clear.
Hosted in London
All your data lives on AWS in eu-west-2 (London, UK). AI runs in the same region.
Tenant isolation
Each club's data is logically separated. One club can never see another club's data.
Role-based access
Inside a club, your data is only visible to people with the right permissions - set by your club, not us.
We're the data processor for your club, which means we have a contract (a Data Processing Agreement) that legally requires us to do all of this. We also notify clubs of any data breach within 72 hours.
Where your data lives
We don't run our own servers - we use a small set of trusted services to keep things reliable. Here's the full list of who touches your data and where.
| Service | What it does | Location |
|---|---|---|
| AWS | Hosting, database, file storage | London, UK |
| Postmark | Sending login & notification emails | United States |
| Stripe | Card payments | United States |
| GoCardless | Direct debit payments | United Kingdom |
| AWS BedrockAI only | Runs Claude (Anthropic) for AI features | London, UK |
| AWS RekognitionPhoto tagging only | Facial recognition | London, UK |
Where data is transferred outside the UK (Postmark, Stripe), we use the legal safeguards required by UK GDPR - Standard Contractual Clauses or adequacy decisions. The full list is in our Data Processing Agreement.
Your rights, in one list
Under UK GDPR you have a set of rights over your personal data. Here's how to actually use them.
See what we hold about you
Request a copy of your account data.
Email privacy@rowbot.app →
See what your club holds
Your club is the controller for club data, so they handle the request - we'll help them.
Talk to your club admin →
Correct anything inaccurate
Update your profile in your account, or ask your club to fix club data.
Open Settings →
Delete your account
We delete your account data within 30 days. Club data is handled by your club.
Settings → Account →
Withdraw consent
For health sync, AI, or photo tagging - turn it off any time. Effects are immediate.
Settings → Privacy →
Export your data
Get a structured copy of your data so you can take it elsewhere.
Email privacy@rowbot.app →
Common questions
Can my coach see my heart rate?+
What happens to my data if I leave my club?+
What happens if my club leaves Rowbot?+
Is my data used to train AI?+
Does Rowbot read my private messages or photos?+
I'm under 16 - can I use Rowbot?+
Where do I complain if something goes wrong?+
The full policies
The plain-English version above is a summary. The legal documents below are what actually binds us, your club, and you.
Privacy Policy
The full UK GDPR privacy notice covering what we collect, why, how long we keep it, and your rights.
Read the full policy →
Data Processing Agreement
The contract between Rowbot and your club governing how we process member data on their behalf.
Read the full policy →
AI Features Addendum
How AI features work in detail - what data is used, what isn't, and the safeguards in place.
Read the full policy →
Terms of Service
The terms that govern your use of Rowbot - what you can and can't do on the platform.
Read the full policy →
Still have questions? Email us at privacy@rowbot.app. If your question is about how your specific club uses your data, your club is the best first stop.
Rowbot is operated by Experiential Technologies Ltd, registered in England and Wales (Company No. 12585767).