Privacy Policy
Corvus Analytics, Inc.
Effective Date: January 6, 2026
1. Introduction
Corvus Analytics, Inc. ("Corvus," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use the Corvus Analytics platform (the "Service"), including our website, mobile applications, and related services.
Our Principal Place of Business: 400 Ucceli Dr, Redwood City, CA 94063
This policy applies to all users of the Service, including club administrators and members whose data is processed on behalf of club customers. Please read this policy carefully. By accessing or using Corvus Analytics, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
2.1 Account Registration Information
When you create a Corvus account, we collect:
- First and last name
- Email address
- Phone number
- Company/Club name
- Job title
- Mailing address
- Password and authentication credentials
- Billing information and payment method details
2.2 Club Member Data
When a club uploads member data to Corvus for analytics processing, we collect:
- Member names and contact information
- Member demographics and profiles
- Membership status, join dates, and tenure data
- Engagement metrics (facility usage, visit frequency, class attendance)
- Transaction history and spending patterns
- Membership renewal/churn indicators
- Behavioral data related to club activities
Important Note on Member Data: We process member data on behalf of our club customers, who remain the data controllers. Member data may include minors, and club customers are responsible for obtaining appropriate parental/guardian consent for processing of minor member data.
2.3 AI-Generated Insights and Analytics
As part of the Service, we use artificial intelligence to:
- Analyze member engagement patterns
- Generate churn prediction models
- Create personalized member retention recommendations
- Produce AI-powered analytics and dashboards
- Generate campaign suggestions and messaging recommendations
By using Corvus, you acknowledge that:
- Member data is processed by our AI systems (powered by Anthropic Claude)
- AI-generated insights are based on statistical analysis and predictive modeling
- Corvus does not guarantee prediction accuracy; we provide analytical tools to inform decision-making
- You are responsible for verifying recommendations before implementation
2.4 Usage and Technical Data
We automatically collect:
- Internet protocol (IP) address
- Browser type and version
- Device identifier and type
- Operating system and platform
- Access times and duration of visits
- Pages viewed and features accessed
- Clickstream data and navigation patterns
- Search queries within the Service
- Geographic location (based on IP)
We use cookies, web beacons, and similar tracking technologies to collect this data. These technologies help us understand user behavior, troubleshoot issues, and improve the Service.
2.5 Communications
We collect and retain:
- Email messages you send to our support team
- Chat conversations and support tickets
- Feedback, surveys, and feature requests
- Content of any inquiries or communications
3. How We Use Your Information
3.1 Service Delivery
We use your information to:
- Provide, maintain, and operate the Service
- Process your subscription, billing, and payments
- Generate analytics reports and insights
- Create dashboard visualizations and member intelligence tools
- Improve the Service and analytics (we do not use your member data to train AI models; Anthropic does not use API data for model training)
- Deliver customer support and resolve technical issues
3.2 Marketing and Communications
We use your information to:
- Send service announcements and product updates
- Deliver marketing communications (with your consent)
- Conduct surveys and gather feedback
- Create case studies and success stories (with permission)
- Personalize your experience and tailor recommendations
You may opt out of marketing communications at any time by clicking "Unsubscribe" in our emails or contacting us at [email protected].
3.3 Legal and Compliance
We use your information to:
- Comply with applicable laws, regulations, and legal processes
- Enforce our Terms of Service and other agreements
- Protect against fraud, security threats, and abuse
- Establish, exercise, or defend legal claims
- Cooperate with law enforcement and regulatory authorities
3.4 Aggregate and Anonymized Data
We may:
- Create anonymized, aggregated reports on industry trends
- Publish benchmarking data and anonymized insights
- Use aggregate data to improve the Service and develop new features
- Share anonymized insights with the club management industry
4. Legal Basis for Processing (GDPR)
For users in the European Union, United Kingdom, or other GDPR-compliant jurisdictions, we process personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Service delivery and account management | Performance of contract with you |
| Billing and payment processing | Performance of contract; Legal obligation |
| Technical support and troubleshooting | Performance of contract; Legitimate interest |
| Service improvement and analytics | Legitimate interest; Consent (for cookies) |
| Marketing communications | Consent; Legitimate interest |
| Legal compliance and fraud prevention | Legal obligation; Legitimate interest |
| AI model training (anonymized) | Legitimate interest; Consent |
5. How We Share Your Information
5.1 Service Providers
We share information with third-party service providers who assist with:
- Cloud hosting and infrastructure (AWS)
- Payment processing (Stripe, etc.)
