Fancy a Drink A.Y.V. Hubers Beheer B.V.

Privacy Policy

NLEN

Privacy Policy

Fancy a Drink (FAD)

Last updated: 16 July 2026

Fancy a Drink (“FAD”) is an app that helps people meet in real life in a low-threshold way at an affiliated bar. Because FAD leads to a real, physical meeting, we take privacy and safety extremely seriously and deliberately process no more data than necessary. This policy explains in plain language which data we use, why, with whom we share it, how long we keep it, and what rights you have.

1. Who are we?

FAD is offered by A.Y.V. Hubers Beheer B.V., established in Rotterdam. A.Y.V. Hubers Beheer B.V. is the controller for all personal data processed through the app and the associated bar portal.

A.Y.V. Hubers Beheer B.V.

Laan op Zuid 188

3071 AA Rotterdam, The Netherlands

Chamber of Commerce (KVK): 24425152 | VAT: NL818710093B01

Contact for privacy questions: privacy@fancyadrink.app

Once a Data Protection Officer has been appointed, their contact details will be listed here.

2. What does the app do?

FAD shows you profiles of other members, lets you invite one another for a drink and meet in real life at an affiliated partner bar, where the first introductory drink is offered via a voucher. The app has five membership tiers: Preview (free, browsing and chatting, no physical meeting), Silver, Gold, Platinum and Ultra VIP. From Silver onward, verification is mandatory; a physical meeting and the voucher are available only to verified members.

Because the app leads to a meeting in the real world, we process certain data (such as a liveness check and your approximate location) precisely to make that meeting safer. We explain the reason for each item below.

3. What data do we collect?

3.1 Account and registration data

3.2 Profile data

3.3 Location data

3.4 Biometric data — the liveness check (special category data)

From Silver onward you carry out a liveness check: a selfie used to establish that you are a real, living person, and to compare your face with your profile photo (against fake profiles and catfishing). This check is carried out by our verification partner Stripe Identity.

Processing your face for this check is a processing of biometric data and therefore a special category of personal data within the meaning of Article 9 GDPR. We process it solely on the basis of your explicit consent, which we request separately and independently of the other terms, before the check. You may refuse this consent. If you refuse, you can still use Preview for free; for the verified features we then offer you an alternative, non-biometric verification route (see below).

3.5 Identity data

On escalation (for example following a report or for access to higher tiers), a full identity check via a document scan may be requested, also via Stripe Identity. This processes your legal name, date of birth and a passport-photo comparison. The facial comparison in the document check is also a processing of biometric data under Article 9 GDPR, on the basis of your explicit consent.

3.6 Income and asset data (Platinum and Ultra VIP only)

If you choose Platinum (via the document route) or Ultra VIP, you can upload documents yourself to demonstrate income or assets, such as a payslip, tax return, IB60 statement, WOZ decision, Chamber of Commerce extract, asset overview, business credit report, a photo of a premium payment card, or a statement from a notary or accountant. These documents are read and assessed in an automated way (see chapter 5). The source document is deleted immediately after the assessment; we keep only the outcome (meets the tier: yes or no).

3.7 Telephone number and the “avoid” feature

Your telephone number is always shielded from other members; no one can find you via your number. We use it solely for the avoid feature and the safety contact.

With the avoid feature you can enter numbers of people you would rather not run into, via your phone’s contact picker — we never read your full address book. Only the numbers you deliberately tap are processed in encrypted/hashed form and compared; we do not store a readable telephone number and never reveal whether someone is on FAD.

3.8 Chat messages and photos in the chat

3.9 Safety contact and live location sharing

When a physical meeting becomes concrete, you can voluntarily provide one or more safety contacts (a telephone number or email address). We process those contact details on the basis of our legitimate interest in your physical safety (Article 6(1)(f)), solely to share — if you activate an emergency signal — a live location link with that contact; no name, photo or other data of your match. The data is not reused and not used for marketing. Where possible we inform the provided contact about this processing. The safety contact does not need a FAD account.

3.10 Reports, blocking and moderation

You can block and report other members. For a report we record who reports, against whom, the reason and any explanation, plus a status for handling. We use this data to safeguard the safety of the platform and to detect patterns of unsafe behaviour.

