Labuboria
Open Web
๐Ÿ”’

Privacy Policy

๐Ÿ“… Updated: 2026-04-01 (v2.3-beta)
๐ŸŒ GDPR ยท EU 2016/679
Legal notice for the public beta period. Policies and terms may be updated before commercial launch.
During the public beta period, payment flows are disabled, plan pricing is 0.00, and no actual charges are processed. Payment-processing details will be updated separately before commercial launch.

1. General. This Privacy Policy (hereinafter โ€” "Policy") defines how Labuboria Quiet Corner (hereinafter โ€” "Service", "we") collects, processes, and protects personal data of its users. This Policy is developed in accordance with Regulation (EU) 2016/679 (GDPR), and applicable data protection laws of the countries where the Service operates.

2. Data We Collect. We process the following categories of data: (a) Account identifiers: email address, nickname, registration date; (b) Geolocation: device coordinates when using the quiet places map (only with your consent); (c) Device data: OS type, app version, interface language, timezone; (d) Booking data: booking history, check-ins, reviews, and ratings; (e) Technical logs: IP address, request timestamps, session ID โ€” for security and diagnostics.

3. Legal Basis for Processing (Art. 6 GDPR). Processing is carried out based on: (a) your consent (Art. 6(1)(a)) โ€” geolocation, marketing notifications; (b) contract performance (Art. 6(1)(b)) โ€” registration, booking, check-in; (c) legitimate interests (Art. 6(1)(f)) โ€” security, fraud prevention, analytics; (d) legal obligations (Art. 6(1)(c)) โ€” compliance with laws, responding to regulatory requests.

4. Data Storage and Transfer. Data is stored in Supabase infrastructure (PostgreSQL + Storage) and Vercel (website hosting). Servers are located in the EU (eu-central-1) and USA. Cross-border transfers outside the EEA are governed by Standard Contractual Clauses (SCC) per Art. 46 GDPR. All data is transmitted over encrypted channels (TLS 1.2+).

5. Encryption and Security. Data in transit is protected by TLS 1.2/1.3. Data at rest is encrypted by the cloud provider (AES-256). Passwords are hashed using bcrypt. Database access follows the Principle of Least Privilege.

6. Third-Party Sharing. We may share data with: (a) Supabase Inc. โ€” database and authentication; (b) Vercel Inc. โ€” website hosting and API; (c) Payment providers (upon commercial launch); (d) Government authorities โ€” upon lawful request. We do not sell personal data to third parties or use it for advertising profiling.

7. Retention Periods. Account data is retained until account deletion. Security logs โ€” up to 12 months. Booking data โ€” up to 24 months after the last booking. After account deletion, data is removed within 30 days, except where retention is required by law.

8. Your Rights. Under GDPR and applicable law, you have the right to: (a) access your data (Art. 15); (b) rectify inaccurate data (Art. 16); (c) erasure โ€” "right to be forgotten" (Art. 17); (d) restrict processing (Art. 18); (e) data portability (Art. 20); (f) object to processing (Art. 21); (g) withdraw consent at any time (Art. 7(3)); (h) lodge a complaint with a supervisory authority (Art. 77). To exercise your rights: privacy@labuboria.com or via the Support page.

9. Cookies and Analytics. The Service may use minimal technical cookies for functionality (authentication, interface language). We do not use tracking cookies or integrate third-party advertising SDKs. Analytics are collected in aggregate form without linking to individual users.

๐Ÿ“งFor privacy inquiries: privacy@labuboria.com
This document is provided for the Labuboria beta stage. Policies and terms may change before commercial launch.