1. Who we are
Purr Vida Lounge ("we", "us", "our") operates this website and the related booking, donation, sponsorship and gift-certificate services. We are the data controller for the personal data we collect about you through this site. You can reach us at hello@purrvidalounge.com.
2. Personal data we collect
- Contact information — name, email address, phone or WhatsApp number you provide on booking, donation, contact, rescue and franchise forms.
- Booking details — service, date, time, party size, notes, waiver acknowledgement, signed name, IP address and timestamp at the time of waiver signing.
- Donation & sponsorship details — amount, frequency, optional message, optional cat selection.
- Payment metadata — for card payments, Paddle handles your card data; we only receive a transaction ID and the customer ID Paddle assigns. For SINPE Móvil or PayPal we receive the confirmation number or transaction ID you submit and any receipt screenshot you choose to upload.
- Rescue submissions — finder name, contact details, photos and description of cats you report to us.
- Account credentials — for admin users only: email, hashed password, role.
- Usage data — basic technical information such as IP address, browser type, pages viewed, and approximate location, captured through our hosting and analytics providers.
- Cookies — essential cookies for site functionality and authentication. We do not currently set marketing cookies.
3. Why we use your data & legal basis
| Purpose | Legal basis |
|---|---|
| Take and fulfil bookings, donations, sponsorships and gift certificates | Performance of a contract with you |
| Process payments and prevent fraud (with Paddle as Merchant of Record) | Contract performance & legitimate interests |
| Send transactional emails (booking confirmations, receipts, gift codes, waiver records) | Contract performance |
| Respond to contact, rescue and franchise enquiries | Legitimate interests |
| Keep the site secure and operational | Legitimate interests |
| Comply with tax, accounting and other legal obligations | Legal obligation |
| Send occasional updates if you opt in | Consent (you can withdraw at any time) |
4. Who we share data with
- Paddle.com — our Merchant of Record for card payments. Paddle processes your payment, calculates and remits applicable taxes, issues invoices, manages subscriptions, and handles refund requests. See Paddle's Privacy Notice.
- Hosting & infrastructure — Lovable Cloud (Supabase) for database, authentication and file storage; Cloudflare for delivery and security.
- Email delivery — our transactional email provider used to send booking and donation confirmations.
- PayPal — when you choose PayPal as a payment method, your transaction is processed by PayPal under their own privacy notice.
- Professional advisers — accountants, auditors, and legal advisers, where strictly necessary.
- Authorities — when we are required to by law, court order or regulator.
We do not sell your personal data.
5. International transfers
Our processors (including Paddle, our hosting and email providers) may store or process data outside of Costa Rica, including in the European Economic Area, the United Kingdom and the United States. Where personal data leaves a region with additional safeguards (e.g. the EEA or UK), we rely on the recipient's appropriate safeguards — typically Standard Contractual Clauses or an adequacy decision.
6. How long we keep your data
- Booking, donation and gift-certificate records: up to 7 years to meet tax and accounting requirements.
- Waiver records (name, IP, timestamp, text accepted): up to 7 years to evidence consent.
- Contact, rescue and franchise enquiries: up to 3 years after the last interaction.
- Payment-proof uploads (SINPE/PayPal receipts): up to 3 years after verification.
- Marketing subscriptions: until you unsubscribe or opt out.
After the retention period we delete or anonymise the data. Some information may be retained longer where required by law or to defend legal claims.
7. Your rights
Subject to applicable law (including the Costa Rican Law on the Protection of the Person against the Processing of their Personal Data, Law No. 8968, and — where relevant — the EU/UK GDPR), you have the right to:
- request access to the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten") where applicable;
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw any consent you have given us;
- lodge a complaint with the data-protection authority in your jurisdiction (in Costa Rica, PRODHAB).
To exercise any of these rights, email hello@purrvidalounge.com. We will respond within one month.
8. Security
We apply appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, hashed passwords, row-level security in our database, and least-privilege access for staff. No system is perfectly secure, so we encourage you to use a strong, unique password if you create an account.
9. Children
The Site is not directed at children under 13. We don't knowingly collect data from children. Bookings for children should be made by a parent or guardian who accepts the waiver and these terms.
10. Changes to this notice
We may update this Privacy Notice from time to time. Material changes will be posted here and reflected in the "Last updated" date above.
11. Contact
Questions or requests? Email hello@purrvidalounge.com.