Privacy Policy
SPIN THE NIGHT Application Privacy Policy
Last updated: 06 Aug 2025
Effective date: 06 Aug 2025
1. Introduction
Spin The Night (“we”, “us” or “our”) operates a multi‑sided mobile application that connects consumers with restaurant businesses and event businesses. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, who we share it with and the rights you have in relation to that data. It is designed to meet international privacy standards and provide clear information in plain language, following best practices for mobile app privacy notices.
2. Scope
This policy applies to all users of the SPIN THE NIGHT mobile application (the “App”), including:
Consumers – individuals who browse, book or attend restaurants and events.
Restaurant Businesses – establishments that list their restaurant on the App.
Event Businesses – organisations or individuals who list events (music nights, special dining experiences, etc.) on the App.
The policy covers personal data collected through the App and related services, including our website (if any), support communications and other interactions. It does not apply to personal data collected outside these channels or to third‑party services that may be accessed through the App (see the section on third‑party links).
3. Information We Collect
We collect different categories of information depending on your role (consumer, restaurant business or event business) and how you interact with the App. We follow the data minimisation principle from the GDPR by only collecting information necessary for the purposes described.
3.1 Information provided by consumers
When you register or use the consumer side of the App, we may collect:
Contact details: name, email address, phone number and password when you create an account.
Profile information: optional photo, dining or event preferences and demographic data you choose to provide in your profile.
Booking and transaction details: details of reservations or event tickets purchased, payment method (handled securely via payment processors), and any dietary or accessibility information you provide.
Communications: messages you send to businesses through in‑app chat or support requests.
Reviews and ratings: feedback you post about restaurants or events.
3.2 Information provided by restaurant businesses
Restaurant businesses supply information necessary to list their establishment and manage reservations, including:
Business details: restaurant name, contact person, business email, phone, physical address and geolocation coordinates.
Licensing and regulatory information: permits or licences needed to operate (where required by law).
Menu and venue information: descriptions, photos, opening hours, capacity and pricing.
Financial information: bank or payment details needed to receive payments from bookings (handled via secure payment gateways).
Interactions: messages exchanged with consumers, reservation confirmations and disputes.
3.3 Information provided by event businesses
Event businesses provide similar information to restaurants, adapted for events:
Event organiser details: organiser name, contact person, email, phone and address.
Event listings: event title, description, schedule, ticket price, capacity, age restrictions and any special requirements.
Venue information: location coordinates, venue details and accessibility information.
Financial information: payment or settlement details for ticket sales.
Communications: messages and support queries from attendees.
3.4 Subscription Plans
3.4.1 Consumer subscription plan
A single paid plan is available to consumers alongside the free version. Subscription fees are billed monthly and are non‑refundable for the current billing period. Consumers can subscribe at any time via the App’s settings.
Unlimited Plan – US $0.99 per month
Unlimited location: Access location‑based search without restrictions.
Unlimited spins: Enjoy unlimited discovery sessions (“spins”) to explore restaurants and events.
Real‑time notification alerts: Receive live updates about offers, events and bookings.
A free plan with limited functionality remains available for users who do not subscribe.
3.4.2 Business subscription plans
For restaurant and event businesses, three monthly subscription tiers are available. Pricing is in USD and features may evolve over time. Businesses can upgrade or downgrade tiers through the App’s settings; fees are billed monthly with notice of any changes.
Basic Tier – US $100 per month
Visibility: Your business appears to roughly 1 in 10 users browsing the App.
Timeline posting: Post deals and events up to once per month.
Customer support: Standard support via email.
Mid Tier – US $200 per month
Visibility: Displayed to about 3 in 10 users.
Timeline posting: Post deals and events twice per month.
Social media shoutouts: One promotional mention per quarter.
Influencer visits: Occasional access to our influencer program.
Website feature: Logo listing on our website.
Add placement: Standard placement for upcoming features.
Push notifications: Up to one push notification per month.
Analytics access: Basic reports.
AI‑powered user targeting: Low priority.
Customer support: Priority email support.
Premium Tier – US $300 per month
Visibility: Displayed to about 6 in 10 users with weekly priority.
Timeline posting: Post deals and events weekly.
Social media shoutouts: Weekly priority promotion.
Influencer visits: Priority access to our influencer program.
Website feature: Business spotlight.
Add placement: Top‑tier priority for upcoming features.
Push notifications: 2–3 push notifications per month.
Analytics access: Advanced insights.
AI‑powered user targeting: High priority.
Customer support: Quarterly 1‑on‑1 call.
3.5 Information collected automatically
Regardless of your user role, the App collects certain information automatically when you use it. This includes:
Device identifiers: unique device identifiers, operating system, app version, language and mobile network information. Collecting these identifiers requires explicit user consent in Europe under the ePrivacy Directive and GDPR.
Usage data: details of how you interact with the App (pages viewed, features used, referring/exit pages, timestamps, crash reports).
Analytics and diagnostics: aggregated statistics to understand performance and improve our services.
