Privacy Policy
Fancy a Drink (FAD)
Last updated: 16 July 2026
Fancy a Drink (“FAD”) is an app that helps people meet in real life in a low-threshold way at an affiliated bar. Because FAD leads to a real, physical meeting, we take privacy and safety extremely seriously and deliberately process no more data than necessary. This policy explains in plain language which data we use, why, with whom we share it, how long we keep it, and what rights you have.
1. Who are we?
FAD is offered by A.Y.V. Hubers Beheer B.V., established in Rotterdam. A.Y.V. Hubers Beheer B.V. is the controller for all personal data processed through the app and the associated bar portal.
A.Y.V. Hubers Beheer B.V.
Laan op Zuid 188
3071 AA Rotterdam, The Netherlands
Chamber of Commerce (KVK): 24425152 | VAT: NL818710093B01
Contact for privacy questions: [email protected]
Once a Data Protection Officer has been appointed, their contact details will be listed here.
2. What does the app do?
FAD shows you profiles of other members, lets you invite one another for a drink and meet in real life at an affiliated partner bar, where the first introductory drink is offered via a voucher. The app has five membership tiers: Preview (free, browsing and chatting, no physical meeting), Silver, Gold, Platinum and Ultra VIP. From Silver onward, verification is mandatory; a physical meeting and the voucher are available only to verified members.
Because the app leads to a meeting in the real world, we process certain data (such as a liveness check and your approximate location) precisely to make that meeting safer. We explain the reason for each item below.
3. What data do we collect?
3.1 Account and registration data
Email address, used for your account, logging in (via a 6-digit code) and necessary service messages.
Date of birth, which you enter at registration, to confirm that you are 18 or older.
First name and a self-chosen nickname. Other members initially see only your nickname; your first name appears only after a match.
3.2 Profile data
Real profile photos, visible when another member opens your profile.
A composed avatar (comic style) shown on the map instead of your real photo, so that your face is not linked to a map location.
Gender and the gender preference you are looking for.
Hobbies, interests, short profile texts and self-chosen personality traits.
Occupation or field of study (mandatory), so that other members get a realistic impression.
3.3 Location data
Approximate, before a match. On the map a profile is never shown at its exact location. The position shown is deliberately shifted relative to the actual location, within a radius of roughly 100 to 200 metres. This shows that someone is broadly nearby, without anyone being precisely traceable. This is our implementation of the GDPR principle of data minimisation.
Exact, after a match. Once two members have matched, the exact location is shared so that they can find each other for the meeting.
Live location (optional). You can temporarily show yourself as “active” within a radius of your choosing. This feature is off by default; you only see others if you share as well.
3.4 Biometric data — the liveness check (special category data)
From Silver onward you carry out a liveness check: a selfie used to establish that you are a real, living person, and to compare your face with your profile photo (against fake profiles and catfishing). This check is carried out by our verification partner Stripe Identity.
Processing your face for this check is a processing of biometric data and therefore a special category of personal data within the meaning of Article 9 GDPR. We process it solely on the basis of your explicit consent, which we request separately and independently of the other terms, before the check. You may refuse this consent. If you refuse, you can still use Preview for free; for the verified features we then offer you an alternative, non-biometric verification route (see below).
Roles. In this check Stripe acts in a dual role: as a processor, Stripe stores the recordings and the consent evidence on behalf of FAD, and as an independent controller, Stripe uses biometrics for its own fraud prevention.
Data minimisation and retention. FAD does not build a biometric database of its own and does not store a biometric template itself; we keep only a reference to the verification and its outcome (passed or not, and the verified age/name derived from it). At Stripe, the biometric features are fully deleted within one year; other identity data is generally kept by Stripe for up to three years as a processor. You can withdraw your consent for the biometric use at Stripe at any time via [email protected].
Alternative without biometrics. If you do not want a biometric check, we offer a manual route: you send a photo of yourself with your identity document and an indicated gesture or code, which a staff member assesses visually without automated biometric processing. This keeps access to the verified features possible without having to provide biometrics.
3.5 Identity data
On escalation (for example following a report or for access to higher tiers), a full identity check via a document scan may be requested, also via Stripe Identity. This processes your legal name, date of birth and a passport-photo comparison. The facial comparison in the document check is also a processing of biometric data under Article 9 GDPR, on the basis of your explicit consent.
3.6 Income and asset data (Platinum and Ultra VIP only)
If you choose Platinum (via the document route) or Ultra VIP, you can upload documents yourself to demonstrate income or assets, such as a payslip, tax return, IB60 statement, WOZ decision, Chamber of Commerce extract, asset overview, business credit report, a photo of a premium payment card, or a statement from a notary or accountant. These documents are read and assessed in an automated way (see chapter 5). The source document is deleted immediately after the assessment; we keep only the outcome (meets the tier: yes or no).
3.7 Telephone number and the “avoid” feature
Your telephone number is always shielded from other members; no one can find you via your number. We use it solely for the avoid feature and the safety contact.
With the avoid feature you can enter numbers of people you would rather not run into, via your phone’s contact picker — we never read your full address book. Only the numbers you deliberately tap are processed in encrypted/hashed form and compared; we do not store a readable telephone number and never reveal whether someone is on FAD.
3.8 Chat messages and photos in the chat
Messages you exchange with another member after a match.
Photos in the chat automatically expire 8 hours after being sent and are then physically deleted; no photo archive is deliberately built up. Chat photos are held in shielded storage that only the two participants can access.
3.9 Safety contact and live location sharing
When a physical meeting becomes concrete, you can voluntarily provide one or more safety contacts (a telephone number or email address). We process those contact details on the basis of our legitimate interest in your physical safety (Article 6(1)(f)), solely to share — if you activate an emergency signal — a live location link with that contact; no name, photo or other data of your match. The data is not reused and not used for marketing. Where possible we inform the provided contact about this processing. The safety contact does not need a FAD account.
3.10 Reports, blocking and moderation
You can block and report other members. For a report we record who reports, against whom, the reason and any explanation, plus a status for handling. We use this data to safeguard the safety of the platform and to detect patterns of unsafe behaviour.
3.11 Payment and subscription data
Payments for paid tiers run mandatorily through Apple’s and Google’s in-app purchases, managed via RevenueCat. FAD does not receive credit card numbers or full payment data; we receive only the status of your subscription (which tier, active or not).
3.12 Technical data and age signals from the app stores
A technical device identifier and push tokens, to send notifications and to counter abuse.
Age signals. In regions where the law requires it, we receive an age category via the age-signal APIs of Apple (Declared Age Range) and Google (Play Age Signals), without your exact date of birth. We use this signal solely to provide age-appropriate access; we do not store it and do not use it for advertising or to share with third parties, in accordance with both platforms’ terms.
Consent for device data. For placing or accessing certain data on your device (such as push tokens) we ask your consent where the law requires it; strictly necessary technical identifiers, for example against abuse, we use on the basis of necessity.
3.13 Waiting list (landing page)
If you sign up via the public landing page for a city that is not yet active, we process your city, email address, telephone number, gender and age, solely to contact you at launch in your city and to measure demand per city. This is done on the basis of your consent, which is recorded with a timestamp.
3.14 What we do NOT collect
We never read your full address book or contact list.
We never sell or rent your data to third parties.
We do not use advertising IDs and do not show third-party advertisements in the app.
We do not build a biometric database of our own.
4. Why do we process this data (legal bases)?
Under the GDPR we have a legal basis for each processing operation:
Providing the service (account, matching, chatting, map, vouchers, location before and after a match): performance of the contract (Article 6(1)(b)).
Liveness and identity check (biometrics): your explicit consent (Article 9(2)(a)), alongside performance of the contract for the verified membership.
Income/asset verification: performance of the contract for the tier you have chosen, with your consent for supplying the documents.
Avoid feature: your consent and our legitimate interest in members’ safety (Article 6(1)(a) and (f)).
Safety contact: our legitimate interest in your physical safety (Article 6(1)(f)); we inform the contact where possible.
Reports, blocking, moderation and abuse prevention: our legitimate interest in a safe platform, and where applicable compliance with a legal obligation (Article 6(1)(f) and (c)).
Waiting list and optional features: your consent (Article 6(1)(a)), which you can withdraw at any time.
5. Automated decision-making
A number of processes run wholly or partly automatically: the liveness and identity check via Stripe Identity, the assessment of income/asset documents for Platinum and Ultra VIP, and the soft reduction of visibility in the event of a repeated pattern of no-shows (which restores itself once you appear normally again).
If an automated process (such as the verification, the income/asset check or the no-show system) leads to a refusal, sanction or restriction of your account, you always have the right to human intervention: via [email protected] you can object, state your position and request a re-assessment. We guarantee that an account is never permanently restricted or blocked without a final human review. The no-show measure is a light, self-restoring restriction of your visibility with no legal effect.
We use AI, among other things, for the age estimation and for reading income/asset documents. We inform you when you are dealing with an AI system. The provider of the AI service does not use the supplied data to train its models.
6. With whom do we share data?
We share data only with the following processors, and with no one else. We conclude a data processing agreement with each of them.
Supabase, Inc. (hosting and database): our database and authentication; FAD’s data is held in the EU region (Ireland).
Stripe Payments Europe, Ltd. / Stripe, Inc. (payment and verification): the liveness and identity check (Stripe Identity) and payment handling.
Sendinblue SAS (Brevo), France (email): sending service messages and verification codes.
Cloudflare, Inc. (domain, DNS and email routing): our domain infrastructure.
RevenueCat, Inc. (subscription management): managing the in-app subscriptions on top of Apple and Google.
Anthropic, PBC (AI processing of financial documents): the automated reading of income/asset documents (Platinum and Ultra VIP only).
Apple Distribution International Ltd. and Google (app stores): distribution, in-app payments and, where legally required, age signals.
7. International transfers
FAD’s core processing takes place within the European Economic Area (EEA): our database is at Supabase in Ireland and our email runs via Brevo in France. A number of processors are (also) established in the United States, in particular Anthropic and parts of Stripe, RevenueCat, Cloudflare, Apple and Google.
For transfers to the US we rely on appropriate safeguards. The EU-US Data Privacy Framework (DPF) is a valid transfer mechanism: the General Court of the European Union confirmed its validity on 3 September 2025. We rely on the DPF where the processor concerned is DPF-certified (such as Stripe), and we additionally use the European Commission’s Standard Contractual Clauses (SCCs) as a fallback, partly because an appeal against the DPF is still pending before the Court of Justice.
8. How long do we keep data?
Account data: as long as your account exists; after deletion, erased or anonymised within 30 days, including back-ups.
Biometric source material (liveness/identity): not kept by FAD; only a reference and the outcome are kept for as long as your account exists. At Stripe: biometric features deleted within 1 year, other identity data up to 3 years.
Financial source documents: deleted immediately after the assessment; only the outcome is kept.
Chat photos: automatically deleted 8 hours after being sent.
Chat messages: kept as long as the match exists; if either person deletes the match, the conversation disappears for both.
Location (approximate and live): kept no longer than necessary for the display or the session.
Reports and safety data: up to 24 months after handling, or longer if necessary for a legal obligation.
Waiting-list data: until launch in your city or a maximum of 12 months, whichever comes first.
9. How do we secure your data?
Telephone numbers for the avoid feature are processed solely in encrypted/hashed form, never stored in readable form.
Chat photos are held in shielded storage with access rules, so that only the two participants see them.
The voucher screen is protected against screenshots (blocked on Android, detected on iOS after which the voucher expires).
The processing of biometrics is outsourced to a specialised partner (Stripe Identity), so that we do not manage a biometric database ourselves.
10. Your rights
Under the GDPR you have the right of access, rectification, erasure, restriction, data portability and objection. Where we process on the basis of consent, you can withdraw it at any time — in particular your consent for the biometric verification. You can delete your account in the app. Send a request to [email protected]; we respond within 30 days.
11. Minimum age and age verification
FAD is intended solely for persons aged 18 and over. This is a strict lower limit: the app leads to a physical meeting and is connected with the consumption of alcohol. By using the app you declare that you are 18 or older.
At registration we ask for your date of birth. From Silver onward your age is additionally verified via the liveness/identity check. Where the law requires it, we also use the age signals from the app stores and additional age verification that meets the locally applicable requirements (such as the “highly effective age assurance” prescribed by the Online Safety Act in the United Kingdom).
12. Changes to this policy
We may update this policy. For significant changes we show a notice in the app. The date at the top indicates when the policy was last updated.
13. Complaints and contact
Do you have questions or complaints? Email [email protected]. If we cannot resolve it together, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via autoriteitpersoonsgegevens.nl.
14. Region-specific rights
United Kingdom (UK GDPR): users from the UK have equivalent rights. Complaints can be lodged with the Information Commissioner’s Office (ICO) via ico.org.uk. In addition, the obligations of the Online Safety Act apply to FAD in the UK (see chapter 11).
FAD is offered in the Netherlands, the other countries of the European Economic Area and the United Kingdom. The app is deliberately not available worldwide; we do not offer it in jurisdictions we do not yet serve.
© 2026 A.Y.V. Hubers Beheer B.V. — Fancy a Drink is a product of A.Y.V. Hubers Beheer B.V., Rotterdam.