3.11 Payment and subscription data

Payments for paid tiers run mandatorily through Apple’s and Google’s in-app purchases, managed via RevenueCat. FAD does not receive credit card numbers or full payment data; we receive only the status of your subscription (which tier, active or not).

3.12 Technical data and age signals from the app stores

3.13 Waiting list (landing page)

If you sign up via the public landing page for a city that is not yet active, we process your city, email address, telephone number, gender and age, solely to contact you at launch in your city and to measure demand per city. This is done on the basis of your consent, which is recorded with a timestamp.

3.14 What we do NOT collect

4. Why do we process this data (legal bases)?

Under the GDPR we have a legal basis for each processing operation:

5. Automated decision-making

A number of processes run wholly or partly automatically: the liveness and identity check via Stripe Identity, the assessment of income/asset documents for Platinum and Ultra VIP, and the soft reduction of visibility in the event of a repeated pattern of no-shows (which restores itself once you appear normally again).

If an automated process (such as the verification, the income/asset check or the no-show system) leads to a refusal, sanction or restriction of your account, you always have the right to human intervention: via privacy@fancyadrink.app you can object, state your position and request a re-assessment. We guarantee that an account is never permanently restricted or blocked without a final human review. The no-show measure is a light, self-restoring restriction of your visibility with no legal effect.

We use AI, among other things, for the age estimation and for reading income/asset documents. We inform you when you are dealing with an AI system. The provider of the AI service does not use the supplied data to train its models.

6. With whom do we share data?

We share data only with the following processors, and with no one else. We conclude a data processing agreement with each of them.

7. International transfers

FAD’s core processing takes place within the European Economic Area (EEA): our database is at Supabase in Ireland and our email runs via Brevo in France. A number of processors are (also) established in the United States, in particular Anthropic and parts of Stripe, RevenueCat, Cloudflare, Apple and Google.

For transfers to the US we rely on appropriate safeguards. The EU-US Data Privacy Framework (DPF) is a valid transfer mechanism: the General Court of the European Union confirmed its validity on 3 September 2025. We rely on the DPF where the processor concerned is DPF-certified (such as Stripe), and we additionally use the European Commission’s Standard Contractual Clauses (SCCs) as a fallback, partly because an appeal against the DPF is still pending before the Court of Justice.

8. How long do we keep data?

9. How do we secure your data?

10. Your rights

Under the GDPR you have the right of access, rectification, erasure, restriction, data portability and objection. Where we process on the basis of consent, you can withdraw it at any time — in particular your consent for the biometric verification. You can delete your account in the app. Send a request to privacy@fancyadrink.app; we respond within 30 days.

11. Minimum age and age verification

FAD is intended solely for persons aged 18 and over. This is a strict lower limit: the app leads to a physical meeting and is connected with the consumption of alcohol. By using the app you declare that you are 18 or older.

At registration we ask for your date of birth. From Silver onward your age is additionally verified via the liveness/identity check. Where the law requires it, we also use the age signals from the app stores and additional age verification that meets the locally applicable requirements (such as the “highly effective age assurance” prescribed by the Online Safety Act in the United Kingdom).

12. Changes to this policy

We may update this policy. For significant changes we show a notice in the app. The date at the top indicates when the policy was last updated.

13. Complaints and contact

Do you have questions or complaints? Email privacy@fancyadrink.app. If we cannot resolve it together, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via autoriteitpersoonsgegevens.nl.

14. Region-specific rights

United Kingdom (UK GDPR): users from the UK have equivalent rights. Complaints can be lodged with the Information Commissioner’s Office (ICO) via ico.org.uk. In addition, the obligations of the Online Safety Act apply to FAD in the UK (see chapter 11).

FAD is offered in the Netherlands, the other countries of the European Economic Area and the United Kingdom. The app is deliberately not available worldwide; we do not offer it in jurisdictions we do not yet serve.

© 2026 A.Y.V. Hubers Beheer B.V. — Fancy a Drink is a product of A.Y.V. Hubers Beheer B.V., Rotterdam.