3.6 Geolocation data
Our services rely on location data to display nearby restaurants and events, facilitate reservations and ensure accurate directions. Depending on your role and settings, we may collect:
Precise location: GPS or Bluetooth information when you enable location services in your device settings. We request this only when relevant to a feature (for example, showing venues near you) and we obtain clear, informed consent as required by GDPR and CNIL recommendations. You may choose between “always”, “while using the app” or “never” when prompted by iOS or Android.
Approximate location: IP address–based location where precise GPS is not available or when you limit location sharing.
Business location data: for restaurant and event businesses, we collect the coordinates of your establishment to display on the map; this may be public information when you list on the App.
4. How We Use Your Information
We use personal data only for the purposes described below and in accordance with the lawful bases set out in data protection laws. We communicate these purposes transparently, aligning with privacy‑by‑design principles.
4.1 Providing and improving the service
We use collected data to:
- Create and manage accounts for consumers, restaurant businesses and event businesses.
- Display available restaurants and events near your location, and enable bookings or ticket purchases.
- Facilitate payments and settlements via third‑party payment processors; we do not store full payment card numbers.
- Allow restaurants and event organisers to manage reservations, update listings and communicate with attendees.
- Personalise content and recommendations based on your preferences and past activity.
- We track each consumer and business’s chosen tier, process subscription fees, enable associated features (priority listings, marketing visibility and customer‑support levels) and notify consumer and businesses of upcoming renewals or changes.
-
Maintain and improve the App’s functionality, ensure compatibility with different devices and develop new features.
4.2 Communications
We use your contact details to:
Send confirmations, reminders, receipts and support responses.
Communicate updates to bookings or events and service announcements.
Respond to your inquiries and handle complaints or disputes.
Send security alerts, account verification messages or other communications related to safety and compliance.
- We note that we send billing notices, renewal reminders and information about changes to a subscription plan.
4.3 Safety, fraud prevention and legal obligations
We may process data to:
Detect and prevent fraud, spam or security incidents.
Verify user identities and ensure that restaurants and events meet applicable regulations.
Comply with legal obligations, enforce our terms of service and cooperate with law enforcement or regulators when required.
4.4 Analytics and research
We analyse aggregated and anonymised data to understand how the App is used, identify trends, measure the effectiveness of marketing campaigns and improve user experience. Such processing is based on our legitimate interests and does not reveal individual identities.
4.5 Marketing and promotional messages
We may send promotional emails or in‑app notifications about new features, offers or events that may interest you. We rely on your consent where required by law. You can opt out of marketing at any time via the settings in your account or by following unsubscribe instructions.
5. Legal Bases for Processing
Under the GDPR, we must have a legal basis for processing personal data. Depending on the context, our processing is justified by one or more of the following bases:
Contractual necessity: To fulfil our obligations under our terms of service (e.g., manage bookings, facilitate payments and provide customer support).
Legitimate interests: To improve our services, prevent fraud, ensure network and information security, and communicate with users. We balance these interests against your rights and expectations.
Consent: For activities that are not strictly necessary for the service, such as sending marketing communications, accessing precise location, or sharing data with marketing partners. Consent must be freely given, specific and informed.
Legal obligations: To comply with applicable laws (e.g., tax requirements, record‑keeping obligations, consumer protection laws).
6. User Consent and Choice
We use consent management mechanisms consistent with European and global privacy regulations:
Just‑in‑time permission prompts: We request permissions (e.g., location, camera, microphone) only when you attempt to use a feature that needs them, in line with mobile app consent best practices.
Granular consent categories: Where possible, we provide separate choices for different data uses (analytics, marketing, personalization), avoiding bundled all‑or‑nothing options.
Withdrawal of consent: You may withdraw your consent at any time in the App settings or by contacting us. Withdrawal is as easy as granting consent. It does not affect processing already performed based on previously given consent.
Platform‑level permissions: We comply with Apple’s App Tracking Transparency framework and Google Play’s Data Safety requirements. This means disclosing our data practices in the App Store listings, obtaining tracking permission before using device identifiers for cross‑app tracking, and honouring users’ choices.
Do Not Sell or Share (CCPA): California residents have the right to opt out of selling or sharing their personal information. We include a “Do Not Sell or Share My Information” toggle in the App for applicable users.
7. Cookies, Tracking Technologies and Mobile Permissions
Our App uses mobile identifiers and similar technologies to provide and improve services:
Mobile identifiers and SDKs: We integrate software development kits (SDKs) for analytics, crash reporting, customer support and marketing. Each SDK may collect certain data. We coordinate consent across SDKs, ensure that third‑party services respect user choices and maintain audit logs.
Cookies and web trackers: When you visit our website or webview components, we may use cookies or similar technologies. We provide a cookie notice and obtain consent where required.
Permissions: The App may request access to your camera (e.g., to upload profile or venue photos), microphone (e.g., voice notes), contacts (e.g., to invite friends), calendar (e.g., to add reservations) or notifications. You can grant or deny these permissions. We will not access them without permission and we explain why we need each permission when requesting it.
