Privacy Policy
Last updated: March 23, 2026
1. Who we are
Clearslot is a multi-tenant SaaS booking platform for outdoor, weather-dependent activities. We act as a data processor on behalf of operators (our customers) and as a data controller for the data we collect to operate our platform.
For questions about this policy, contact us at support@clearslot.app.
2. What data we collect
Operators (business accounts)
- Email address and password (hashed, never stored in plain text)
- Company name and notification preferences
- Activity location coordinates and descriptions
- Stripe account identifiers (for payment processing)
End customers (booking users)
- Full name, email address, phone number — provided during booking
- Payment data — collected and processed by Stripe; we do not store card numbers
- Booking history and cancellation records
- Rescheduling tokens (UUID, not linked to identity beyond the booking)
Automatically collected
- IP address (for rate limiting and security)
- Session cookies (required for operator authentication — see Section 7)
3. How we use your data
- Service delivery — processing bookings, sending confirmation and alert emails
- Weather monitoring — matching activity locations to forecasts to protect customer safety
- Payment processing — facilitating transactions via Stripe
- Security — rate limiting, fraud prevention, account protection
- Legal compliance — retaining records as required by applicable law
We do not sell personal data. We do not use personal data for advertising.
4. Legal basis for processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we rely on:
- Contract performance (Art. 6(1)(b)) — processing bookings, sending confirmations
- Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service improvement
- Legal obligation (Art. 6(1)(c)) — accounting and tax records
- Consent (Art. 6(1)(a)) — where explicitly requested (e.g. marketing, if applicable)
5. Third-party services
We share data with the following sub-processors:
| Service | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA / EU |
| SendGrid | Transactional email | USA |
| OpenWeather | Weather forecast data | UK / EU |
| OpenStreetMap / Nominatim | Geocoding (operator setup only) | Global |
For transfers to the USA, we rely on Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework where applicable.
6. Data retention
- Active bookings and customer data — retained for 3 years after the booking date for accounting and legal purposes
- Cancelled / expired reservations — anonymised after 12 months unless a legal hold applies
- Operator accounts — retained while the account is active; deleted within 30 days of account closure upon request
- Security logs — retained for 90 days
7. Cookies
We use only strictly necessary cookies:
- Session cookie (
next-auth.session-token) — required for operator authentication. Expires when you close the browser or after 30 days. - CSRF token — security cookie required by the authentication system.
We do not use advertising, tracking, or analytics cookies. Because we use only essential cookies, your consent is not required under the ePrivacy Directive.
8. Your rights (EEA / UK — GDPR)
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request that we limit processing
- Withdraw consent — where processing is based on consent
To exercise any right, email support@clearslot.app. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in Lithuania: VDAI — vdai.lrv.lt).
9. Your rights (California — CCPA / CPRA)
California residents have the right to:
- Know — what personal information we collect, use, disclose, or sell
- Delete — request deletion of personal information
- Correct — request correction of inaccurate personal information
- Opt-out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination — we will not discriminate against you for exercising your rights
To submit a CCPA request, email support@clearslot.app with the subject line "CCPA Request".
10. Children
Our platform is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately.
11. Changes to this policy
We may update this policy periodically. Material changes will be notified to operators by email at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.