How we protect your community's member data — in plain language for boards and administrators.
Effective June 2026 · Version 2.0
Club Court Manager is built so each community's member data stays with that community. StoufferAI operates the platform; your tenant administrators control rosters, schedules, and settings for your club or HOA.
This statement describes our security practices. It supplements our Privacy Policy and Terms of Use — it does not replace them.
Every sensitive action passes through multiple independent controls. A failure in one layer does not by itself expose another community's data.
Each community is a separate tenant with its own branding and domain (e.g. yoursports.clubcourtmanager.com or a custom domain).
tenant_id in application codeCan access (their community only)
Cannot access
| Category | Examples | Purpose |
|---|---|---|
| Account & roster | Name, email, phone, address, ratings, status | Sign-in, booking, administration |
| Bookings | Courts, times, invites, messages | Scheduling and confirmations |
| Security | IP/time for terms & SMS consent; audit entries | Accountability and SMS compliance |
| Technical | Standard hosting logs | Reliability and abuse prevention |
We do not sell member data, use it for third-party advertising, or share data between unrelated communities. Payment cards are handled by Stripe; we do not store card numbers.
Members & roster (admin): roster viewed, CSV exported, member added, profile updated (field-level before/after), invites, roster actions (approve, suspend, remove from sport, admin role).
Member self-service: profile updated by member; court booking created, updated, or cancelled.
Schedule & operations: schedule blocks, admin booking cancellations, section and court-group changes, branding, profile rules, bulk email.
Not currently logged: every sign-in attempt, photo ID image views, or CLI roster imports.
Phone numbers and addresses are visible to verified tenant admins in the admin roster — they are not masked in the admin UI.
| Component | Provider |
|---|---|
| Hosting | Vercel |
| Database | Neon Postgres |
| Sessions & rate limits | Upstash Redis |
| Resend | |
| SMS | Twilio (optional) |
| Subscriptions | Stripe |
Our controls follow common practices (least privilege, audit trails, encryption in transit, rate limiting). Club Court Manager is not SOC 2 certified. We align with principles from frameworks such as OWASP and data minimization, but this is not a formal attestation.
If a security incident affects your community's data, we aim to notify affected customers within 72 hours of confirmed discovery, describe what occurred in plain language, and outline remediation steps.
Email support@stoufferai.com · Product site clubcourtmanager.com
Document version 2.0 · June 2026