Privacy Policy

1. Who We Are

NYTELIFE is operated by LYTE Studios (“we”, “us”, or “our”), a company registered in Belgium. We act as the data controller for the personal data processed through the NYTELIFE platform, website (nytelife.be), and mobile application (collectively, the “Service”).

Contact: hello@nytelife.be

2. Data We Collect

2.1 Information you provide

• Account data: Name, email address, and password when you create an account.
• Payment data: Payment method details (processed and stored by our payment processor Stripe — we never store full card numbers on our servers).
• Organizer data: Business name, event details, menu items, pricing, and bank account details for settlement.
• Communications: Any information you provide when contacting us via email or support channels.

2.2 Information collected automatically

• Usage data: Pages visited, features used, order history, timestamps, and interaction patterns.
• Device data: Device type, operating system, browser type, screen resolution, and unique device identifiers.
• Network data: IP address, approximate location (city-level, derived from IP), and connection type.

2.3 Information from third parties

• Payment processors: Transaction confirmations, payment status, and fraud risk assessments from Stripe.

3. How We Use Your Data

We process your personal data for the following purposes and legal bases under the GDPR:

4. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

• Payment processors (Stripe): To process transactions, manage wallets, and prevent fraud. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
• Event organizers: Order details (items ordered, pickup code, timestamp) are shared with the organizer of the event where you place an order. Organizers do not receive your payment details.
• Hosting & infrastructure: We use third-party hosting providers to operate the Service. These providers process data on our behalf under data processing agreements.
• Legal requirements: We may disclose data when required by law, court order, or governmental authority, or when necessary to protect our rights, safety, or property.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

5. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account data: Until you delete your account, plus a reasonable period for backup and legal compliance.
• Transaction data: Up to 7 years after the transaction, as required by Belgian tax and accounting law.
• Usage & analytics data: Up to 26 months, then anonymized or deleted.
• Marketing consent records: For the duration of the consent plus 3 years after withdrawal.

6. Your Rights (GDPR)

As a data subject under the General Data Protection Regulation, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
• Restriction — Request that we limit processing of your data in certain circumstances.
• Portability — Request your data in a structured, machine-readable format.
• Objection — Object to processing based on legitimate interest or for direct marketing purposes.
• Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@nytelife.be. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at www.dataprotectionauthority.be.

7. Cookies & Tracking

We use strictly necessary cookies to operate the Service (session management, language preferences). These do not require consent under the ePrivacy Directive.

We do not use advertising cookies or third-party tracking pixels. If this changes in the future, we will update this policy and request your consent before deploying non-essential cookies.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Access controls limiting data access to authorized personnel only.
• Regular security assessments and monitoring.
• Payment data handled exclusively by PCI DSS-compliant processors.

No system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

9. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA (e.g., to US-based sub-processors), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or the EU-U.S. Data Privacy Framework.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact

For any questions about this Privacy Policy or to exercise your data rights, contact us at: