We have chosen to outsource essentially all our day-to-day operations software to a pair of international cloud based software as a service companies. 

Approach licences us a gym operation platform. This is the software Confluence staff use at the front desk and users interact directly with when they buy memberships online or fill out waivers on onsite using the kiosk app. Consequently, no customer data resides on premises in the gym, or in fact on any computer owned by Confluence. Instead the data resides in the cloud on servers administered by Tilefive. 

Similarly, we licence our payment processing software from Adyen. When you use a credit card to buy a pass, membership or merchandise it is Adyen that processes the transaction. It is Adyen that manages the process of renewing your monthly membership. A complex  cryptographic process enables their software (like all modern financial software running in the cloud) to charge your credit card without Confluence Climbing or Approach holding the actual credit card number.

Chris and Mathew have chosen to set up our software this way because it greatly reduces the need for us to store your personal information. If one of our computers is hacked, or physically stolen, or a backup tape is stolen, your data is safe. On the other hand, your private data is in the hands of large, sophisticated, cloud based software companies and hence subject to their data privacy policies:

Payment processor Adyen data processing agreement: https://www.adyen.com/legal/data-processing-agreement

Tilefive/Approach End User Licence Agreement: https://www.approach.app/eula

PDF describing Approach’s  data privacy policy: Privacy Policy for Approach Software

If you want to read up on the behaviour of some large, sophisticated cloud based software companies with respect to your data privacy we’d suggest The Age of Surveillance Capitalism, by Shoshana Zuboff