Privacy Policy
Last updated: March 2026
1. Data Controller
ESTAMINE CLUB is the data controller for your personal data. For any questions regarding data protection, contact us at privacy@estamine.com.
2. Data We Collect
Account Data
Name, email address, and authentication credentials (password hash or OAuth token).
Transaction Data
Purchase history, voucher codes, and redemption records. Payment card details are processed and stored exclusively by Stripe — we never have access to your full card number.
Usage Data
Pages visited, interactions, browser type, and device information, collected via error tracking (Sentry) and essential analytics. Session replays may be recorded when errors occur, with all text masked for privacy.
Communication Data
Newsletter preferences and contact form submissions.
3. Legal Basis for Processing
- Contract: Processing your purchases, delivering vouchers, managing your account.
- Legitimate interest: Error monitoring, fraud prevention, platform security.
- Consent: Newsletter emails, session replay analytics, non-essential cookies.
- Legal obligation: Tax and accounting records as required by Portuguese law.
4. Third-Party Processors
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | EU (Frankfurt) |
| Stripe | Payment processing | EU/US (GDPR compliant) |
| Cloudflare | Hosting & CDN | Global (EU compliant) |
| Sentry | Error monitoring | EU (Frankfurt) |
| Resend | Transactional emails | US (GDPR compliant) |
All processors are bound by data processing agreements ensuring GDPR compliance.
5. Cookies
We use the following categories of cookies:
- Essential: Authentication session cookies (Supabase). Required for the platform to function.
- Analytics: Sentry session replay (only when you consent). Used to diagnose errors and improve the experience.
You can manage your cookie preferences at any time via the "Cookie Settings" link in the footer. See our Terms of Service for more details.
6. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Transaction data: Retained for 10 years as required by Portuguese tax law (Codigo do IRS).
- Usage data: Sentry events retained for 90 days.
- Newsletter preferences: Until you unsubscribe.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Receive your data in a structured, machine-readable format.
- Restriction: Limit how we process your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: For any processing based on consent, at any time.
To exercise any of these rights, email privacy@estamine.com. We will respond within 30 days.
8. Supervisory Authority
You have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD — Comissao Nacional de Proteccao de Dados) if you believe your data protection rights have been violated.
9. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice on the platform.