1. Who We Are

This application is operated by the club administrator on behalf of an amateur radio club. The data controller is the club administrator. For questions about data held about you, or to make a request for access, correction, or deletion, contact the club administrator directly.

2. What Data We Collect and Why

We hold two categories of personal data about club members:

a) FCC ULS Public Record Data

The following fields are sourced from the Federal Communications Commission (FCC) Universal Licensing System (ULS) public database. This data is publicly available and is reproduced here for operational convenience only:

• Legal name (first and last)
• Amateur radio callsign
• Mailing address (street, city, state, postal code, country)
• License class (e.g., Technician, General, Amateur Extra)
• FCC Registration Number (FRN)
• License expiration date

Because this data originates from a public government record, deletion from this system does not remove it from the FCC ULS database or other republishers of that data.

b) Club-Provided Private Data

The following fields are collected directly by the club and are not derived from any public record:

• Email address (stored encrypted at rest)
• Phone number (stored encrypted at rest)
• Date of birth (stored encrypted at rest)
• Membership expiration date
• ARRL membership status and expiration date
• ARES membership status
• Membership type
• Signup date

Email addresses, phone numbers, and dates of birth are encrypted using AES-256-GCM before being stored in the database.

3. Who Can Access Your Data

Access to member data is controlled by role-based permissions:

• Superadmin and Admin users: full access to member records, audit logs, and system configuration.
• Club members with the members:read permission: read-only access to the member roster.
• Third-party SMTP provider: outbound emails are routed through a configured SMTP server. Only the intended recipient addresses and email content are transmitted — no other member data is shared with the SMTP provider.

No member data is sold or shared with external parties beyond the SMTP provider used for email delivery.

4. Data Retention

Member records are retained for as long as the membership is active and for a reasonable period thereafter. Records are deleted on request or when explicitly removed by an administrator.

System logs are subject to a configurable retention policy (default: 365 days):

• Audit log: records of system actions (logins, record changes). Retained for the configured window, then automatically deleted.
• Email send log: records of emails sent (recipient count, subject, timestamp — no email addresses are retained in the log). Retained for the configured window, then automatically deleted.
• Sessions: expired login sessions are automatically deleted on the nightly cleanup run.

5. Your Rights

Depending on your jurisdiction, you may have rights including the right to access, correct, or delete personal data held about you, or to receive a machine-readable export of your data (data portability).

To exercise any of these rights, contact the club administrator. Requests will be fulfilled within 30 days where feasible. Note that FCC ULS-sourced fields (name, callsign, address, license details) originate from a public government record and cannot be deleted from this system in isolation from their primary source at the FCC.

Authorized administrators can export all personal data held for a specific member via the member export endpoint. Members may request this export through the club administrator.

6. Contact

For any privacy-related questions or requests, contact the club administrator using the contact information provided in your club's membership materials.