ControleHQBack to home

Privacy Policy

ControleHQ Privacy Policy

ControleHQ Privacy Policy

Effective Date: March 3, 2026

Posted Date: March 3, 2026

I. Introduction

ControleHQ respects your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process information that identifies, relates to, or could reasonably be linked with an individual ("Personal Data") in connection with:

  • our websites and online properties (the "Site");
  • our ControleHQ platform, including the multi-tenant academy management application (dashboard, student portal, public pages, and related services).

This Policy does not cover how academy customers process Personal Data in their own operations. If you use ControleHQ through an academy (organization), that academy's privacy practices may also apply.

II. Our Roles & Responsibilities

When ControleHQ is a controller

We act as a controller for Personal Data we process for our own business purposes, such as Site operations, marketing, account administration, billing, and support.

When ControleHQ is a processor / service provider

We process Personal Data on behalf of academy customers (organizations) through the platform—e.g., students, instructors, staff, attendance, enrollments, waivers, and payments. In that context the academy is the controller and we act as a processor or service provider.

If you want to exercise rights relating to Personal Data an academy has provided to ControleHQ, please contact that academy first. If you contact us directly, we may request the academy name to route your request and assist where appropriate.

III. Personal Data We Collect and Sources

A. Information you provide to us

We may collect:

  • Contact and account data: name, email, organization, profile fields, and other data you or your academy provide
  • Billing and contracting data: billing contact, invoicing details, payment method tokens (processed by payment providers such as Stripe), and contract metadata
  • Support and communications: messages, tickets, and files you choose to upload

B. Information collected automatically from the Site

We may collect:

  • Device and usage data: IP address, browser type, pages viewed, referring page, approximate location derived from IP
  • Cookies and similar technologies: for essential functionality, analytics, and (if enabled) marketing

C. Information processed through the platform (on behalf of academies)

When academies use ControleHQ, we process data they provide or that is generated through the service, such as student and staff profiles, attendance, enrollments, belt/rank information, waivers, seminar registrations, and store orders. Authentication may be handled by identity providers (e.g., Auth0 by Okta). We process this data as instructed by the academy (controller).

D. Information from third parties

We may receive:

  • Identity and access data from Auth0 or other IdPs when you sign in
  • Payment confirmation data from payment processors (e.g., Stripe)
  • Business contact data from partners, events, or referrals

IV. How We Use Personal Data

We use Personal Data to:

  • Provide and operate the Site and the ControleHQ platform
  • Authenticate and administer accounts and organization access
  • Provide support and troubleshoot issues
  • Improve reliability and security, including detecting abuse, fraud, and security incidents
  • Communicate about service updates, security notices, and administrative messages
  • Marketing (where permitted): send product updates and event invitations (you can opt out)

V. How We Disclose Personal Data

We may disclose Personal Data to:

  • Service providers (hosting, analytics, support tooling, payment processors, identity providers) under contractual protections
  • Affiliates (if applicable) consistent with this Policy
  • Legal and safety purposes (to comply with law, protect rights, investigate abuse, respond to valid legal process)
  • Corporate transactions (merger, acquisition, financing, or asset sale), subject to appropriate safeguards

We do not sell Personal Data in the traditional sense. If certain cookie/advertising practices constitute "sharing" under applicable law, you can opt out as described below.

VI. Cookies and Tracking Choices

We use cookies and similar technologies for:

  • Essential functions (security, session management)
  • Analytics (understanding Site and product usage)
  • Marketing (where enabled)

You can control cookies through your browser settings and any cookie preference tools we provide.

VII. Security

We use administrative, technical, and organizational measures designed to protect Personal Data. No system is perfectly secure; you are responsible for safeguarding your credentials and your organization's use of the platform.

VIII. Data Retention

We retain Personal Data as long as necessary to provide the Site and platform, comply with legal obligations, resolve disputes, and enforce agreements. Retention may vary by data type and by our agreements with academy customers.

IX. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, object to, or restrict processing of your Personal Data, and to opt out of certain targeted advertising or cookie-based sharing.

To exercise rights, contact us using the details in How to Contact Us. If your request relates to an academy-controlled account, we may direct you to that academy.

X. International Transfers

We may process Personal Data in the United States and other countries where we or our service providers operate. We use appropriate safeguards for cross-border transfers where required.

XI. Children

The Site and services are not directed to children. We do not knowingly collect Personal Data from children under 16. Academies may collect information about minors (e.g., for kids programs) in accordance with their own policies and applicable law.

XII. California Privacy Notice (CCPA/CPRA)

This section applies to California residents and supplements the Privacy Policy.

A. Categories of Personal Information We Collect

In the preceding 12 months, we may have collected the following categories of personal information (as defined by the CCPA/CPRA), depending on how you interact with us:

  • Identifiers: name, email address, IP address, account identifiers
  • Customer records information: billing contact details, contract and account information
  • Commercial information: records of products or services purchased or considered
  • Internet or network activity: browsing and usage data on the Site and platform
  • Geolocation data: approximate location derived from IP address
  • Professional or employment information: organization name, role (if provided)

B. Purposes and Disclosure

We collect and use personal information for the business and commercial purposes described in this Policy. We may disclose it to service providers and as otherwise described in Section V.

C. Your California Privacy Rights

Subject to verification and applicable exceptions, California residents may have the right to know/access, delete, correct, opt out of sale/sharing, and non-discrimination. We do not sell personal information for money. To submit a request, contact us at the email in How to Contact Us.

XIII. How to Contact Us

Email: privacy@controlehq.com

Mailing Address: [Insert Address]

XIV. Changes to This Policy

We may update this Policy from time to time. We will update the Effective Date and may provide additional notice if changes are material.