Skip to content
In de Zon
SIGN UP

Privacy policy

Last updated: May 2026

1. Who we are

In de Zon is a service of [HANDELSNAAM], registered at [ADRES], the Netherlands, with the Dutch Chamber of Commerce (KvK) under number [KVK-NUMMER]. We offer a platform where users can see in real time which terraces nearby are in the sun, save terraces as favourites and reserve tables. Terrace owners can register their location and manage reservations via our dashboard.

In the Sun is responsible for processing personal data as described in this privacy policy. Questions? Contact us at support@indezon.app.

2. Which data we collect

Email address (waitlist): If you sign up for the waitlist, we store your email address to inform you of the launch of the app.

Location data: When you grant permission, we use your location to show nearby terraces. Your coordinates are processed on our servers to retrieve the right terraces and shadow calculations, but are not stored as part of your user profile.

Google or Apple account data via Clerk: When you sign in with your Google or Apple account, we receive your name and email address via our authentication partner Clerk. This data is used to create and manage your account.

Usage data: When you are signed in, we store your favourite terraces and reservation information, linked to your Clerk user ID.

IP address: When making requests to our map service (shadow calculations), your IP address is temporarily processed for security and deduplication. It is not stored structurally.

Reservation data: Name, email address and optional phone number as you provide, plus time, party size and selected table. Shared with the relevant terrace owner to fulfil the booking.

QR code & check-in: Confirmed reservations display a QR code on your screen. The terrace owner scans it on arrival to record a check-in time. Intended to help the owner manage occupancy, no camera image or photo is stored.

Push notifications: With your consent we send push messages to your phone (confirmations, UV reminders, optional nearby deals). For delivery we use Apple Push Notification Service and Firebase Cloud Messaging; we share only the minimal token ID and message content.

Owner data (dashboard): For terrace owners we store venue name, location, opening hours, photos and (for paid subscriptions) Stripe customer IDs and invoice data. We do not process full credit-card numbers; those are handled exclusively by Stripe.

Reviews and comments: When you rate a terrace, we store your star score (1–5) and any text you write, linked to your user ID. A comment may contain personal data that you provide yourself.

Event saves and reminders: When you save an event or set a reminder, we record this linked to your user ID. We also store your preferences for push reminders (2h before, 24h before, etc.) and a quiet-hours window (the hours during which you do not want push notifications).

Interest in unclaimed terraces: When you indicate interest in a terrace not yet claimed by its owner, we record this. Aggregated counts (e.g. '12 guests wanted to reserve') are shown to prospective owners as an incentive to register.

Photos for terrace mapping: You can upload a photo of a terrace to request a mapping. This photo is stored on our servers, linked to your user ID, and only viewed by our team for the purpose of tracing the terrace boundary.

Taste profile and recommendations (opt-in): If you enable 'Personalise my recommendations', we build a taste profile from your saved venues, saved events and reservations. We compare this profile with those of other opted-in users to surface relevant venues and events for you ('your people'). Matching is based on category preferences, music genres and time-of-day patterns, never on personal identifiers or precise location (neighbourhood cell of approximately 1 km). Your taste profile only exists while your consent is active; withdrawing consent deletes your profile immediately. Manage this via JIJ > Settings > Personalise my recommendations.

Idea box suggestions: When you submit a suggestion via JIJ > Settings > Idea box, we store your text along with the timestamp, app version and device type (user-agent). If you are signed in, the suggestion is linked to your user ID. You may optionally leave an email address for follow-up. Anonymous submissions are also accepted.

Venue-data corrections: Via the 'Report an issue' button on a venue detail page, you can flag incorrect data (for example incorrect opening hours). We store the reason, your optional note and (if you are signed in) your user ID. Anonymous reports are accepted. We use this data solely to correct venue information.

3. Why we collect this data

Service provision: To deliver the core functionality of the app, realtime shadow calculations, showing terraces in the sun, saving favourites and handling reservations.

Communication: To inform waitlist members about the launch of In the Sun and, where applicable, about updates and offers that you have signed up for.

Security and deduplication: To prevent misuse of our service and safeguard the integrity of reservations.