- Email delivery and communication services
- Analytics and reporting tools
- AI/ML services (Anthropic Claude API)
- Security monitoring and fraud detection
- Customer support platforms
All service providers are contractually obligated to maintain data confidentiality and use data only for specified purposes.
5.2 Club Customers and Integrations
If you use integrations with third-party club management systems (e.g., Jonas Club Software), we share necessary data as:
- Your club administrator directs
- Required by the integration agreement
- Configured in your account settings
For Jonas Club Software or similar integrations, data shared includes member data, engagement metrics, and analytics (as configured).
5.3 Legal Requirements
We may disclose information when:
- Required by law, court order, or government request
- Necessary to enforce our Terms of Service
- Necessary to protect the rights, safety, or property of Corvus, our users, or the public
- To prevent fraud or security violations
5.4 Business Transfers
If Corvus is acquired, merges with another company, or undergoes a material change in business structure, your information may be transferred as part of that transaction. We will provide notice before such a transfer and will ensure the acquiring entity maintains similar privacy protections.
6. International Data Transfers
6.1 US-Based Processing
Corvus is based in the United States. When you provide information, it is transferred to and processed in the United States. By using Corvus, you consent to this transfer.
6.2 EU/UK Users (GDPR/UK GDPR)
If you are in the EU, UK, or EEA:
- We use Standard Contractual Clauses (SCCs) approved by the EU Commission to ensure adequate protection for data transferred outside the EEA
- You have the right to access, correct, delete, restrict, or port your personal data
- You have the right to withdraw consent at any time
- You have the right to lodge a complaint with your local data protection authority
7. Data Security
7.1 Security Measures
We employ industry-standard security measures to protect your information, including:
- Encryption in transit (TLS/SSL) and at rest
- Role-based access controls
- Regular security audits and penetration testing
- Secure password requirements (minimum 12 characters, complexity requirements)
- Multi-factor authentication (MFA) for admin accounts
- Activity logging and audit trails
- Restricted access to sensitive data
- Employee confidentiality and security training
7.2 No Absolute Guarantee
No method of electronic transmission or storage is 100% secure. While we implement reasonable security measures, we cannot guarantee absolute security. You are responsible for:
- Keeping your password confidential
- Protecting your account credentials
- Notifying us immediately of any unauthorized access
- Using strong, unique passwords
8. Data Retention
8.1 Account Data
We retain your account information as long as your account is active, or as required to fulfill contractual obligations. Upon account termination, we retain data for:
- Active Records: Retained during the service period
- Billing/Financial Records: 7 years (tax and legal compliance)
- Audit Logs: 2 years
- Support Records: 1 year after resolution
8.2 Club Member Data
We retain club member data:
- As long as you maintain an active subscription
- For a maximum of 90 days after account termination, unless you request earlier deletion
- Longer if required by applicable law or for legal/compliance purposes
8.3 Marketing Data
We retain marketing communications records:
- Until you unsubscribe
- 3 years for engagement metrics and campaign analytics
8.4 Deletion Requests
You may request deletion of your personal data at any time. Upon request, we will delete your data within 30 days, except where:
- Retention is required by law
- Data is needed to enforce agreements
- Data is part of audit or compliance records
- Deletion would prevent fraud detection
9. Your Rights and Controls
9.1 EU/UK GDPR Rights
If you are located in the EU, UK, or EEA, you have the right to:
Right to Access: Receive a copy of the personal data we hold about you, in a structured, commonly used, machine-readable format.
Right to Rectification: Have inaccurate or incomplete data corrected or supplemented.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal exceptions.
Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances.
Right to Data Portability: Receive your personal data in a portable format and transmit it to another service provider.
Right to Object: Object to processing of your data for marketing, profiling, or legitimate interests (with exceptions for contractual obligations).
