Privacy Policy
1. Introduction
This Privacy Policy describes how Fika, LLC, doing business as Roomfora (“Roomfora”, “we”, “us”) collects, uses, and shares information about you when you use our platform, including our websites, operator dashboard, and the branded lobby pages operators publish through us.
This policy covers two kinds of people:
- Operators — the businesses that use Roomfora to run a coworking space.
- Bookers — the members and visitors who book workspace through an operator's lobby. If you are a booker, the operator you booked through is also a data controller for their own use of your information; please also read their privacy notice.
2. Information we collect
2.1 From operators
- Account details: name, email, business name, phone number, your operator logo and branding assets.
- Payment details via Stripe: business identity information required for KYC, payout bank account details. Card numbers, if you ever enter them, are handled entirely by Stripe — they never touch Roomfora's servers.
- Operational data you upload: resource listings, pricing, photos, policies.
2.2 From bookers
- Booking details: name, email, booking date and time, selected resource, any notes you added.
- Payment information via Stripe: card details (tokenized by Stripe), billing address.
2.3 Collected automatically
- Device and browser metadata (user agent, screen size, locale).
- IP address and approximate location derived from it.
- Pages visited, clicks, and other product usage events.
- Session recordings through PostHog — see Section 5 below; sensitive input fields are masked by default.
- Cookies and similar technologies — see Section 5.
3. How we use information
- Run the Service. Authenticate you, display your data, process bookings, send receipts and confirmations.
- Billing and payouts. Calculate platform fees, settle payouts via Stripe Connect, and produce invoices.
- Support. Respond to your questions and diagnose issues. Support staff may view your account to help you when you ask us to.
- Product improvement. Understand how the Service is used and fix things that are broken.
- Security and fraud prevention. Detect abuse, probe attempts, and fraud against operators or bookers.
- Legal compliance. Respond to lawful requests and meet our obligations under applicable law.
4. Third-party services we use
We rely on the following vendors (“sub-processors”) to run the Service. Each vendor only receives the data needed for its role and is bound by a data processing agreement with us. The same list — with our notification commitment for new vendors — is also published at /legal/subprocessors.
| Vendor | Purpose | Data category |
|---|---|---|
| Clerk | Authentication & identity | Email address, name, login metadata |
| Stripe (incl. Stripe Connect) | Payments, payouts, KYC for connected operator accounts | Name, email, business details, payout bank details, card data (tokenized; never touches our servers) |
| Neon | PostgreSQL database hosting | All application data, encrypted at rest |
| Vercel | Application & edge hosting | Request logs, IP addresses, deployment metadata |
| Resend | Transactional email delivery | Recipient email, subject, body |
| Sentry | Error monitoring & performance tracing | Stack traces, request paths, user ID (no passwords, no payment data) |
| PostHog | Product analytics & session replay | Page views, clicks, session recordings (sensitive fields masked) |
About PostHog session replay: session replay is currently active across Roomfora. PostHog records clicks, navigation, and an anonymized replay of your session so we can see how people actually use the product. Text input fields are masked by default and we do not record fields containing payment or password information. If you would prefer we not record your sessions, email privacy@roomfora.com and we will opt your account out.
5. Cookies and tracking
- Clerk sets session cookies required for you to stay logged in. These are strictly necessary to use the Service.
- PostHog sets cookies to attribute sessions and enable session replay. An opt-out link will be published here once a dedicated preferences page is available.
- Stripe may set cookies on our checkout pages for fraud prevention. Those cookies are governed by Stripe's privacy policy.
We do not use advertising cookies and we do not sell personal information.
6. Data retention
We keep personal information for as long as your account is active, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize account information within a reasonable period unless we are required by law to retain it (for example, financial records for tax purposes).
7. Your rights
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. You can exercise many of these rights from your account settings. You can also email privacy@roomfora.com and we will respond within a reasonable time.
If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.
8. International transfers
Roomfora is based in the United States and uses US-hosted infrastructure (Vercel, Neon). If you are accessing the Service from outside the US, your information will be transferred to, stored in, and processed in the US. Where required, we rely on Standard Contractual Clauses with our sub-processors as the legal basis for international transfers.
9. Security
We take reasonable technical and organizational measures to protect information, including:
- TLS in transit for all traffic to Roomfora;
- Password hashing and session management by Clerk;
- Database encryption at rest through Neon;
- Least-privilege access to production systems for our team.
No online service is perfectly secure. If we become aware of a breach affecting your personal information we will notify you as required by law.
10. Children's privacy
Roomfora is not directed to children under 13 (or the minimum age in your country, if higher). Clerk enforces an age floor at signup. If you believe a child has provided us personal information, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date below and, where appropriate, notify you by email or through the Service.
12. Contact
Questions about this policy or our data practices? Email privacy@roomfora.com.
Last updated: