Skip to content
Back to home

AVG / GDPR

Privacy policy

Last updated: March 2026

1. Who are we?

Hops is a product of Zentoria, based in the Netherlands. We offer a hospitality management platform that lets restaurants and hospitality venues digitise their daily operations. In this privacy policy we explain what personal data we collect, why we collect it and how we handle it.

2. What data do we collect?

  • Account data: name, email, password (encrypted), phone number (optional)

  • Company data: company name, address, opening hours, KVK number

  • Usage data: login times, modules used, IP address, browser information

  • Module data: hours, tasks, messages, temperature logs and other module-specific input

  • Location data: GPS location at clock-in/clock-out (Hours module, with consent only)

  • Payment data: invoice details, payment history (processed via Mollie/Stripe)

3. Why do we collect this data?

  • Delivering and improving our services

  • Account authentication and security

  • Invoicing and payment processing

  • Sending service messages (no marketing without consent)

  • Complying with legal obligations (GDPR, tax)

  • Detecting and preventing fraud and abuse

4. Legal bases

We process personal data based on: performance of the contract (delivering the platform), legitimate interest (security, fraud prevention), legal obligation (tax retention) and consent (location data, marketing).

5. Security

We take the protection of your data seriously. We use:

  • AES-256-GCM encryption for personal data (PII)

  • HTTPS/TLS for all connections via Cloudflare

  • Single Sign-On (SSO) via Microsoft Entra with JWT verification

  • Rate limiting and CSRF protection on all API endpoints

  • Daily encrypted backups with 30-day retention

  • Servers in Europe (Microsoft Azure, West Europe region)

6. Sharing with third parties

We share your data with third parties only when necessary for the service:

  • Mollie/Stripe: for payment processing

  • Cloudflare: for HTTPS, DNS and DDoS protection

  • Google (optional): Google Sheets/Drive integrations you enable yourself

We never sell personal data to third parties.

7. Retention periods

We keep personal data no longer than necessary. Account data is kept as long as your account is active. On deletion, data is permanently erased within 30 days. Financial data is kept for 7 years per tax retention obligations.

8. Your rights

You have the right to:

  • Access your data (right of access)

  • Correct your data (right to rectification)

  • Delete your data (right to erasure)

  • Transfer your data (right to portability)

  • Object to processing

  • Lodge a complaint with the Dutch Data Protection Authority

Contact us at privacy@hopsapp.nl to exercise your rights. We respond within 30 days.

9. Cookies

Hops uses functional cookies for authentication (__Host-session) and session management. We don't use tracking cookies or third-party analytics. Cookies are httpOnly and host-bound per subdomain.

10. Changes

We may change this privacy policy. For material changes we'll notify you by email. The current version is always on this page.

Contact

Zentoria
Email: privacy@hopsapp.nl

Privacy policy — Hops · Hops