Right to Withdraw Consent: Withdraw consent for data processing at any time, without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: File a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France, etc.).
9.2 California Consumer Privacy Act (CCPA) Rights
If you are a California resident, you have the right to:
Right to Know: Receive information about the personal information we collect, use, and share.
Right to Delete: Request deletion of personal information collected from you, with certain exceptions.
Right to Opt-Out: Opt out of the sale or sharing of your personal information (Corvus does NOT sell personal data).
Right to Correct: Request correction of inaccurate personal information.
Right to Limit: Limit our use of sensitive personal information.
Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.
9.3 Exercising Your Rights
To exercise any of these rights, contact us at:
Email: [email protected]
Mailing Address: 400 Ucceli Dr, Redwood City, CA 94063
Please include:
- Your full name
- Email address associated with your account
- Description of your request
- Verification information (password, last 4 digits of payment method, etc.)
We will respond within:
- 30 days for GDPR/UK GDPR requests
- 45 days for CCPA requests
If your request is complex, we may request additional information or extend the response period by up to 30 additional days (with notice).
10. Children and Minors
10.1 Account Users
The Service is not intended for users under 18 years of age. Corvus does not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided personal information, we will delete it promptly.
10.2 Club Member Data
Corvus acknowledges that club member data may include minors. Club customers are responsible for:
- Obtaining parental or guardian consent for processing of minor member data
- Complying with COPPA (Children's Online Privacy Protection Act) in the US
- Complying with GDPR Article 8 requirements (EU) or equivalent laws
- Maintaining records of consent
- Communicating privacy practices to parents/guardians
11. Cookies and Tracking Technologies
11.1 Types of Cookies
We use the following categories of cookies:
| Cookie Type | Purpose | Retention |
|---|---|---|
| Strictly Necessary | Authentication, security, basic functionality | Session or 12 months |
| Functional | Remember preferences, login information | 2 years |
| Performance/Analytics | Usage patterns, feature engagement | 12 months |
| Marketing | Track campaigns, measure ROI | 2 years |
| Third-Party | Google Analytics, social media pixels | Per provider policy |
11.2 Managing Cookies
You can control cookies through your browser settings:
- Most browsers allow you to refuse cookies or notify you when cookies are set
- You can delete existing cookies from your device
- Note: Disabling cookies may limit functionality of the Service
Visit www.allaboutcookies.org for instructions for your specific browser.
11.3 Google Analytics
We use Google Analytics to understand how users interact with the Service. Google may transfer this information to third parties as required by law or for service improvement purposes. Google will not associate your IP address with any other data held by Google.
Google Analytics Opt-Out:
- Install the Google Analytics Opt-Out Browser Add-on
- Adjust your browser's Do Not Track settings
12. Third-Party Links and Integrations
The Service may contain links to third-party websites, applications, and integrations (e.g., Jonas Club Software, CourtReserve, Anthropic, etc.). These third parties operate under their own privacy policies. Corvus is not responsible for:
- The content or accuracy of third-party sites
- Privacy practices of third parties
- Security of third-party platforms
We encourage you to review the privacy policies of any third-party services before providing information.
13. Contact Us and Data Protection
13.1 Privacy Inquiries
Email: [email protected]
Support: [email protected]
13.2 Data Protection Officer (DPO)
For GDPR-compliant jurisdictions, we have designated a Data Protection Officer.
DPO Contact: [email protected]
14. Data Processing Agreement (DPA)
For customers in the EU, UK, or Switzerland, a Data Processing Agreement is available upon request. The DPA outlines:
- The scope and nature of data processing
- Purpose and duration of processing
- Types of personal data and data subjects
- Our obligations as a data processor
- Data security and protection measures
- Subprocessor information
- Data subject rights and access procedures
To request a DPA: Email [email protected] with "DPA Request" in the subject line.
15. Privacy Policy Updates
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- Legal or regulatory requirements
- Technological advancements
- Industry best practices
Notification of Material Changes:
- We will notify you via email of material changes
- A prominent notice will appear on our website
- Material changes take effect 30 days after notification
- Your continued use of the Service constitutes acceptance of the updated policy
Last Updated: January 6, 2026
Policy Version: 2.0