Digital membership cards in nonprofits convenience vs privacy trade offs?

Many non-profits have begun to utilize mobile digital membership cards, whether by the use of mobile wallets like Apple Wallet or through other methods. The operational benefits of these types of systems seem clear decreased printing costs; simplified member access/benefit distribution; and the ability for member information/access to be updated in real-time; amongst others.

However, I’m most interested in what the privacy implications are when using these types of systems. I have seen many non-profits that utilize third-party digital membership platforms like Membership Anywhere to manage digital membership cards as well as CRM synchronization and wallet integration. While this creates an easier method for deploying digital memberships, the downside is member information is transferred between multiple systems.

Some of the features that many non-profits provide include usage tracking, QR code-based validation, and location-based access control. These features may provide value to members, but they could also create privacy risks with the data collected for these features.

I’m particularly curious how such setups handle:

1. Data minimization (what data is actually necessary?)
2. Third-party data sharing between platforms and wallet providers
3. Retention policies for member activity and logs

Are there privacy-focused approaches or best practices nonprofits should follow when implementing digital membership cards via third-party providers?

Would appreciate insights from anyone who has evaluated these systems from a privacy or security perspective.