8.1.6 Data privacy and your bowler records
Data privacy and your bowler records
8.1.6 account
Spectre Cloud stores detailed personal and fitting information about your bowlers — names, contact details, hand measurements, and drilling histories. As the operator of a pro shop account, you are responsible for how that data is collected, used, and protected. This page explains what data Spectre Cloud holds, how it is protected at the platform level, and what responsibilities sit with you as the shop operator when it comes to the bowlers whose records you manage.
📋 What Personal Data Spectre Cloud Stores
Spectre Cloud holds two categories of bowler data on your behalf: identifying information and fitting data. The distinction matters because the two categories carry different sensitivity levels and may be subject to different privacy obligations depending on your region.
Identifying information
- ✅ Full name
- ✅ Phone number and email address
- ✅ Physical address (Bowler Plus plugin only)
- ✅ Consent signatures (Bowler Plus plugin only)
- ✅ Hand photographs (Bowler Plus plugin only)
Fitting data
- ✅ Hand measurements — finger sizes, joint distances, span values
- ✅ Pitch and oval specifications across all spec sheets
- ✅ Ball and layout history via the Arsenal
- ✅ Notes entered by staff about the bowler's preferences and physical considerations
📌 Note: Fitting data is less likely to be considered sensitive personal data under most privacy frameworks, but it is still personal data — it relates to a specific identifiable individual and should be treated with the same care as contact information.
☁️ How Spectre Cloud Protects Your Data
Spectre Cloud is a cloud-based platform operated by BowlDevs. Data protection at the platform level includes:
- ✅ Encrypted data transmission — all data sent between your device and Spectre Cloud's servers is encrypted in transit using industry-standard protocols.
- ✅ Secure cloud storage — bowler records and spec sheets are stored on cloud infrastructure with access controls restricting who can read or modify the underlying data.
- ✅ Account-level access control — only users logged into your account can access your shop's bowler records. Spectre Cloud does not share your bowler data with other shops or third parties outside the platform's normal operation.
- ✅ Inactive account read-only access — if your subscription lapses, your data remains accessible in read-only mode rather than being immediately deleted, giving you time to export records if needed.
⚠️ Verify with Spectre team: Confirm the specific data protection measures in place at the infrastructure level — encryption standards, cloud hosting provider, data residency, and backup policy — so this section can be updated with accurate technical details rather than general statements.
🏢 Your Responsibilities as the Shop Operator
Spectre Cloud provides the platform and its security. What happens with bowler data at the shop level — how it is collected, whether bowlers are informed, and how long it is retained — is the responsibility of the shop operator. Privacy laws vary significantly by country and region, but the following principles apply broadly and represent good practice regardless of jurisdiction.
Inform bowlers that their data is being recorded
Most privacy frameworks require that individuals know when their personal data is being collected and stored. In a pro shop context, this typically means telling a new bowler that their measurements and contact details will be saved in your shop's system. A brief verbal disclosure at the start of a fitting — "we keep your measurements on file so we can reference them for future visits" — satisfies this in most casual contexts. For shops that want a more formal record, the Bowler Plus plugin's consent signature feature provides a structured way to capture and store acknowledgement.
- ✅ Tell new bowlers that their fitting data is stored digitally in your shop management system.
- ✅ Explain the primary purpose — accurate fitting records and service history — rather than presenting it as data collection for its own sake.
- ✅ If your region requires written consent for storing personal data, use the Bowler Plus consent signature feature to capture it at the time of the first fitting.
Only collect data you actually need
The data minimisation principle — collecting only what is necessary for the purpose — is a cornerstone of most privacy frameworks and good practice regardless of legal requirement. In Spectre Cloud, this means:
- ✅ Record contact information if you use it — for ball-ready notifications, appointment reminders, or follow-up. Do not collect it by default if you will not use it.
- ✅ Use the Notes field for fitting-relevant information only — not for personal observations unrelated to the fitting relationship.
- ✅ If a bowler asks what information you hold about them, you should be able to show them everything in their profile and spec sheet history without encountering entries you would be uncomfortable explaining.
Respond to bowler requests about their data
In many jurisdictions, individuals have the right to request access to their personal data, ask for corrections, or request deletion. If a bowler makes such a request:
- ✅ Access requests — open the bowler's profile and spec sheet history in Spectre Cloud. The record is comprehensive and exportable as printed or PDF spec sheets.
