Privacy Policy

How [Your business name] ("we", "us") handles your personal data in connection with the Bring a Local service.

1. Who we are

[Your business name], established at [Your registered address], contactable at [Your contact email], VAT number , company registration . We are the controller of your personal data under the GDPR.

2. What data we collect and why

Visitors to the public landing page

• Standard server log information (IP address, browser type, page accessed) kept briefly for security and to operate the website. Legal basis: legitimate interest in keeping the service available and secure.

Buyers of a day pass

• Payment details (card number, expiry, billing information) are entered directly into Stripe's payment page — we never see, store or process them ourselves. Stripe is the processor; see stripe.com/privacy.
• From the Stripe payment we receive only the transaction confirmation and a session identifier. We use this to verify the payment and issue your 24-hour pass.
• Your day-pass token. It is anonymous — it does not contain or link to your name, email or card. It is stored in your browser (localStorage) and expires automatically after 24 hours. Legal basis: necessary to perform the contract you bought.

Administrators (operator-only)

• The admin account holder's name, email and a securely hashed password. Legal basis: necessary to operate the service.

3. Cookies and local storage

We use only strictly-necessary storage on your device:

• Your day-pass token — so you can open the planner during your 24-hour pass. Removed automatically when the pass expires, or when you clear your browser data.
• Admin login — for site operators only.
• A cookie-consent flag — so we don't show you the banner again.

We do not use third-party trackers, advertising cookies or analytics that profile you.

4. Who we share data with

We share the minimum data required, only with these processors:

• Stripe (payments) — handles your card payment.
• Netlify (hosting) — runs the website and stores the day-pass and content data.
• Google Maps (maps display) — shows the map inside the planner.

We do not sell or share your personal data for marketing.

5. How long we keep your data

• Day-pass tokens: 24 hours, then they expire automatically.
• Stripe payment records: retained by Stripe for the period required by financial and accounting law (typically 7 years).
• Server logs: a short rolling window held by Netlify for security.
• Admin accounts: kept while the account is in use; removable on request.

6. Your rights under the GDPR

You can ask us, at any time, to:

• see what personal data we hold about you,
• correct anything that's wrong,
• delete your data (where there's no legal obligation to keep it),
• restrict or object to how we process it,
• receive your data in a portable format,
• withdraw consent where processing is based on consent.

Email us at [your contact email] and we'll respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

7. Children

Bring a Local is not directed at children under 16 and we don't knowingly collect data about them.

8. Changes to this policy

If we update this policy we will change the date below. Material changes will be highlighted on the site.

Last updated: .