DRAFT — review with counsel before launch. This is a generic SaaS template and is not legal advice.

Table Nook Privacy Policy

Last updated: replace with edit date

This policy explains what personal data Table Nook collects, how we use it, who we share it with, and the rights you have over it.

What we collect

• Account information (email, name) provided by our auth provider, Clerk.
• Tenant content that Tenant administrators publish on their venue sites.
• Usage data such as request paths, timestamps, and aggregate engagement metrics.
• Privacy request data for users who exercise the data-access or data-erasure right (the requester's email and a hashed verification code; logs of the request lifecycle).

We do not log your IP address in plain form; the privacy subsystem stores only a peppered SHA-256 hash for rate-limiting purposes.

How we use it

We use personal data to operate the Service, authenticate users, send transactional email (verification codes, data-export download links), prevent abuse, and comply with legal obligations.

Who we share it with

We rely on the following processors:

• Clerk — identity, sessions, password hashing, MFA.
• DigitalOcean — hosting and managed MySQL.
• DigitalOcean Spaces — object storage for tenant assets and data exports.
• Resend — outbound transactional email.
• Anthropic — generator-tools content (if you use the AI tools).

We do not sell personal data.

Cookies and similar

We use essential cookies set by Clerk for sign-in and session continuity. We do not use advertising cookies.

Your rights

If you are a Tenant administrator, member, or game master with an account on Table Nook, you have the right to:

• Know what data we hold about you. Submit an access request.
• Erase your data. We anonymize rather than hard-delete: identifying columns are tombstoned and your account credentials at our auth provider are deleted, but your row is retained with anonymized values for tenant operational integrity. See /privacy/request for the full disclosure.
• Object or restrict processing in jurisdictions where this right applies. Contact us.

We do not block access (right-to-know) requests for any reason. We do block erasure requests when the requester is the system admin or holds an ADMIN or GM role on a tenant; the request response names the blocking tenant(s) so they can be resolved before re-requesting.

Retention

We retain account and tenant data while your account is active. After erasure, we retain anonymized rows for tenant operational integrity (game-attendance history, FK references) and an audit trail of the erasure request itself. The audit row contains only ids and a salted hash of your email — not your original address.

International transfers

Our infrastructure is hosted in the United States. By using the Service, you agree to the transfer of your data to and processing in the United States.

Minors

The Service is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from such individuals.

Changes

We may update this policy. Material changes will be notified via the Service or by email.

Contact

Questions about this policy: [email protected] (replace with the address configured in PRIVACY_EMAIL_FROM).