← Back to home

Privacy Policy

Last updated: June 2026. This document describes how Same Same Club processes your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data controller

The data controller is the publisher of the Same Same Club website and service (hereinafter "we"). For any question regarding your data: [email protected].

2. Data we collect

  • Account and authentication: email address, account identifier (provided by our authentication provider), and optionally a display name if you choose to provide one.
  • Sign-up questionnaire: answers to the questions asked during onboarding (including preferences, city or cities, and information you choose to share to help form dinner groups).
  • Bookings and payments: data needed to process bookings and payments (amounts, transaction references) via our payment provider; we do not store your full card numbers.
  • Phone and SMS: mobile number if you provide it; separate consent timestamps for booking-related SMS (reminders, location, day-of) and for marketing SMS (upcoming dinners, news); an unsubscribe timestamp for marketing SMS where applicable.
  • Technical data: limited technical logs (IP address, browser type, timestamp) when necessary for the security and proper functioning of the service.

3. Purposes and legal bases

  • Performance of the contract / pre-contractual steps: account creation, organising dinners, group matching, and managing bookings.
  • Legal obligations: retention of certain data where required by law (e.g. accounting records related to payments).
  • Legitimate interest: service security, abuse prevention, and improving the user experience, while respecting your rights.
  • Consent: where required (e.g. non-essential marketing communications by email or SMS, non-strictly-necessary cookies) — you can withdraw it at any time from your profile or via the unsubscribe links.

4. Recipients and processors

Your data is processed by us and, where applicable, by providers acting on our instructions:

  • Hosting and database (e.g. Supabase) — data hosted in the European Union when that option is selected for the project.
  • Payment (e.g. Stripe) — transaction processing; the provider's privacy policy applies to the data it processes as an independent controller for certain operations.
  • Application hosting (e.g. Railway, Europe / Netherlands region) — execution of the code and related services.
  • SMS delivery (e.g. OVHcloud) — when you have consented to receive SMS; the provider acts as a processor on our instructions.

We do not sell your personal data. Any transfer outside the EU is governed by appropriate safeguards (such as the European Commission's standard contractual clauses) where applicable.

5. Retention period

Data is kept for as long as necessary for the purposes above, then archived or deleted in line with our legal obligations. For inactive accounts: deletion or anonymisation after a reasonable period defined internally and communicated on request.

6. Your rights (GDPR)

You have, in particular, the following rights:

  • the right of access and rectification;
  • the right to erasure ("right to be forgotten"), within the limits set by law;
  • the right to restriction of processing;
  • the right to object to processing based on legitimate interest;
  • the right to data portability where processing is automated and based on the contract or consent;
  • the right to withdraw your consent at any time where processing is based on consent;
  • the right to lodge a complaint with your local data protection authority (in France, the CNIL: www.cnil.fr).

To exercise your rights: [email protected]. We may ask for proof of identity in case of reasonable doubt.

7. Cookies and trackers

We use cookies and similar technologies strictly necessary for the operation of the site (session, security). If we deploy analytics or advertising cookies, a consent banner compliant with applicable guidelines will be put in place and this policy will be updated.

8. Security

We implement appropriate technical and organisational measures (restricted access, encryption in transit, secure development practices) to protect your data against loss, unauthorised access, or disclosure.

9. Minors

The service is intended for adults with the legal capacity to enter into a contract. We do not knowingly collect data concerning minors without the consent of the holder of parental authority where the law requires it.

10. Changes

We may update this policy. The "last updated" date at the top of the page will be revised; in the event of a substantial change, we will inform you by an appropriate means (email or a banner on the site).