Privacy Policy

Welcome to The Space ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application ("App") and related services. Please read this policy carefully. By using the App, you agree to the practices described herein.

If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2.1 Information You Provide Directly

When you create an account or use our services, we collect:

• Identity Data: First name, last name, email address, phone number
• Professional Data: Organization name, job title, industry
• Authentication Data: Password (stored in hashed form)
• Payment Information: Cardholder name, card brand, last four digits, expiry date, and payment gateway tokens. Full card numbers are never stored on our servers.
• Booking Data: Space reservations, dates and times, subscription preferences, and invitee email addresses
• Cafe & Concierge Orders: Menu selections, order history, and service requests
• Communications: Messages, requests, and feedback submitted through the App

2.2 Information Collected Automatically

When you use the App, we automatically collect:

• Device Information: Device type, operating system version, unique device identifier (UDID)
• Usage Data: Features accessed, screens viewed, actions performed, session timestamps
• Network Data: IP address, connection type, network status
• Authentication Tokens: JWT tokens used for session management (stored securely on-device)

We use the information we collect to:

The App may request the following device permissions. Each permission is only used for the stated purpose:

You may revoke any permission at any time through your device settings. Revoking certain permissions may limit App functionality.

We integrate with the following third-party services, each of which has its own privacy practices:

5.1 Service Providers

5.2 Disclosure Conditions

We do not sell your personal data. We may disclose your information only in the following circumstances:

• With your consent: When you explicitly authorize sharing
• Service providers: Trusted vendors who process data solely on our behalf under data processing agreements
• Legal requirements: When required by applicable law, regulation, or valid legal process
• Safety and security: To protect the rights, property, or safety of our users or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you delete your account, plus up to 30 days for backup recovery
• Transaction records: Retained for a minimum of 7 years to comply with financial regulations
• Analytics data: Retained in aggregated, anonymized form after 26 months
• Deleted content: Removed from active systems within 30 days; backup copies purged within 90 days

We implement industry-standard security measures to protect your information:

• Encryption in transit: All API communications use HTTPS/TLS
• Encryption at rest: Sensitive credentials stored using device-level secure storage (flutter_secure_storage)
• Token-based authentication: Short-lived JWT tokens with automatic refresh
• No plaintext passwords: Passwords are hashed server-side before storage
• Tokenized payments: Full card numbers are never transmitted to or stored on our servers

Despite these measures, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password and enable biometric authentication.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data for marketing purposes
• Withdraw Consent: Withdraw previously given consent at any time

How to Exercise Your Rights

• In-App: Navigate to Settings → Account to update or delete your profile
• Email: Contact us at [email protected]

We will respond to all verified requests within 30 days (or as required by applicable law).

You have the right to permanently delete your account and all associated personal data from The Space at any time. Once deleted, your account cannot be recovered.

How to Delete Your Account

• In-App: Go to Settings → Delete Account and follow the confirmation steps
• By Email: Send a deletion request to [email protected] from your registered email address

What Happens After Deletion

• Account & profile data: Permanently removed from active systems within 30 days of your verified request
• Backup copies: Fully purged from all backup systems within 90 days
• Transaction records: Retained for a minimum of 7 years as required by financial regulations — this data cannot be deleted on request
• Anonymized analytics: Aggregated usage data with no personal identifiers may be retained indefinitely

Deleting your account will cancel any active subscriptions and remove access to all bookings, order history, and saved preferences. This action is irreversible.

You may control how we communicate with you:

• Push Notifications: Manage in-app at Settings → Notifications or via your device notification settings
• Email Notifications: Toggle on/off in-app under notification preferences
• SMS Notifications: Toggle on/off in-app under notification preferences
• Marketing Communications: Unsubscribe via the link in any marketing email or through in-app settings

Transactional communications (booking confirmations, payment receipts) cannot be opted out of while your account is active.

The App is not directed to children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verified parental consent, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us at [email protected].

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections, in compliance with applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: We do not sell or share personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise your California rights, contact us at [email protected] or use the in-app account management tools.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your data include:

• Contract performance: Processing necessary to fulfill your bookings and orders
• Legitimate interests: Security, fraud prevention, and service improvement
• Consent: Marketing communications and optional features
• Legal obligation: Financial record-keeping and regulatory compliance

You have the right to lodge a complaint with your local data protection authority.

The App may contain links to third-party websites or services (e.g., support pages, payment portals displayed in a WebView). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via in-app notification or email for material changes
• Require re-acknowledgment for significant changes that affect your rights

Your continued use of the App after any changes constitutes acceptance of the updated policy.