Privacy Policy
Last updated: March 2, 2026
1. Introduction
DuesSync (“we,” “us,” or “our”) operates a dues collection and management platform for Knights of Columbus councils. This Privacy Policy explains what information we collect, how we use it, with whom we share it, how it is disclosed, and the security practices we employ to protect it.
By using DuesSync — whether as a council administrator or as a member making a payment — you agree to the practices described in this policy.
2. Information We Collect
Council Administrator Information
- Name and email address (collected via Clerk authentication)
- Council name, number, state, and district
- Stripe connected account identifiers for payment processing
- Communication preferences and workflow configuration settings
Member Information
Council administrators import and manage member records on behalf of their councils. This data includes:
- Full name, membership number, and membership class
- Mailing address, email address, and phone number
- Dues balance, billing status, and payment history
- Stripe customer identifiers created during payment processing
Member Accounts
Council administrators may invite individual members to create a DuesSync account. When a member accepts an invitation and signs in, we collect:
- Email address and name (provided during account creation via Clerk)
- Sign-in timestamps and session IP addresses
Last sign-in date and IP address are visible to the council’s Financial Secretary within DuesSync for account verification purposes. Members may contact their council’s Financial Secretary to request account removal.
Payment Information
DuesSync does not store full payment card numbers or bank account numbers. Payments are processed by Stripe, which collects and stores payment method details directly on their platform under their own privacy policy. We receive and store only payment confirmation data (amount, date, Stripe transaction ID).
Automatically Collected Data
- Usage logs for audit and activity history within the platform
- Timestamps and status changes associated with dues notices and payments
- Sign-in timestamps and IP addresses for authenticated member and administrator sessions, managed by Clerk
3. How We Use the Information
- To operate the dues collection and management platform
- To generate, send, and track dues notices on behalf of councils
- To process dues payments via Stripe
- To maintain billing status records and payment history for members
- To authenticate council administrators and members, and protect account access
- To display sign-in history (date and IP address) to authorized council administrators for account verification purposes
- To communicate platform updates or support information to administrators
We do not sell member data to third parties. We do not use member information for marketing purposes unrelated to the council’s dues collection workflow.
4. How We Share the Information
We share information only with the service providers necessary to operate the platform:
Stripe
Payment processing. Member names, email addresses, and payment amounts are transmitted to Stripe to create customers and process payments. Stripe is PCI-DSS compliant. Stripe’s privacy policy is available at stripe.com/privacy.
Resend
Transactional email delivery. Member email addresses and the content of dues notices are transmitted to Resend when sending emails on behalf of a council.
Twilio
SMS delivery. Member phone numbers and notice content are transmitted to Twilio when SMS notices are enabled by the council.
Supabase
Cloud database hosting. All platform data is stored in a PostgreSQL database hosted on Supabase in the United States.
Clerk
Authentication. Email addresses, session data, sign-in timestamps, and IP addresses for council administrators and invited members are managed by Clerk. Clerk’s privacy policy is available at clerk.com/privacy.
We may disclose information if required by law or in response to a valid legal process (such as a court order or subpoena).
5. Method of Disclosure
Data is transmitted to the third-party providers listed above exclusively over encrypted HTTPS connections. No personal data is transmitted via unencrypted channels. Email and SMS notices sent to members are dispatched through Resend and Twilio respectively using authenticated API connections.
6. Security
We employ the following practices to safeguard information:
- All data in transit is encrypted using TLS (HTTPS)
- Database credentials and API keys are stored as encrypted environment variables and never exposed in source code
- Any links used to access member payment pages are tokenized and time-limited when applicable
- Administrator access is protected by Clerk-managed authentication with session management
- Payment card and bank account data is never stored on DuesSync servers — it is handled exclusively by Stripe’s PCI-DSS certified infrastructure
- Database access is restricted to application servers via connection pooling with credential-based authentication
No system is completely secure. If you believe there has been a security incident involving your data, please contact us immediately.
7. Data Retention
Member and payment records are retained for the duration of the council’s active subscription and for a reasonable period thereafter to meet record-keeping obligations. Councils may request deletion of their data by contacting us.
8. Your Rights
Council members whose information has been entered by a council administrator may contact their council directly to request access, correction, or deletion of their personal information. Council administrators may contact us to exercise rights over their organization’s data.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of DuesSync after changes are posted constitutes acceptance of the revised policy.
10. Contact
For questions or concerns about this Privacy Policy or your data, contact us at:
DuesSync
privacy@duessync.com