3C.
← cccanteen.com

Privacy Policy

Effective 2026-06-11

HandwerkSolutions OÜ ("we", "us") is the data controller for personal data processed through cccanteen.com and the 3C Canteen mobile applications. We comply with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.

1. Categories of data we collect

From operators

Legal name, display name, email, phone, business and billing addresses, KYC documentation, Stripe customer identifiers necessary for billing, and the payout method (bank or mobile-money details) you provide to receive payouts.

From tag owners

Email and (optional) phone, display name, OAuth identifiers when you sign in with Google or Apple, and a per-tag ledger of money top-ups, prepaid meal-credit balances, and consumption.

From tag holders

Display name and (optional) email and photograph supplied by the tag owner. Tag holders are not authenticated users; the owner is the data subject responsible for them.

From staff

Display name, role, schedule windows, and a hashed PIN used solely to authenticate kiosk sessions. Staff sessions are mapped to anonymous Supabase auth users that expire automatically.

Notifications

If you enable push notifications, we store a device push token and your per-category notification preferences so we can deliver alerts (top-ups, balances, purchases, tag status, credits, payouts, account, and billing). You can turn any category off in the app's Settings, or disable notifications entirely at the OS level.

Operational data

Audit logs of state changes (account creation, KYC review, tag activation, transactions, settings changes), HTTP access logs at our edge, and minimal device telemetry from the mobile app.

2. Why we process it

  • To provide the Service (Article 6(1)(b) GDPR — performance of a contract).
  • To process payments and remit funds (Article 6(1)(b)).
  • To meet KYC, anti-fraud, accounting, and tax obligations (Article 6(1)(c) — legal obligation).
  • To detect abuse and secure the platform (Article 6(1)(f) — legitimate interest).
  • To respond to support requests (Article 6(1)(b)).

3. Sharing and processors

We share data with the processors strictly required to operate the Service:

  • Supabase — managed Postgres, authentication, edge functions, file storage. Data residency: Dublin, Ireland (eu-west-1) unless we move you on request.
  • Cloudflare — CDN and DNS for cccanteen.com and Pages Functions hosting.
  • Stripe — card processing and subscription billing for operators.
  • MTN MoMo, Orange Money — mobile money processing where the operator has enabled them.
  • Expo — push-notification delivery via Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM); only a device push token and the message payload are processed.
  • Apple, Google — when you choose social sign-in, those providers receive a one-time identity assertion and we receive your verified email.

4. International transfers

Where a processor stores or accesses data outside the European Economic Area, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

5. Retention

Operator and tag-owner accounts: kept for the life of the account plus six years to satisfy Estonian accounting law. Audit logs: seven years. Anonymous staff sessions: deleted automatically when they expire and at most after 30 days. Deleted tags and holders are anonymized after 90 days.

6. Your rights

Subject to GDPR, you may request access, rectification, erasure, restriction, portability, or object to processing based on legitimate interest. You can also delete your account yourself from the mobile app (Settings → Delete account): this disables your account immediately and signs you out everywhere; your data is then erased or anonymized per the retention schedule in section 5 (accounts with billing history retain the legally required minimum). To exercise any other right, write to e-contact@cccanteen.com. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

7. Security

Tag URLs are HMAC-signed per canteen with 256-bit keys generated at canteen creation. Staff PINs are stored as bcrypt hashes (cost 10). Service-role credentials live only on Supabase Edge Functions and are never exposed to clients. Storage buckets for product images and canteen logos are public-read; tag-holder photos use signed URLs.

8. Google user data

When you sign in with Google we use the Google OAuth 2.0 flow. The following describes the Google user data we receive, what we do with it, and how it is protected, in line with the Google API Services User Data Policy (including the Limited Use requirements).

Data accessed

From the Google account you choose at sign-in we receive only the basic profile scope: your verified email address, your Google account identifier (an opaque numeric subject id), your given and family name, and (where you have set one) your profile picture URL. We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google service.

Data usage

The data is used solely to (a) create or look up your 3C Canteen account, (b) authenticate you on subsequent visits, and (c) populate your display name and avatar in the dashboard. We do not use Google user data for advertising, profiling, training machine-learning models, or any purpose unrelated to the operation of the Service.

Data sharing

We do not sell or rent Google user data, and we do not share it with third parties except for the strictly necessary processors listed in section 3 (Supabase as our authentication and database backend, Cloudflare as our CDN). No advertising, analytics, or marketing partner receives Google user data.

Data storage and protection

Google user data is stored inside our Supabase Postgres instance hosted in Dublin, Ireland (eu-west-1). Communication between your device, our edge functions, and Supabase is end-to-end TLS-encrypted. The Supabase service role key never leaves our edge functions and is rotated on incident. Access to the production database is restricted to named operational personnel and audit-logged.

Data retention and deletion

Your Google-derived profile fields are kept for the life of your 3C Canteen account, plus the six-year retention required by Estonian accounting law for any account that has billing history. You can request deletion at any time by writing to e-contact@cccanteen.com; we honour deletion requests within 30 days, beyond the legal retention obligation. You can also revoke 3C Canteen's access from your Google account permissions page at any time, which immediately stops further data access.

9. Cookies

See the Cookie Policy.

10. Contact

Data controller: HandwerkSolutions OÜ, Tallinn, Estonia.
Email: e-contact@cccanteen.com