How We Protect Your Data

Updated 10 Jun 2026

How we protect your data

Cloomba is built and hosted in Europe, with GDPR compliance as a baseline — not an afterthought.

Where your data lives

Cloomba runs on Railway, with servers in EU West (Amsterdam, Netherlands). Your data never leaves the European Union as part of normal platform operations.

Images and media are stored on Cloudflare R2 with CDN delivery — also with EU data residency.

What we collect

We collect only what's needed to run the platform: your name, email or phone number, profile photo, and the events and RSVPs associated with your account. See What data we collect and why for the full breakdown.

Authentication

Cloomba uses Firebase Authentication (Google) for sign-in. We never store passwords. Sign-in is handled via one-time codes (email magic link or SMS) or trusted OAuth providers (Google, Apple, GitHub).

Your rights

As a user in the EU (or anywhere), you have the right to access, correct, export, and delete your data. See GDPR & Your Rights for details on how to exercise them.

Security practices

  • All data is transmitted over HTTPS
  • Access to production systems is restricted to authorised personnel
  • We do not sell your data to third parties

Questions? contact us.