How We Protect Your Data
How we protect your data
Cloomba is built and hosted in Europe, with GDPR compliance as a baseline — not an afterthought.
Where your data lives
Cloomba runs on Railway, with servers in EU West (Amsterdam, Netherlands). Your data never leaves the European Union as part of normal platform operations.
Images and media are stored on Cloudflare R2 with CDN delivery — also with EU data residency.
What we collect
We collect only what's needed to run the platform: your name, email or phone number, profile photo, and the events and RSVPs associated with your account. See What data we collect and why for the full breakdown.
Authentication
Cloomba uses Firebase Authentication (Google) for sign-in. We never store passwords. Sign-in is handled via one-time codes (email magic link or SMS) or trusted OAuth providers (Google, Apple, GitHub).
Your rights
As a user in the EU (or anywhere), you have the right to access, correct, export, and delete your data. See GDPR & Your Rights for details on how to exercise them.
Security practices
- All data is transmitted over HTTPS
- Access to production systems is restricted to authorised personnel
- We do not sell your data to third parties
Questions? contact us.