Privacy policy
Beta. SamenKids is in beta. This policy describes how we handle personal data in the current release. We may update it as features and vendors change; we change the Last updated date below when we make material edits.
Last updated: 2026-05-25
Who we are
SamenKids operates this website and related services. For privacy questions or requests, contact privacy@samenkids.com.
How you sign in (authentication)
We use Supabase for accounts and sessions. Depending on configuration and your choices, you can authenticate by:
- Email and password — you provide an email address and a password. We enforce password rules to reduce account takeover risk.
- Google (OAuth) — when enabled, you can sign in with Google. Google processes login under its own terms and privacy policy. We receive identifiers Google shares with us (such as email and display name) to create or link your SamenKids account.
- Password reset — we email you a time-limited link so you can choose a new password.
After you sign in, we keep your session using first-party HTTP cookies so you stay logged in across pages (see Cookies and similar technologies and the Cookie policy linked in the site footer).
What we collect and why
We collect only what we need to run the beta safely and improve the product.
| Category | Examples | Why we use it |
|---|---|---|
| Account and profile | Email, name, avatar, public profile fields, language, roles such as host | Operate your account; show organizer information on listings |
| Family details you add | Child names or nicknames, ages, related preferences | Features you use (for example RSVPs, hosting, age-appropriate activities) |
| Activities and RSVPs | Listings, descriptions, schedules, participation, host tools | Core marketplace and booking flows |
| Location and search | Places you search, addresses you enter for activities | Geographically relevant results and listings |
| Verification | Images or documents you upload for trust and safety checks | Reduce fraud and protect participants, as explained in the product |
| Payments (when enabled) | Checkout is handled by our payment provider (for example Stripe). We do not store full payment card numbers on our own servers | Paid listings or subscriptions you choose |
| Feedback | Message text you submit, optional context you include | Improve the product; reply when follow-up is needed |
| Support and email | Your address for service messages (security alerts, password reset, confirmations, notifications you opt into) | Deliver and secure the service |
| Technical and security | IP address, timestamps, request metadata, server logs, rate limits, short-lived CAPTCHA verification tokens | Security, abuse prevention, debugging, reliability |
We do not sell your personal data.
Cookies and similar technologies
We use cookies and related storage where necessary for sessions, preferences, and measurement. A short list of first-party cookies on our domain includes:
| Name / pattern | Role |
|---|---|
Cookies whose names start with sb- and are tied to your Supabase project (for example sb-<project-ref>-auth-token, sometimes split into multiple cookies if the value is large) |
Strictly necessary — keep your Supabase session and refresh tokens so you remain signed in securely |
NEXT_LOCALE (set by next-intl when your chosen language differs from what we would infer otherwise) |
Preferences — remember your selected site language (for example English, Dutch, or Turkish) |
When you load third-party scripts, those providers may use their own cookies, local storage, or similar technologies under their policies:
- Cloudflare Turnstile — see Bot protection below.
- Datadog — we are adding Datadog for observability (for example Real User Monitoring and/or backend monitoring). When enabled, Datadog may receive technical and usage signals (such as page views, interactions, performance timings, and errors) to understand user behavior and product usage so we can improve reliability, features, and performance. We will update this policy when Datadog is live to list any additional cookies or identifiers.
- Vercel Web Analytics — we use @vercel/analytics for aggregate traffic insight; see Vercel’s documentation for how it handles data (it is designed to avoid advertising-style tracking).
You can block or delete cookies in your browser. If you disable essential auth cookies, sign-in and parts of the site will not work. For more detail, see the Cookie policy in the site footer.
Bot protection (Cloudflare Turnstile)
On some pages (for example login, sign-up, forgot password, and feedback), we may show Cloudflare Turnstile when it is configured for our environment. Turnstile collects browser and network signals to distinguish human visitors from automated abuse. Our servers send your short-lived Turnstile token to Cloudflare for verification; that process can include your IP address. Cloudflare processes this data as described in its policies, for example its privacy policy.
Where data is processed
We use subprocessors that host or process data on our behalf, including for example Supabase (database, auth, file storage), Vercel (hosting and analytics), Resend (email delivery where configured), Cloudflare (Turnstile and related infrastructure), Stripe (payments when enabled), and Google (only if you choose Google sign-in). Datadog will process monitoring data as described above.
Data may be stored or transferred outside your country where those providers operate; we rely on appropriate safeguards (such as standard contractual clauses) where European law requires them.
Legal bases (EEA, UK, and similar)
Where GDPR or comparable laws apply, we rely on:
- Contract — to provide the service you asked for.
- Legitimate interests — for example securing accounts, preventing fraud, measuring aggregate usage, improving the product, and supporting users; we balance these interests against your rights.
- Consent — where we ask for it (for example optional analytics beyond what is strictly necessary, if we offer separate consent in the product).
- Legal obligation — where the law requires us to retain or disclose information.
Retention
We keep personal data while your account is active and for a limited period afterward to resolve disputes, comply with law, and secure backups. Some logs may be kept for shorter technical retention windows. When Datadog is enabled, its retention follows our configuration and Datadog’s terms.
Your rights
Depending on your location, you may have the right to access, correct, delete, restrict, or export your personal data, and to object to certain processing. You may also complain to your local data protection authority.
To exercise your rights or ask a privacy question, email privacy@samenkids.com. You can also use other contact options on the About SamenKids page in the footer where those are listed.