Privacy Policy

GreekManage ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, how we share it, and the rights you have regarding your information when you use the GreekManage platform (the "Service").

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including:

• Account information: name, email address, phone number, password (hashed), and profile information
• Membership details: chapter affiliation, role, fraternal/Greek member name, membership status, crossing date, big/little relationships
• Profile enrichment: academic information (GPA, major, graduation year), work history, certifications, skills — when you provide these or link external accounts
• Communications: messages you send through the platform (direct messages, forum posts, comments, announcements, support requests)
• Payment information: if applicable, billing contact information (full card details are handled by our PCI-compliant payment processor and are not stored by us)
• Uploaded content: photos, documents, files, and other content you upload

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data: pages visited, features used, timestamps, actions taken
• Device information: device type, operating system, browser type and version, IP address, unique device identifiers
• Log data: server logs, error reports, performance metrics
• Cookies and similar technologies: see the Cookies section below

1.3 Information from Third Parties

If you link external accounts (e.g., Google, Microsoft, LinkedIn, SAML identity providers), we receive profile information as authorized by you. Your organization's administrator may also provide or update your membership information.

2. How We Use Information

We use your information to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Authenticate you and secure your account
• Send transactional communications (account verification, password resets, security alerts)
• Send organizational communications from your chapter or national organization (announcements, compliance reminders, event invitations) based on your preferences
• Enable features like messaging, forums, and photo sharing with your chapter and organization
• Process payments for subscriptions and services
• Analyze usage to improve the platform and detect abuse
• Comply with legal obligations, resolve disputes, and enforce our Terms
• Provide AI-powered features (e.g., document search, chatbot assistance, content recommendations) when your organization enables them

3. Email Communications

3.1 Transactional Email

We send transactional emails necessary for the Service, such as account verification, password resets, and critical security notifications. These cannot be disabled while your account is active.

3.2 Organizational Email

Your chapter, organization, or officers may send messages through the Service. You can control which non-essential emails you receive in your account settings.

3.3 Opt-Out

Every non-transactional email includes a one-click unsubscribe link. You can also manage all email preferences in your account settings.

3.4 No Marketing to Third Parties

We do not sell, rent, or share your contact information with third parties for marketing purposes.

4. How We Share Information

4.1 With Your Organization

Your personal information, membership data, and platform activity are visible to authorized administrators of your organization (national admins, regional admins, chapter officers) as required for membership management, compliance, and organizational operations. Your privacy settings control what other members see.

4.2 With Other Members

Certain information (name, profile photo, basic role, public posts, photos you share) is visible to other members of your chapter or organization. You can control visibility in your privacy settings. Alumni users have additional privacy controls in the Alumni Engagement module.

4.3 With Service Providers

We share information with trusted third-party service providers who process it on our behalf, including:

• Cloud infrastructure: Amazon Web Services (hosting, storage, databases)
• Email delivery: Amazon SES, SendGrid, or other configured email providers
• Payment processing: Stripe, Braintree, or other payment processors configured by your organization
• AI providers: Anthropic, OpenAI, Google — when your organization has enabled AI features
• Analytics and error tracking: tools that help us monitor and improve platform reliability
• Identity providers: Google, Microsoft, and other SAML/OAuth providers if you use single sign-on

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.4 Legal Compliance

We may disclose information when required by law, regulation, legal process, or government request, or when necessary to protect the rights, property, or safety of GreekManage, our users, or others.

4.5 Business Transfers

If GreekManage is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Active accounts: retained as long as the account exists
• Deleted accounts: soft-deleted for a 30-day grace period to allow recovery, then permanently anonymized or removed (except where retention is legally required)
• Audit logs: retained per your organization's configured retention policy (typically 1-7 years)
• Backups: encrypted backups retained on a rolling basis per our backup retention schedule, then purged

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the information we hold about you
• Correction: request that we correct inaccurate information
• Deletion: request deletion of your account and associated personal data
• Portability: receive your data in a machine-readable format (available via the Data Export feature in account settings)
• Restriction: ask us to restrict processing of your data in certain circumstances
• Objection: object to certain types of processing
• Withdraw consent: where processing is based on consent, withdraw it at any time

You can exercise most rights directly through your account settings. For other requests, contact privacy@greekmanage.com. We will respond within the timeframes required by applicable law (typically within 30 days).

7. California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect, the right to delete, the right to opt-out of sale (we do not sell personal information), and the right to non-discrimination for exercising these rights. To exercise these rights, contact privacy@greekmanage.com.

8. European Residents (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation. Our lawful bases for processing include contract performance (to provide the Service), legitimate interests (platform security, improvements, fraud prevention), consent (for optional features), and legal compliance. You have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Row-level security (RLS) to enforce data isolation between organizations
• Regular security scanning (SAST, DAST, dependency, container)
• Access controls and role-based permissions
• Audit logging of sensitive operations
• Regular backups with tested recovery procedures
• Optional biometric authentication and multi-factor login

No system is perfectly secure. Report security concerns to security@greekmanage.com.

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact privacy@greekmanage.com and we will delete it promptly.

11. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: secure session cookies (HTTP-only, secure flag)
• Preferences: remembering your settings
• Security: CSRF protection and fraud prevention
• Analytics: understanding feature usage to improve the platform

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using core features.

12. International Data Transfers

Your information may be processed in the United States and other countries where we or our service providers operate. We use appropriate safeguards (such as Standard Contractual Clauses) for international transfers as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or through the Service at least thirty (30) days before taking effect. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

For questions about this Privacy Policy or our data practices:

GreekManage
Privacy: privacy@greekmanage.com
Security: security@greekmanage.com
Support: support@greekmanage.com
23676 Everett Valley Drive
Aldie, Virginia 20105
United States

---

See also our Terms of Service.