Privacy Policy

Last updated: January 2026

1. Introduction

At Noche, protecting your personal data is a priority. This privacy policy explains how we collect, use, and protect your information when you use our application.

We comply with the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA).

2. Data Controller

The data controller for your personal data is:

3. Data Collected

We collect the following categories of data:

3.1 Identification Data

  • First and last name
  • Email address
  • Phone number (optional)
  • Profile photo (optional)
  • Date of birth

3.2 Connection Data

  • Login credentials (Google, Apple, email)
  • IP address
  • Device type and operating system

3.3 Transaction Data

  • Reservation history
  • Order history
  • Payment data (processed by SwissPayout, we do not store your banking details)

3.4 Usage Data

  • Favorite venues
  • User preferences
  • Loyalty points

4. Purpose of Processing

Your data is used to:

  • Create and manage your user account
  • Process your reservations and orders
  • Manage the loyalty and rewards program
  • Send you notifications about your reservations
  • Improve our services
  • Prevent fraud
  • Comply with our legal obligations

5. Legal Basis for Processing

  • Contract execution: to process your reservations and orders
  • Consent: for sending marketing communications
  • Legitimate interest: to improve our services and prevent fraud
  • Legal obligation: to comply with applicable regulations

6. Data Sharing

Your data may be shared with:

  • Partner venues: to process your reservations (name, group size, reservation information)
  • Payment provider: SwissPayout for transaction processing
  • Technical providers: hosting (Hostinger), push notifications (Firebase)

We never sell your personal data to third parties.

7. Data Retention

  • Account data: until account deletion + 1 year
  • Transaction data: 10 years (legal accounting obligation)
  • Connection data: 12 months

8. Your Rights

Under GDPR and DPA, you have the following rights:

  • Right of access: obtain a copy of your data
  • Right of rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to portability: receive your data in a structured format
  • Right to object: object to the processing of your data
  • Right to withdraw consent: at any time

To exercise these rights, contact us at privacy@nocheapp.com.

9. Security

We implement technical and organizational measures to protect your data:

  • Data encryption in transit (HTTPS/TLS)
  • Sensitive data encryption at rest
  • Secure JWT authentication
  • Encrypted daily backups
  • Restricted data access

10. Cookies and Similar Technologies

The Noche application uses minimal tracking technologies:

  • Essential cookies: for web application functionality
  • Firebase Analytics: to analyze application usage (anonymized)

You can disable cookies in your browser settings.

11. International Transfers

Your data is primarily hosted in Europe. In case of transfer outside EU/Switzerland, we use the European Commission's standard contractual clauses.

12. Changes

We may modify this privacy policy. In case of significant changes, we will notify you via in-app notification.

13. Contact

For any questions regarding this policy or your personal data:

You can also file a complaint with the competent data protection authority (CNIL in France, FDPIC in Switzerland).