Privacy
The complete inventory of what we store about you, why we store it, and the button that erases it. The short version: your email, your saves, your votes, your reveals. No ads, no data sales, no profiling. Everything sits in the EU.DRAFT · NOT YET IN FORCE
Draft for review
Who is responsible.
[LEGAL ENTITY NAME] · [KVK NUMBER] · [REGISTERED ADDRESS, NETHERLANDS]
CONTACT · [email protected]
1. What we store, exactly. Reading Unbookable requires no account and stores nothing about you beyond the cookies listed in section 5. If you create an account, this is the complete list of what we hold:
That is the whole file. No real name required, no phone number, no address, no payment details (see section 6), no browsing profile attached to your identity.
2. Where it lives. Account data is stored with Supabase in the European Union (AWS region eu-west-1, Ireland). Row-level security restricts every account table so that only you (and our service role) can read your rows.
3. Analytics. We use PostHog on its EU infrastructure to understand which features are used: page views and product events such as saving a hotel, casting a vote, spending a reveal credit, or opening the sign-in page. Analytics runs only on the production site, and events carry categorical data (which feature, which property page) — never your email or any free-text you typed. We do not run ads, we do not sell or share data for advertising, and we do not profile you.
4. The newsletter is separate. Subscribing to the dispatch means giving your email to Buttondown, our newsletter provider, with a confirmation step (double opt-in). It works without an Unbookable account, and deleting your account does not unsubscribe you: every issue carries its own unsubscribe link. Buttondown is a United States provider; the transfer is covered by our agreement with them.
5. Cookies, all of them.
No advertising cookies, no cross-site trackers, no fingerprinting.
6. Payments (when the paid tier launches). The coming Pro subscription will be billed through RevenueCat and processed by Stripe. Card numbers go directly to Stripe and never touch our servers; we will hold only your subscription status (active or not) next to your account. This section becomes operative with the launch, and the policy will be updated before anyone is charged.
7. Processors. The short list of companies that touch data on our behalf, and why: Supabase (database and authentication, EU), Vercel (hosting and content delivery), PostHog (analytics, EU), Buttondown (newsletter delivery, US), Google (only if you choose Google sign-in), and our transactional email provider for sign-in codes. Each processes data only to provide its service to us.
8. How long we keep things. Account data: until you delete the account. The recently-viewed cookie expires on its own in your browser. Aggregated analytics are retained by our analytics provider under its configured retention and contain no account identity.
9. Your rights, including the actual delete button. Under the GDPR you can access, correct, export, object to, and erase your data. Erasure is self-serve: account menu → Delete account → confirm. It takes effect immediately and permanently removes your sign-in identity, saves, votes, credits, and reveal history from the live database (backups age out on a rolling schedule). For an export of your data, or anything else, email [email protected] and we will answer within a month. You can also complain to your local data protection authority; in the Netherlands that is the Autoriteit Persoonsgegevens.
10. Age. Unbookable accounts are not for children under 16. We do not knowingly hold data on anyone under 16; if that happens, we delete it.
11. Changes. When this policy changes materially, signed-in users get reasonable notice before the change applies. The effective date above tells you which version you are reading.
12. Contact. [email protected]. The Terms of Service live at unbookable.com/terms.