Privacy Policy

Last updated: May 9, 2026

1. Information We Collect

We collect information you provide directly, including:

  • Account information (name, email, phone number, date of birth)
  • Profile information (photo, preferences)
  • Booking and transaction data (reservations, deposits, bottle preorders, order history, refunds)
  • Communications (in-app messages to venues, promoters, and other users — including any photos you attach to those messages — as well as support requests)
  • Promoter business information (only collected from users who opt in to promoter status): mailing address (for IRS Form 1099 issuance), payout bank account (last 4 stored, full number encrypted at rest), and partial Social Security number used for tax reporting and identity verification
  • Promoter contact lists (names and phone numbers of guests a promoter has chosen to save in the app for invitations and guest lists)
  • Identity verification data (front and back of a government-issued ID and a selfie used for age and identity verification). The extracted government ID number, document type, issuing jurisdiction, and date of birth are retained to satisfy regulatory record-keeping and for fraud prevention. The captured images themselves are processed for verification and are not retained beyond what is required for fraud prevention.
  • Push notification tokens (an anonymous device identifier issued by Apple Push Notification service or Firebase Cloud Messaging, used solely to deliver booking confirmations, message notifications, and other in-app alerts)
  • Payment information (card brand, last four digits, expiration — full card numbers are sent directly to our payment processor and are never stored on Nightkey servers)

We also automatically collect limited technical data: an anonymous device identifier (the push notification token issued by Apple Push Notification service) so we can deliver booking alerts, and the IP address attached to authentication and sensitive actions, which is retained in audit logs for fraud prevention and account security. We do not collect device location, and the app does not request location permission. We do not embed third-party analytics, advertising, or cross-application tracking SDKs.

2. How We Use Your Information

  • Process bookings and facilitate payments
  • Verify your identity and age
  • Communicate booking confirmations and updates
  • Connect you with venues and promoters
  • Improve and personalize the Service
  • Detect and prevent fraud
  • Comply with legal obligations

3. Information Sharing

We share your information with:

  • Venues— booking details and contact info for confirmed reservations
  • Promoters— limited info when you book through a referral link or are added to a promoter's contacts
  • QorCommerce— our payment processor; receives card details (for secure tokenization), transaction amounts, and merchant onboarding information for venues and promoters
  • AWS Rekognition and Google Cloud Vision — identity verification providers; ID images and selfies are sent for face matching and document scanning. These providers do not retain images beyond the API call.
  • Twilio— SMS delivery for one-time login codes and booking notifications
  • Apple Push Notification service and Firebase Cloud Messaging — via Expo, to deliver push notifications to your device
  • Supabase— our backend hosting and database provider, processing data on our behalf under a data-processing agreement
  • Law enforcement — when required by law or to protect safety

We do not sell your personal information to third parties, and we do not share data with third parties for cross-app or cross-website advertising.

4. Data Security

We use industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

5. Data Retention & Account Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service. You can delete your account at any time directly from the mobile app under Profile → Delete account.

When you delete your account, we immediately anonymize your profile (removing your name, phone, email, photo, and push token), cancel any future bookings, refund any unsettled deposits, and remove your authentication record. Messages you sent remain visible to other participants but are detached from your identity.

Certain records (transaction history, payout records, dispute evidence) are retained in anonymized or aggregated form for up to 7 years where required by law, for tax compliance, or for fraud prevention. Backups are purged on a rolling 30-day schedule.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Delete your account in-app at any time (Profile → Delete account), or request deletion by emailing us
  • Opt out of marketing communications
  • Data portability
  • Withdraw consent for data processing

California residents have additional rights under the CCPA, including the right to know what categories of personal information we collect and the right to opt out of any sale of personal information (we do not sell). To exercise any of these rights, contact us at privacy@nightkey.io.

7. Cookies

On the Nightkey web dashboard we use first-party cookies issued by our authentication provider (Supabase) to keep you signed in and to remember your selected club. We do not set advertising cookies, and we do not embed third-party tracking pixels. The mobile app does not use cookies. You can clear cookies at any time through your browser; doing so will sign you out.

8. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9. Children's Privacy

The Service is not intended for users under 21 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy, contact us at privacy@nightkey.io.