Draft. This policy is a working placeholder and has not yet been reviewed by a solicitor. It will be replaced with approved text before general availability.

Privacy Policy

Last updated: May 2026

What we collect

Account data (name, email, optional phone and profile details) and the content your lodge’s administrators and members upload (documents, photos, announcements, events). We deliberately collect no advertising identifiers and run no third-party trackers.

Where it lives

Data is hosted in the European Union (Supabase, AWS eu-west-1) and encrypted at rest and in transit. Each tenant’s records are isolated by database row-level security; files are served only via short-lived signed links to signed-in members.

Who can see it

Members of your lodge, according to the roles your administrators assign. Contact details are visible to lodge administrators only, unless you choose to share more in your profile. Nothing is public.

Processors

We use Supabase (database, storage, authentication), Vercel (hosting), Resend (transactional email), and Stripe (payments, lodge administrators only). Each processes data solely on our instructions.

Your rights

You may request access, correction, export, or deletion of your personal data at any time. Lodge administrators can export their tenant’s full dataset. Cancelled tenants are retained for 90 days and then deleted.

Contact

Privacy questions: use the contact form or the address published in our security.txt.