Back to Home

Privacy Policy

Last Updated: April 2026

WINDMILL ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal information in connection with our membership platform and services (windmillpassport.com).

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when using our platform:

  • Account Information: Full name, email address, phone number
  • Profile Information: Date of birth, nationality, profile photo
  • Payment Information: Credit card and billing address (processed by 2Checkout; we do not store raw card data)
  • Identity Verification: Identity documents (passport, national ID, driver's license) and facial imagery provided to Veriff for KYC verification
  • Event Information: RSVP history, guest information, attendance records
  • Communication: Messages, feedback, and support inquiries

1.2 Information Collected Automatically

  • Device & Usage Data: IP address, browser type, device type, operating system, pages visited, timestamps
  • Cookies & Tracking: Session cookies for authentication and necessary functionality
  • Analytics: How you interact with our platform to improve our services

2. How We Use Your Information

We use your information for the following purposes:

  • Providing and maintaining membership services
  • Processing payments and managing subscriptions
  • Verifying your identity (KYC compliance)
  • Enabling event RSVPs and access
  • Sending transactional emails (confirmations, receipts, reminders)
  • Communicating important updates about your membership
  • Preventing fraud and ensuring platform security
  • Improving our services and user experience
  • Complying with legal and regulatory obligations
  • Responding to your inquiries and support requests

3. How We Share Your Information

We only share your information with third parties as necessary:

  • 2Checkout: Payment processor (PCI-DSS compliant). We share payment information and billing details only.
  • Veriff: Identity verification provider. We share name, identity documents, and facial imagery for KYC compliance.
  • Resend: Email service provider. We share name and email for transactional emails.
  • Supabase: Database hosting provider. All data is encrypted at rest and in transit.
  • Legal Requirements: We may disclose information if required by law or court order.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

  • Account Data: Retained while your account is active. After you request deletion, we retain data for 30 days before permanent deletion.
  • KYC Records: Retained for the duration of your membership plus 5 years thereafter, as required by financial regulations.
  • Payment Records: Retained per PCI-DSS and local tax law requirements (typically 7 years).
  • Email Communications: Retained for transactional purposes and customer service unless you request deletion.

5. Your Privacy Rights

Under the EU General Data Protection Regulation (GDPR) and similar privacy laws, you have the right to:

  • Access: Request a copy of your personal information we hold
  • Rectification: Correct inaccurate or incomplete information
  • Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements
  • Restrict Processing: Limit how we use your information
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Opt out of non-essential processing
  • Withdraw Consent: Withdraw your consent to specific processing at any time

To exercise any of these rights, contact us at privacy@windmillpassport.com. We will respond within 30 days.

6. Cookies & Tracking Technologies

We use cookies strictly for necessary functionality (session management, authentication, security). We do not use cookies for advertising or non-essential tracking.

Cookie Types:

  • Session Cookies: Expire when you close your browser
  • Authentication Tokens: Keep you logged in securely

You can disable cookies in your browser settings, but this may limit functionality.

7. Auto-Renewal & Subscription Disclosures

Your WINDMILL membership is a €300/year auto-renewing subscription. Per EU consumer protection regulations:

  • You receive clear, advance notice of renewal dates and amounts before charging
  • You can cancel anytime from your account settings with immediate effect on future renewals
  • You can request cancellation by emailing support@windmillpassport.com

8. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt or similar)
  • Regular security audits and vulnerability testing
  • Strict access controls for staff

However, no system is completely secure. While we work to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

WINDMILL operates within the EU. If we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure compliance with GDPR.

10. Children's Privacy

WINDMILL is not intended for users under 18. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites. This Privacy Policy does not apply to those sites. We encourage you to review their privacy policies independently.

12. Policy Changes

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting the updated policy on our website with a new "Last Updated" date. Your continued use of WINDMILL after changes signifies acceptance.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

  • Email: privacy@windmillpassport.com
  • Website: windmillpassport.com

For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.