Account information
When you create an account, we store your display name, email address, and password-based login data so we can keep bookings tied to the right customer.
Privacy Policy
A plain-English look at what data is used and why.
This page explains how the live site handles account, booking, and checkout data today. If any of those features change, this policy should change with them.
Customer of Record
Adult account holder
For guardian bookings, the parent or guardian remains the booking owner and contact point.
Payment Data
No full card storage
Secure checkout is handled by Stripe, so card details are entered there instead of being stored on cafe servers.
Retention
7 years / 18 months / 30 days
Retention depends on whether the data is financial, operational, or just temporary check-in data.
Deletion Requests
Redaction where possible
Required accounting and dispute records may remain even after account deletion is requested.
Collection
What we collect
The categories below reflect the live booking, account, and checkout features customers use on the site today.
Booking details
Bookings store customer name, customer email, optional customer phone, booking type, selected games, date and time, and booking-status history.
Guardian and player data
For guardian bookings, player names may be stored when needed for check-in and operational clarity. No child accounts are created.
Operational and device data
Like most web apps, the site may log IP address, browser or device metadata, and usage events needed for security, troubleshooting, and abuse prevention.
Use
How we use your information
Personal information is used to run bookings, send receipts and confirmations, and keep operational records accurate.
Booking and account operations
We use your information to create or manage bookings, authenticate accounts, support password resets, and keep booking records tied to the correct customer.
Email communication
Booking confirmations, reminders, verification messages, and password reset emails are tied to the booking or account email on file.
Support and issue resolution
Booking history, payment status, and operational notes may be used to resolve disputes, refunds, failed check-ins, or other support issues.
Security and fraud prevention
We use account, device, and operational data to reduce abuse, investigate suspicious activity, and protect the site, staff tools, and payment flow.
Providers
Services that help run the experience
Some parts of the product depend on third-party services. Their role is limited to the part of the workflow they support.
Cloudflare
Cloudflare hosts the site and supports infrastructure like Workers, D1, Queues, and related platform services.
Stripe
When secure checkout is used, Stripe handles hosted payment entry and payment processing. JB Gaming Cafe does not store full payment card details on its own servers.
If you open a directions link or map card on the site, Google may receive the address you choose to open.
Resend
When transactional email is turned on, Resend delivers booking and account emails tied to your reservation or login activity.
Minors
How guardian and child data is handled
The system is designed to minimize child data and keep an adult account holder responsible for the booking whenever younger players are involved.
No child accounts
Players under 13 do not create their own accounts.
Guardian remains the customer
For under-13 players, the parent or guardian is the customer of record for booking, payment, refunds, email delivery, and check-in questions.
Only needed child data
Child or player names are collected only when operationally necessary and are treated as optional operational data rather than permanent customer identity records.
Public site and operator tools
The public site avoids exposing assignment details, while protected operator tools only surface what is necessary to run the floor and confirm the right booking.
Retention
How long data is kept
Different categories of information have different retention windows because some records are required for accounting, dispute support, or operational audit history.
Financial and booking records
Financial booking snapshots, payment totals, refund records, and audit logs are retained for 7 years for accounting and dispute support.
Optional operational fields
Fields such as customer phone, player names, and staff notes are retained for 18 months after session end, then redacted or deleted unless needed for an unresolved dispute, chargeback, refund, or legal hold.
QR token retention
QR token values may be cleared 30 days after session end because they are no longer needed once the main check-in and dispute windows have passed.
Guardian and child data
Minor-related data follows the same minimized retention approach and is kept no longer than necessary for the booking and retention rules above.
Requests
Deletion, redaction, and account requests
Privacy requests are handled with the understanding that some data can be removed while other records must be preserved for legal or accounting reasons.
Account deletion requests
When possible, deletion requests disable future login access and remove or redact optional non-financial data tied to the account.
Records that may remain
Required booking, payment, refund, and audit records may remain even if an account is deleted, because those records support accounting, fraud review, and dispute handling.
Future bookings limit deletion
Accounts with future confirmed bookings may need those bookings to be canceled, completed, or transferred into a staff-managed flow before full deletion can finish.
Policy changes
If retention rules or account-management workflows change, this page should be updated alongside the product behavior so the public explanation stays accurate.
Security
Security measures and policy updates
No system can promise perfect security, but the platform includes layered controls to protect customer and operational data.
Access control
Protected operator tools are separated between admin and owner surfaces, with Cloudflare Access gating entry before the app loads and the app itself limiting owner-only pages.
Checkout and webhook safeguards
Payment and booking flows use hosted checkout, webhook verification, and reconciliation rules so money and booking records do not drift silently.
Operational auditability
Sensitive actions like manual check-ins and booking note changes create audit records inside the protected admin system.
Page updates
This privacy page is updated whenever the booking, account, or checkout experience changes.
Last Updated
March 24, 2026
This page reflects the current live privacy behavior. If the booking, account, payment, or retention workflows change, this page should be revised alongside those changes.