MEMBRS← BACK
Privacy PolicyLAST UPDATED · 6 July 20261. Who we are

membrs. ("we", "us") operates the membrs. platform connecting nightlife venues ("clubs") and their paying members. The data controller is [membrs. Srl — Italian company under incorporation, registered office in Lombardy, Italy; VAT number to follow incorporation]. For anything in this policy, write to hello@membrs.world.

2. What we collect

Account data: your name, email address, optional phone number, language preference, and profile photo if you add one. Membership and billing data: which club plan you hold, its status, and your billing history. Payments are processed by Stripe — your card number never touches our servers, and we never see or store it. Entry data: a timestamp when your member card is scanned at the door. Push notification tokens, only if you enable push notifications on your device. Usage analytics, only if you accept analytics cookies (see our Cookie Policy).

3. Why we process it, and on what basis

To provide your membership, member card, and bookings — performance of contract. To process payments, prevent fraud, and handle disputes — performance of contract and our legitimate interest. To send service communications about your account and membership — performance of contract. To keep the platform secure and prevent abuse — legitimate interest. To measure how the platform is used — your consent, given through the cookie banner and withdrawable at any time.

4. Who we share it with

Your club sees that you are a member and your check-in activity, so it can honor your perks; your email and phone are shared with the club only if you switch that on in your profile. Our processors, acting under contract: Stripe (payments), Supabase (database and authentication, hosted in the EU — AWS eu-west-1), Resend (transactional email), and Vercel (hosting). Google receives analytics data only after you consent. We do not sell your data. Ever.

5. International transfers

We keep your data in the European Economic Area wherever possible. Where a processor handles data outside the EEA, the transfer is covered by Standard Contractual Clauses or an equivalent safeguard.

6. Retention

Account data is kept while your account is active. When you delete your account, there is a 30-day grace period during which you can restore it; after that, your personal details are irreversibly anonymized — name, email, phone, photo, and push tokens are removed or replaced. Financial records (payments, refunds, payouts) must be kept for 10 years under Italian fiscal law; they survive deletion in anonymized form, no longer linked to you as an identifiable person.

7. Your rights

Under the GDPR you can access, correct, delete, restrict, or port your data, object to processing based on legitimate interest, and withdraw consent at any time. You can delete your account yourself from your profile settings — no email required. For everything else, write to hello@membrs.world; we respond within one month. You also have the right to lodge a complaint with the Garante per la protezione dei dati personali (www.garanteprivacy.it) or your local supervisory authority.

8. Changes

We'll update this policy as the platform evolves and notify you of material changes before they take effect.