Privacy Policy
Effective: May 2026
This notice describes how Nexus processes personal data under GDPR. Each venue is an independent controller toward its guests; we process data as processor or joint controller under a data processing agreement.
1. Data we process
This may include name, email, phone, booking details, Stripe payment metadata (not full card numbers), technical logs, account settings, and data from connected services (Google Calendar, TTLock, Tuya) if enabled by the venue.
2. Purposes
We use data to provide the service, confirm bookings, grant door access, bill for the platform, support users, and improve security.
3. Recipients
Data may be shared with trusted subprocessors: hosting, Stripe, email/SMS providers, Google, lock providers — only as needed for the service and under appropriate agreements.
4. Retention
We keep data for the life of the venue account and as required by law. Venues can delete guest data in the dashboard; after account closure we anonymize or delete within a reasonable period.
5. Your rights
You have rights of access, rectification, erasure, restriction, portability, and objection. Contact us below. You may also complain to your local data protection authority.
6. Cookies
We use essential cookies for login and language. Analytics cookies are used only if enabled and in line with your browser consent settings.
Legal questions: info@useit.sk