Privacy notice
Last updated: 13 June 2026
We keep this short and tell you plainly what we do with your data. ClearSkice is a small, private app one host runs for friends, so we collect little and we don't track, advertise, or sell anything. If you'd rather not create an account, you can take part in a party anonymously — just a display name is enough.
Who's responsible
ClearSkice is the name of this app, but the person legally responsible for your data (the "controller") is a real person, not the brand:
- Controller: Papuc Eugen
- Contact for any privacy question or request: papuceugen@gmail.com
If you ever want to know what we hold about you, fix it, or have it deleted, that's the address to write to.
What we collect, and about whom
There are three kinds of people whose data we handle.
The host — the one person who runs ClearSkice. We store their email and an optional display name, plus the means to sign them in (a magic sign-in link or a passkey; if a password is ever set, only a secure hash of it is stored, never the password itself).
Guests — the people who join a party. You can take part in two ways:
- As an anonymous, event-only guest. All you need is a display name so you appear on the party's guest list. You can also have an optional nickname, and sometimes an email — which the host may enter about you, for example to invite you. The app keeps a small session token in a cookie so it remembers it's you for that event. No account is required.
- As a "cabinet" guest — if you choose to create an account so your history follows you from party to party. In that case we store your email, your name, your language preference, and, if you sign in with Google, a profile picture (shown directly from Google, not copied onto our servers). We also store your sign-in identities: this may include your Google profile (if you use Google sign-in), a password (kept only as a secure hash, never in plain text), and/or passkeys (a public key for your device's Face ID / Touch ID / security key — your biometrics never leave your device).
- For either kind of guest, when you order a drink: we store your drink orders and their status, and any cocktail ratings you leave (1–5 stars and an optional note). Together these are a record of the cocktails you ordered at events. We treat that record with care, and you can have it erased (see "Your rights").
Bartenders — people the host invites to serve at an event. The host enters their name and email; we also record their presence and activity during the event and any hand-off notes they leave for each other.
A few things we deliberately don't collect: we store no guest-uploaded content — the only images we keep are the host's own cocktail photos. We don't keep your IP address in the app or in our logs; an IP address is used only momentarily to slow down abusive sign-in attempts, and is not stored.
Why we use your data, and our legal basis
| What we do | Why | Legal basis |
|---|---|---|
| Run the party you joined — show the guest list, take and track your drink orders, and run the live bar queue | To operate the event you're taking part in | Performance of the service / our legitimate interest (you joined the party; running it is the point) |
| Keep a persistent cabinet account so your history and ratings follow you across parties, and sign you in with Google, a password, or a passkey | Because you chose to create an account | Your consent (you opt in, and you can delete the account at any time) |
| Send you transactional emails — sign-in links, email verification, password resets | So you can sign in and verify your email | Performance of the service / our legitimate interest |
What we do not do: no marketing emails, no advertising, no profiling, no automated decisions about you, no behavioural tracking, and we never sell your data.
Who else sees your data
To run the app we rely on a few service providers. All of your data is stored in the European Union. These companies are incorporated in the United States, so where any transfer to the US could happen, we rely on the EU Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework as the legal basis for that transfer.
| Provider | What they do for us | What they handle |
|---|---|---|
| Render | Hosts the app and the database (our main provider) | Everything — the app and the database, in the EU (Frankfurt) region |
| Cloudflare | The content-delivery network in front of Render (a sub-processor of Render) | The traffic passing through (requests and responses) |
| Resend | Sends our transactional emails | Your email address and the email content (for example, a sign-in link); email is sent via the EU (Ireland) region |
| Backblaze B2 | Stores the host's cocktail photos | Only cocktail images — no guest personal data; EU (Amsterdam) region. Your browser fetches these images directly from Backblaze, so Backblaze sees your IP address for that one request |
| Only if you choose Google sign-in | Google learns that you signed in to clearskice.bar and returns your basic profile (name, email, picture), which we store on your cabinet | |
| Neon | A development / preview database (not the live production data store under normal operation) | Could hold profile data only if a real sign-in is used during development |
A couple of things worth saying plainly: we use no analytics or tracking tools, and our fonts are self-hosted, so simply loading a page doesn't leak your IP address to any third party.
International transfers
In short: your data is stored in the EU, but the providers above are US-incorporated companies. Wherever a transfer to the United States could occur, it relies on the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as its legal safeguard.
How long we keep your data
We don't keep your data indefinitely.
- Inactive cabinet accounts are deleted after 24 months of inactivity.
- Guest data from a closed event is kept for a limited period after the event, then deleted or anonymized.
- You can ask us to erase your data earlier at any time (see "Your rights").
Your rights
You have the following rights over your personal data. To use any of them, just email the controller at papuceugen@gmail.com — and for deleting a cabinet account, you can also do it yourself, right now.
- Access — you can ask what data we hold about you.
- Rectification — you can ask us to correct anything that's wrong.
- Erasure ("delete my data") — this works today:
- If you have a cabinet account, you can delete it yourself: go to
/accountand choose "Delete my cabinet." It's reversible for 30 days — sign back in within 30 days and your cabinet is restored; after that it's permanent. Deleting your cabinet removes your account, your sign-in identities, your ratings, and your passkeys. Your past drink orders are kept but anonymized — they no longer carry your name or email, so the host's event records and popular-cocktail counts still work. An anonymized order is no longer your personal data. - Whether or not you have an account, you can ask the host to erase you — just email the controller. The host can remove a specific guest from any event, including past ones.
- If you have a cabinet account, you can delete it yourself: go to
- Restriction — you can ask us to pause using your data while a question about it is being resolved.
- Objection — you can object to any processing we base on our legitimate interest.
- A copy of your data (portability) — you can ask us for a copy of the data you gave us. (A self-service "download my data" button is coming; for now, just ask.)
One honest note: signing out removes your session on the device you're using; a session on another device may stay active for up to about 30 days until it expires. But once an account is deleted or erased, it can no longer be used to read or change anything on any device.
How to exercise your rights, and how to complain
- Send any request to the controller: papuceugen@gmail.com. We'll respond without undue delay, and within one month.
- We may need to confirm your identity first, so that we don't act on someone else's request about you.
- You also have the right to complain to a data-protection regulator:
- In Moldova: the National Centre for Personal Data Protection (CNPDCP) — datepersonale.md.
- In the EU (if you live there): your local data-protection authority.
Cookies and functional storage
ClearSkice uses only first-party, strictly functional cookies and browser storage — specifically, your sign-in session, your event session, and your chosen language.
There are no tracking cookies, no advertising cookies, and no analytics cookies — which is why you won't see a cookie consent banner: strictly functional cookies don't need one.
Age
ClearSkice is a tool for adults (18+) to run private cocktail events. It is not intended for minors, and we don't knowingly collect data about children.
Changes to this notice
We may update this notice from time to time. The "Last updated" date at the top always reflects the current version.
Have a question or a request?
Email papuceugen@gmail.com and we'll help with anything about your data.