- ✅ Correction requests — update the bowler's profile, contact details, or notes fields directly. Spec sheet measurement values can also be corrected if they were entered in error.
- ✅ Deletion requests — Spectre Cloud allows bowler profiles to be deleted. Before deleting, confirm the request is genuine and note that deletion is permanent — the spec sheet history associated with that profile is removed along with the profile itself.
⚠️ Verify with Spectre team: Confirm whether deleting a bowler profile also permanently deletes all associated spec sheets and Arsenal entries, or whether any records are retained at the platform level after a profile deletion. This is important for accurately advising bowlers on what a deletion request entails.
Protect access to the account
The most direct threat to bowler data privacy is unauthorised access to your Spectre Cloud account. Shop-level access control is the operator's responsibility:
- ✅ Use a strong, unique password for the account owner login — see section 8.1.3 for password guidance.
- ✅ Give staff members their own user accounts rather than sharing the account owner's credentials — individual accounts can be deactivated when a staff member leaves without requiring a password change.
- ✅ Deactivate departing staff members' user accounts promptly — a former employee who can still log into your shop's Spectre Cloud account has access to your entire bowler database.
- ✅ Do not leave a device logged into Spectre Cloud unattended in a publicly accessible area of the shop — a customer browsing an unattended tablet at the counter has access to every bowler profile in your system.
🌍 Regional Privacy Considerations
Privacy obligations vary by country and region. The following frameworks are relevant for the majority of Spectre Cloud's user base — but local legal requirements should always take precedence over general guidance, and shops with significant data holdings or uncertainty about their obligations should seek local legal advice.
| Region | Relevant framework | Key consideration for pro shops |
|---|---|---|
| European Union and EEA | GDPR (General Data Protection Regulation) | Explicit lawful basis required for storing personal data; right to erasure applies; data processor agreements may be needed with Spectre Cloud as a platform provider |
| United Kingdom | UK GDPR and Data Protection Act 2018 | Substantially similar to EU GDPR; ICO registration may be required depending on shop size and data volume |
| Canada | PIPEDA (or provincial equivalents) | Consent required for collection and use of personal information; individuals have right of access and correction |
| United States | Varies by state — CCPA in California; other states have emerging frameworks | No federal standard; California shops serving California residents should be aware of CCPA obligations; broader US shops should monitor state-level developments |
| Australia | Privacy Act 1988 and Australian Privacy Principles | Obligations apply to businesses with turnover above AUD $3M; smaller businesses may be exempt but good practice still applies |
📌 Note: This table is a general orientation, not legal advice. Privacy law changes frequently and the applicability of specific frameworks to a given shop depends on factors including business size, the nationality of bowlers whose data is stored, and how data is used. If you are uncertain about your obligations, consult a local legal adviser rather than relying on this page alone.
🔄 Data Retention — How Long to Keep Bowler Records
Spectre Cloud does not impose an automatic data retention limit — bowler records are kept indefinitely unless you delete them. How long to keep records is a business decision, balanced against privacy considerations:
- ✅ Active bowlers — retain records indefinitely. The spec sheet history is operationally valuable and there is no privacy reason to delete records for bowlers who continue to visit your shop.
- ✅ Inactive bowlers — consider a retention policy for bowlers who have not visited in several years. A record that has not been accessed in five years has diminishing operational value and accumulating privacy risk.
- ✅ Deceased bowlers — retain or delete based on the family's wishes if contacted, and local legal requirements. Spec sheet history for a deceased bowler has no operational use and may be worth removing from the active system.
- ❌ Do not delete bowler records as a default response to any privacy enquiry before confirming the bowler's specific request — a bowler asking what data you hold is not the same as a bowler asking you to delete it.
Related Sections
- 8.1.3 — Changing your password
- 8.1.4 — Managing notification preferences
- 8.1.5 — Managing staff access and user accounts
- 03.x — Bowlers (Clients): managing and deleting bowler profiles
- 01.x — Getting Started: setting up your account and initial configuration
✨ Tip: The simplest privacy posture for a pro shop is also the most practical one — collect what you need to serve the bowler well, tell them you are doing it, keep it secure, and delete it when it is no longer useful. A shop that operates on those four principles will satisfy the spirit of most privacy frameworks and build the kind of trust with bowlers that keeps them coming back.