Privacy Policy

1. Introduction

Vouch ApS ("Vouch," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

This Privacy Policy applies to all users of our Service, including buyers purchasing vouchers, vendors offering experiences, and anyone visiting our website. By using the Service, you consent to the data practices described in this policy.

We comply with the General Data Protection Regulation (GDPR) and applicable Danish data protection laws. If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided in Section 13.

2. Data Controller

For the purposes of GDPR and other data protection laws, Vouch ApS is the data controller responsible for your personal data.

3. Information We Collect

3.1 Information You Provide to Us

Account Information

When you create an account, we collect:

• Name and email address
• Password (encrypted)
• Profile information you choose to provide
• Account type (buyer, vendor, or admin)

Purchase Information

When you purchase vouchers, we collect:

• Billing name and address
• Payment information (processed securely by Stripe)
• Transaction history and voucher purchases
• Order details and preferences

Vendor Information

If you register as a vendor, we collect:

• Business name and contact information
• Business registration details
• Bank account or payment information for payouts
• Campaign details, descriptions, and images
• Redemption tracking and voucher management data

Communication Information

When you contact us or interact with our Service, we collect:

• Customer support inquiries and correspondence
• Feedback and survey responses
• Newsletter subscription preferences

3.2 Information Collected Automatically

Usage Data

We automatically collect information about your use of the Service:

• Pages viewed and campaigns browsed
• Time and date of visits
• Time spent on pages
• Links clicked and features used
• Referring website addresses

Device and Technical Information

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution and language preferences

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Please see our Cookie Policy for more information.

3.3 Information from Third Parties

We may receive information from third-party services you connect to your account:

• Authentication providers (social login information)
• Payment processors (transaction status and verification)
• Analytics services (aggregated usage statistics)
• Marketing platforms (campaign performance data)

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 To Provide and Maintain the Service

• Create and manage your account
• Process voucher purchases and transactions
• Generate voucher codes and redemption information
• Facilitate communication between buyers and vendors
• Process vendor payouts and manage campaigns
• Provide customer support

4.2 To Improve and Personalize the Service

• Understand how users interact with our platform
• Analyze usage patterns and preferences
• Develop new features and functionality
• Personalize content and campaign recommendations
• Conduct research and analytics

4.3 To Communicate with You

• Send purchase confirmations and voucher details
• Provide transaction receipts and invoices
• Send service updates and important notices
• Respond to your inquiries and support requests
• Send newsletters and marketing communications (with your consent)
• Notify you about new campaigns and special offers

4.4 For Security and Legal Compliance

• Prevent fraud and unauthorized transactions
• Detect and prevent security threats
• Enforce our Terms of Service
• Comply with legal obligations and regulations
• Protect our rights and the rights of our users
• Resolve disputes and investigate complaints

4.5 For Business Operations

• Process vendor applications and onboarding
• Manage platform fees and financial reporting
• Monitor platform performance and uptime
• Conduct business planning and forecasting

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

5.1 Contractual Necessity

Processing is necessary to perform our contract with you when you purchase vouchers or register as a vendor. This includes account management, transaction processing, and service delivery.

5.2 Legitimate Interests

We process data based on our legitimate interests in operating and improving our platform, preventing fraud, ensuring security, and conducting business operations, provided these interests do not override your rights and freedoms.

5.3 Legal Obligations

We process data to comply with legal requirements, such as tax laws, financial regulations, and consumer protection laws.

5.4 Consent

For certain activities, such as marketing communications and non-essential cookies, we rely on your explicit consent. You can withdraw consent at any time.

6. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

6.1 With Service Providers

We share data with trusted third-party service providers who assist us in operating the platform:

• Payment Processing: Stripe for secure payment processing and vendor payouts
• Authentication: Clerk or similar services for user authentication and account management
• Hosting and Infrastructure: Vercel, Supabase, and other cloud service providers
• Content Management: Contentful for campaign content and media
• Email Services: Email service providers for transactional and marketing emails
• Analytics: Analytics platforms to understand platform usage

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 With Vendors

When you purchase a voucher, we share necessary information with the relevant vendor to facilitate redemption, including your name, contact information, voucher code, and purchase details.

6.3 For Legal Reasons

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Vouch, our users, or others
• Investigate and prevent fraud or security issues

6.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

6.5 With Your Consent

We may share your information for other purposes with your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Account Data: Retained while your account is active and for 3 years after account closure
• Transaction Data: Retained for 7 years to comply with tax and financial regulations
• Voucher Data: Retained for 3 years after voucher expiration
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Support Communications: Retained for 3 years after the last interaction
• Analytics Data: Aggregated and anonymized data may be retained indefinitely

7.2 Deletion

After the retention period expires, we will securely delete or anonymize your personal data. You may also request deletion of your data as described in Section 9.

8. International Data Transfers

Our Service is operated from Denmark, but we may use service providers located in other countries, including outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding Corporate Rules for multinational service providers
• Your explicit consent for specific transfers

We work only with service providers that commit to protecting your data in accordance with GDPR standards.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can access most of your data through your account dashboard.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information through your account settings.

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent. Some data may need to be retained for legal compliance.

9.4 Right to Restriction of Processing

You have the right to request that we limit how we use your personal data in certain situations, such as while we verify the accuracy of the data.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.

9.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop such processing unless we have compelling legitimate grounds.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority if you believe we have violated your data protection rights.

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@vouch.dk. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us. If we discover we have collected data from a child under 16 without parental consent, we will delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification if the changes are significant
• Displaying a prominent notice on the Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiries and requests in accordance with applicable data protection laws.

14. Additional Information for Specific User Types

14.1 For Buyers

When you purchase vouchers, we process your data to complete transactions, deliver voucher codes, and facilitate redemption. Your purchase history helps us provide better recommendations and customer service.

14.2 For Vendors

As a vendor, we process additional business information including tax details, payout information, and campaign performance data. We share aggregated redemption statistics to help you understand campaign performance.

14.3 For Newsletter Subscribers

If you subscribe to our newsletter, we use your email address to send marketing communications about new campaigns and offers. You can unsubscribe at any time using the link in our emails or by contacting us.