Privacy Policy

1. Data We Collect

We collect your name, email address, and member number when you join the lounge. We also record token transaction history for accounting and service purposes.

2. How We Use Your Data

Your data is used solely to operate the lounge token system: processing top-ups, recording purchases, and managing your account. We do not sell or share your data with third parties.

3. Payment Processing

Payments are processed securely through Stripe. We do not store your card details. Stripe's privacy policy applies to payment information.

4. Data Retention

We retain your data for as long as your account is active. Inactive accounts (no activity for 2+ years with zero balance) may be removed through our GDPR cleanup process.

5. Your Rights (GDPR)

You have the right to access, correct, or request deletion of your personal data. Contact the lounge administrator to exercise these rights.

6. Security

We implement industry-standard security measures including encrypted passwords, CSRF protection, rate-limited login endpoints, and parameterised database queries. Access to administrative systems is restricted to authorised personnel only.