The legal basis for processing is in most cases the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR). For the waitlist, the legal basis is your consent (Article 6(1)(a) GDPR).

4. How long we retain data

Waitlist: Your email address is retained until the app has launched and you have had the opportunity to create an account, or until you unsubscribe.

Account: Account data is retained for as long as your account is active. After your account is deleted, your data will be removed within 30 days, unless legal obligations require longer retention.

Reservations: Reservation data is retained for 24 months from the reservation time, in connection with any disputes or complaints, then either anonymised for statistics or deleted.

Owner data & invoices: Up to 7 years after the last invoice (Dutch fiscal retention obligation).

Logs (technical): A maximum of 30 days.

Taste profile: Your taste profile is deleted when you withdraw consent or delete your account. The consent-audit record (with date and version of the consent text you agreed to) is retained for up to 3 years after withdrawal as evidence under Art. 7 GDPR.

Idea box suggestions: A maximum of 2 years.

Venue-data corrections: A maximum of 1 year after resolution.

5. Your rights (GDPR)

As a data subject you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: you can request which data we process about you.
  • Right to rectification: you can have inaccurate data corrected.
  • Right to erasure: you can request the deletion of your data.
  • Right to restriction: you can have the processing of your data restricted.
  • Right to object: you can object to processing based on legitimate interest.
  • Right to data portability: you can request your data in a machine-readable format.
  • Withdraw consent: for the waitlist, location data or push, at any time.

You can submit a request via support@indezon.app. We respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

6. Cookies

In the Sun uses only functional cookies that are necessary for the proper functioning of the service, such as keeping track of your sign-in session. We do not place tracking or advertising cookies and do not use analytics services that pass on personal data to third parties.

Functional cookies do not require consent, but you can configure your browser to refuse cookies. Note that some features may then no longer work. A complete list of cookies used and their purpose is in our cookie policy.

7. Sharing with third parties

We do not share your data with third parties for commercial purposes. We use the following processors, with whom we have concluded data processing agreements in accordance with the GDPR:

  • Clerk: authentication and session management (US · Standard Contractual Clauses).
  • Stripe: payment processing for terrace owner subscriptions (US · SCC).
  • Resend: sending transactional email (EU).
  • Apple Push Notification Service / Firebase Cloud Messaging: delivering push notifications (US · SCC).
  • Open-Meteo: source of weather data, receives only lat/lng without profile information (EU).
  • Hosting provider ([HOSTING_NAAM]):: storing application data in [DATACENTER_LAND].
  • Terrace owners: receive reservation details (name, party size, time) for their own bookings.
  • Anthropic (Claude API):: processes HTML content from venue websites and satellite imagery to automatically extract events and determine terrace boundaries. No end-user personal data is forwarded; processing covers public venue information only. (US · Standard Contractual Clauses).

For transfers to countries outside the EEA (Clerk, Stripe, push services) we rely on the European Commission's Standard Contractual Clauses.

7b. Lead Intelligence & targeted push campaigns

Terrace owners with a paid subscription can access aggregated insights about their audience via the Lead Intelligence feature: how many users have saved their terrace, how many have never booked, and how many can be reached by push. Individual users are never shared by name.

Terrace owners can send you targeted promotional messages via the In de Zon platform based on the terraces you have saved. You only receive these if you have allowed push notifications for the app; you can disable push notifications at any time in your phone's settings.

8. Security

We take appropriate technical and organisational measures: TLS encryption of all data traffic, restricted internal access via SSO and role-based access, regular security updates, and automatic rate-limiting. In the event of a data breach with a likely risk to your rights and freedoms, we will notify the Dutch Data Protection Authority within 72 hours and, where applicable, you.

9. Children

The app is intended for users aged 16 and over. We do not knowingly collect data from children under 16. Are you a parent/guardian and aware that a child has created an account? Email us and we will delete it.

10. Changes

We may amend this privacy policy. Substantive changes will be announced in advance via the app or by email. The "Last update" date at the top of this page is always current.

11. Contact details

Do you have questions about this privacy policy or would you like to exercise your rights? Please contact our privacy officer:

In de Zon
[ADRES], Netherlands
support@indezon.app