Back to home

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: April 1, 2025

Greekly, Inc. ("Greekly," "we," "us," or "our") operates the Greekly platform (the "Service"), a chapter management solution for Greek-letter organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use the Service. Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account, accept a chapter invitation, or otherwise interact with the Service, we may collect:

  • Full name and display name
  • Email address
  • Phone number
  • Profile photograph
  • Chapter affiliation, member role, and graduation year
  • Billing and payment information (processed and stored by Stripe; we do not store full payment card numbers)
  • Any other information you voluntarily provide through the Service (e.g., messages, event RSVPs, uploaded files)

1.2 Usage Data

We automatically collect certain information when you access or use the Service, including:

  • IP address and approximate geolocation
  • Browser type, version, and language preference
  • Operating system and device type
  • Pages viewed, features used, and time spent on each page
  • Referring URL and exit pages
  • Date and time stamps of access

1.3 Cookies and Similar Technologies

We use strictly essential cookies for authentication and session management. We do not use third-party advertising or behavioral tracking cookies. For full details, please see our Cookie Policy.

1.4 Device Information

We may collect device-specific information such as hardware model, unique device identifiers, mobile network information, and operating system version to ensure compatibility and improve service performance.

2. Legal Basis for Processing

We process your personal data under one or more of the following legal bases, as applicable under the General Data Protection Regulation (GDPR) or equivalent legislation:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose (e.g., receiving optional notifications).
  • Contract Performance:Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract (e.g., providing the Service under your chapter's subscription).
  • Legitimate Interest: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights (e.g., fraud prevention, service improvement, security).
  • Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g., tax records, law enforcement requests).

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate users and secure accounts
  • Process transactions and send related billing information
  • Send transactional communications (invitations, password resets, notifications)
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage trends to improve the Service
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations and enforce our Terms of Service

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Within Your Chapter: Other members of your chapter may view your name, profile photo, role, and other information necessary for the Service to function.
  • Service Providers: We engage trusted third-party processors who assist in operating the Service (see Section 8 below).
  • Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice before your information becomes subject to a different privacy policy.

5. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
  • Right to Object: You may object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

To exercise any of these rights, please contact us at privacy@greekly.org. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

6. Your Rights Under the CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request the deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge different prices, or provide a different quality of service because you exercised your rights.

To submit a CCPA request, email us at privacy@greekly.org or use the privacy settings in your account dashboard. We will verify your identity before processing your request and respond within 45 days.

7. California "Do Not Sell My Personal Information"

Greekly does not sell, and has not sold in the preceding twelve (12) months, the personal information of its users to third parties for monetary or other valuable consideration. We do not engage in the sale of personal information as defined under the CCPA/CPRA.

8. Third-Party Service Providers

We use the following third-party processors to operate the Service. Each provider is contractually bound to process your data only as instructed by us and in accordance with this Privacy Policy:

  • Vercel: Application hosting and edge network delivery.
  • Neon (PostgreSQL): Cloud-hosted database for storing application data.
  • Cloudflare R2: Object storage for user-uploaded files and media.
  • Stripe: Payment processing and subscription billing. Stripe may collect and process payment card data subject to its own privacy policy.

9. Student Data and FERPA

Greekly is not an educational institution and does not maintain "education records" as defined under the Family Educational Rights and Privacy Act (FERPA). However, we recognize that our users are primarily college students and that some information provided to the Service may overlap with data maintained by educational institutions. Greekly does not act as a "school official" under FERPA and does not access student education records from any university or college. We encourage chapters to avoid uploading information that constitutes protected education records (e.g., transcripts or academic records) to the Service. If you believe that protected education records have been uploaded to Greekly, please contact us immediately at privacy@greekly.org.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods are as follows:

  • Active Accounts:We retain your personal data for the duration of your active account and your chapter's active subscription.
  • Account Deletion Requests: Upon receipt of a valid deletion request, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law.
  • Backups: Encrypted backup copies of data may persist in our systems for up to ninety (90) days after deletion from production systems, after which they are permanently purged.
  • Billing Records: Transaction and billing records are retained for seven (7) years to comply with tax and financial reporting obligations.
  • Anonymized Data: Aggregated, de-identified data that cannot reasonably be used to identify you may be retained indefinitely for analytics and service improvement.

11. International Data Transfers

Greekly is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. Where required by applicable law (e.g., GDPR), we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of your data.

12. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Password hashing using bcrypt with appropriate work factors
  • Role-based access controls and principle of least privilege
  • Regular security assessments and monitoring

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by the GDPR, where applicable.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • Comply with applicable U.S. state data breach notification laws, which generally require notification within a reasonable time (typically 30 to 60 days, depending on the jurisdiction).
  • Document the breach, its effects, and the remedial actions taken.

14. Children's Privacy (COPPA)

The Service is intended solely for individuals who are eighteen (18) years of age or older. We do not knowingly collect personal information from children under the age of thirteen (13) as defined by the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@greekly.org.

15. Cookies

We use strictly essential cookies required for the Service to function. We do not use advertising or third-party tracking cookies. For complete information about the cookies we use and how to manage them, please see our Cookie Policy.

16. How to Exercise Your Rights

You may exercise your privacy rights in two ways:

  • In-App Settings: Access your account settings to download your data, update your personal information, or delete your account.
  • Email: Submit a request to privacy@greekly.org. Please include your full name, email address associated with your account, and a description of the right you wish to exercise. We may request additional information to verify your identity.

We will acknowledge receipt of your request within five (5) business days and will respond substantively within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA).

17. Data Protection Officer

We have designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices. You may contact our DPO at:

Data Protection Officer
Greekly, Inc.
Email: dpo@greekly.org

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will provide notice of material changes by posting the updated policy on the Service with a revised "Last Updated" date and, where required by law or where changes are material, by sending you an email or in-app notification at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

19. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Greekly, Inc.
Email: privacy@greekly.org
Website: greekly.org/contact

You may also review our Terms of Service and Cookie Policy for additional information about your use of the Service.