Privacy Policy
Last updated: [DATE]
Draft, pending legal reviewThis policy explains how Nookyard (“we”, “us”) handles your personal data when you apply for and use membership. We aim to collect only what we need to run the club.
1. Who is responsible (controller)
The data controller is [COMPANY LEGAL NAME], [REGISTERED ADDRESS], registration number [REG NUMBER]. For any privacy question or to exercise your rights, contact privacy@nookyard.club.
2. What we collect
- Application data: your name, email, and the answer you submit when applying.
- Account & profile: email, display name, Google profile photo (shown to you and admins), bio, LinkedIn/website links, and, for founders/guests, a phone number.
- Coffee preferences: your drink, milk, and preferred time (operational, for the counter).
- Activity: reservations (day & slot), venue check-ins/presence (when you scan at the venue), and no-show records derived from reservations vs. presence.
- Technical: standard security signals from Firebase App Check / Google reCAPTCHA (see §5), and, only with your consent, analytics data (see §4).
- Anti-abuse (application form): when you submit the application form we store a hashed (pseudonymised) form of your IP address, never your raw IP, solely to rate-limit submissions and prevent spam/abuse (see §3 and §6).
3. Why we use it & legal bases
- To provide membership (accounts, reservations, check-in, the member directory shown to other members), performance of a contract (GDPR Art. 6(1)(b)).
- To run and protect the club (capacity, the no-show policy, anti-abuse/security, including rate-limiting the application form using a hashed IP address), our legitimate interests (Art. 6(1)(f)).
- Analytics (Microsoft Clarity, Google Analytics 4), your consent (Art. 6(1)(a)); you can withdraw it anytime.
4. Cookies & analytics
Essential storage (keeping you signed in, and remembering your cookie choice) is always active and needed for the site to work. Non-essential analytics load only after you accept in the cookie banner, you can change or withdraw your choice anytime via “Cookie settings” in the footer.
Microsoft Clarity includes session recording: with your consent it captures interactions (clicks, scrolls, mouse movement, page navigation) to produce heatmaps and replays that help us improve the site. It does not capture your passwords. Google Analytics 4 measures aggregate usage; we run it with Google Consent Mode (default denied, granted only on your acceptance) and IP anonymisation.
| Category | Purpose | Basis |
|---|---|---|
| Essential (auth/session, consent choice) | Sign-in, security, remember your cookie choice | Necessary / legitimate interest |
| Microsoft Clarity | Session replay & heatmaps | Consent |
| Google Analytics 4 | Aggregate usage analytics | Consent |
5. Who we share data with (processors)
We don’t sell your data. We use a small set of providers who process it on our behalf:
- Google Firebase (Authentication, Firestore, Hosting), core platform. Our database and functions run in europe-west1 (EU, Belgium). Google is a US company; international transfers rely on standard safeguards (EU Standard Contractual Clauses).
- Google reCAPTCHA (via Firebase App Check), security/anti-abuse, applied separately from analytics consent as a legitimate-interest security measure.
- EmailJS, sending transactional emails (e.g. your approval/first-login invite).
- Microsoft Clarity, analytics/session replay (only with consent).
- Google Analytics 4, analytics (only with consent).
- Stripe, payment processing. Used once paid memberships launch; not active for free/founder members today.
6. Retention & deletion
You can delete your account anytime from Settings. When you delete, we free your seat, cancel your upcoming reservations, and remove your personal profile data(name, profile email, phone, links, coffee preferences) and your sign-in account. For integrity we keep a minimal anonymised record (a “tombstone”) and your past activity is retained as anonymised history rather than erased instantly.
How long we keep things:
- Active members: for as long as your membership is active.
- Deleted accounts: the minimal tombstone is kept for up to 90 days, then hard-purged. This hard-purge is currently performed manually by an administrator on a periodic basis, there is no automated job yet.
- Applications not approved: kept until we’ve made the intake decision plus a short period, and removed within 90 days of that decision.
- Anti-abuse (rate-limiting) data: the hashed IP used to limit application submissions is transient, it applies within a short rolling window (about an hour for network-level limiting, 24 hours per email) and the underlying counters are cleared periodically (currently manually). We never store your raw IP address.
If you have an active paid subscription (once billing launches), deletion takes effect the day after your subscription ends; you keep access until then.
7. Your rights
Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests; where we rely on consent, you can withdraw it anytime (without affecting prior processing). Email privacy@nookyard.club. You may also lodge a complaint with the Romanian supervisory authority (ANSPDCP).
8. Changes
We may update this policy; material changes will be reflected here with a new date.