Privacy
Policy

Stay Awhile (“Stay Awhile,” “we,” “us,” or “our”) operates a voluntary-contribution platform that lets guests of coffee shops and coworking cafes scan a per-table QR code and contribute any amount they choose. This policy applies to our marketing site at stayawhile.app, our contribution pages, and our staff dashboard.

We act as a service provider to participating shops and the organizations that operate them. Shops are independent businesses; their own handling of any information you share with them in person is governed by their own practices.

From guests who contribute

• Contribution amount — the amount you choose to contribute and the shop, location, and table it relates to.
• Hashed IP address — we derive a one-way hash of your IP address for fraud prevention and analytics. We never store your raw IP address.
• Device and scan analytics — coarse details such as device type, the QR scan event, and whether a scan resulted in a contribution, used to measure conversion.
• Optional email and name — if you choose to provide them to Stripe during checkout (for example, for a receipt), Stripe may share limited contact details with us.

We do not collect or store your card data. All payment information is entered directly into Stripe’s hosted checkout. We never see, handle, or store full card numbers.

From shop and organization staff

• Name and email address — collected through Clerk, our authentication provider, when you accept an invitation and sign in to the dashboard.
• Account activity — actions you take in the dashboard, retained in an audit log for security and accountability.

• To process voluntary contributions and route funds to shops.
• To provide shops and organizations with revenue, scan, and conversion analytics in their dashboard.
• To detect, prevent, and investigate fraud, abuse, and security incidents.
• To authenticate staff, manage invitations, and enforce role- and location-based access.
• To operate, maintain, and improve the platform and to comply with our legal obligations.

Payments are processed by Stripeusing Stripe Connect and Stripe’s hosted checkout, which supports Apple Pay and Google Pay. Card details are entered directly into Stripe’s secure environment.

Because we use hosted Stripe Checkout and never touch raw card data, our payment handling falls within PCI DSS SAQ-A, the lowest level of merchant compliance scope. Stripe’s handling of your payment information is governed by Stripe’s own privacy policy.

We rely on a small set of trusted vendors to operate the platform. Each processes data only as needed to provide its service:

• Stripe — payment processing and payouts.
• Clerk — authentication and staff identity.
• Neon — hosted Postgres database.
• PostHog — product analytics and conversion measurement.
• Sentry — error and performance monitoring.
• Vercel — application hosting and delivery.

We use a small number of cookies and similar technologies to keep the service working — for example, to maintain a session and to attribute a contribution to the QR scan that led to it.

We use PostHog for product analytics to understand how scans convert into contributions and to improve the experience. This analytics data is associated with hashed and coarse identifiers rather than your raw IP address.

We retain contribution and analytics records for as long as needed to provide reporting to shops, to meet financial and legal obligations, and to maintain platform integrity. Staff account records are retained for the life of the account and a reasonable period afterward for audit and legal purposes. We delete or de-identify information when it is no longer needed for these purposes.

Depending on where you live, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to or restrict certain processing. To exercise any of these rights, contact us at hello@stayawhile.app. We will respond consistent with applicable law. Because much of the data we hold is hashed or coarse, we may need additional information to locate records associated with you.

Stay Awhile is not directed to children, and we do not knowingly collect personal information from anyone under the age of 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal information, please contact us so we can delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated through the service or by other reasonable means. Your continued use of the platform after an update constitutes acceptance of the revised policy.

Questions about this policy or our data practices? Reach us at hello@stayawhile.app.