8. Data Sharing and Disclosure
We do not sell personal data. We only share data under the circumstances described below:
8.1 Service providers and partners
We engage third‑party service providers to deliver our services. These include:
Payment processors: To handle secure transactions. We do not store your full payment card information.
Hosting and infrastructure providers: To operate our servers and databases.
Analytics and marketing providers: To help us understand usage patterns and send promotional messages (subject to consent). We require providers to process data only on our instructions and maintain appropriate security measures.
Mapping and geolocation services: To display venue locations.
8.2 Business account visibility
Some information provided by restaurant and event businesses is visible to consumers by design, such as business names, descriptions, menus, event details, photos and location. Businesses should not post private information in these fields. Contact details for customer support are shared with consumers who book or attend an event. We may display aggregated ratings and reviews.
8.3 Legal, regulatory and safety purposes
We may disclose personal data when required by law, regulation or court order, or when necessary to:
Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Protect the rights, property or safety of users, businesses or the public.
Enforce our terms of service and investigate potential violations.
8.4 Business transfers
If we are involved in a merger, acquisition, restructuring or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users and ensure the new entity honours this Privacy Policy or provides an equivalent level of protection.
9. International Data Transfers
We operate globally and may transfer personal data to countries outside your country of residence, including to cloud providers or affiliates in jurisdictions with different data protection laws. When we transfer data from the European Economic Area (EEA), we use safeguards such as Standard Contractual Clauses approved by the European Commission or rely on adequacy decisions. We ensure that recipients provide a comparable level of protection and maintain accountability for onward transfers.
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy and to comply with legal obligations. For example:
Account information is kept while your account is active. If you close your account, we delete or anonymise your data after a reasonable period unless we must retain certain information for legal reasons.
Transaction records are retained for the period required by tax and accounting laws.
Location data is stored only for the time needed to provide location‑based services, after which it is deleted or aggregated.
We periodically review our retention practices to ensure compliance with storage limitation principles.
11. Security Measures
We implement technical and organisational measures to protect personal data from loss, misuse and unauthorised access. These include:
Encryption: We use encryption in transit (HTTPS) and at rest for sensitive data.
Access controls: We restrict access to personal data to authorised personnel who require it for their roles. Employees and contractors are bound by confidentiality obligations.
Secure coding and testing: We follow secure development practices and regularly test our systems for vulnerabilities.
Consent logging and audit trails: We maintain records of consent and data processing activities, enabling us to demonstrate compliance.
Incident response: We have procedures for detecting, responding to and notifying authorities and affected individuals of data breaches where required.
Despite our efforts, no method of transmission or storage is completely secure. We encourage users to protect their passwords and to contact us immediately if they suspect unauthorised access to their account.
12. Your Rights and Controls
Depending on your location, you have specific rights regarding your personal data. We respond to requests within the time frames required by law. You can exercise your rights through the App’s settings or by contacting us.
12.1 Rights under the GDPR
If you are in the European Economic Area (EEA), United Kingdom or another jurisdiction that adopts the GDPR, you have the following rights:
Right to be informed – receive clear information about how your personal data is used.
Right of access – request a copy of your personal data.
Right to rectification – correct inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) – ask us to delete your personal data in certain circumstances.
Right to restrict processing – request that we limit processing of your data.
Right to data portability – obtain a copy of your personal data in a structured, commonly used format and transmit it to another controller.
Right to object – object to processing based on our legitimate interests or to direct marketing.
Rights related to automated decision making and profiling – request human intervention and express your point of view regarding automated decisions.
To exercise these rights, please contact us using the details below. We may need to verify your identity before responding.
12.2 Rights under the CCPA/CPRA
If you are a California resident, you have additional rights under the CCPA, as amended by the CPRA, including:
Right to know – know what personal information we collect, how we use it and what categories of third parties we share it with.
Right to delete – request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale or sharing – opt out of selling or sharing personal information with third parties.
Right to non‑discrimination – not to be discriminated against for exercising your privacy rights.
Right to correct – request correction of inaccurate personal information.
Right to limit use of sensitive personal information – restrict our use of sensitive personal information (such as geolocation or payment information) to necessary purposes.
To exercise any of these rights, follow the instructions provided in the App or contact us directly. We will confirm receipt of your request and respond within the statutory deadlines. We will verify your identity before fulfilling certain requests.
13. Children’s Privacy
The App is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete such data. Parents or guardians who believe that a child has submitted personal data should contact us.
14. Third‑Party Links and Services
The App may contain links to websites or services operated by third parties (e.g., external booking platforms, social media, marketing tools). This Privacy Policy does not govern those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third‑party services you access.
15. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology or legal requirements. When we do, we will revise the “Last updated” date at the top and provide notice via the App or other appropriate channels. Continuing to use the App after an update signifies acceptance of the revised policy.
16. Contact Us
If you have questions, concerns or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:
SPIN THE NIGHT – Privacy Compliance
Email: support@spinthenight.com
By using the Service, you acknowledge that you have read, understood and agree to be bound by these Terms.
Get In Touch
