Lodge Connect

Privacy Policy

Last updated: February 2026

1. Data Controller

Lodge Connect is the data controller for the personal data processed through this platform, available at lodgeconnect.co.uk. We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For any data protection queries, please contact us via our contact page or email support@lodgeconnect.co.uk.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Identity data: First name, last name, Masonic rank, honours and investitures
  • Contact data: Email address, telephone number, postal address
  • Dietary data: Dietary requirements and preferences for meeting dining (this may constitute special category data relating to health or religious beliefs)
  • Lodge membership data: Lodge affiliations, lodge roles, and membership history
  • Booking data: Meeting attendance records, dining selections, apologies, and guest bookings
  • Payment data: Payment method chosen, transaction references, and payment status. We do not store or process card numbers — these are handled exclusively by Stripe
  • Technical data: IP address, browser type, and session data necessary for authentication

3. Lawful Bases for Processing

We process your personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

  • Contract performance (Article 6(1)(b)): Processing necessary to provide you with the Platform's services, including managing your account, processing bookings, and handling payments
  • Legitimate interests (Article 6(1)(f)): Processing necessary for the Platform's legitimate interests, such as maintaining security, preventing fraud, improving the service, and enabling lodge administration. We have conducted a legitimate interests assessment and determined that these interests do not override your fundamental rights
  • Consent (Article 6(1)(a)): Where we send optional communications or process data not strictly necessary for the service, we rely on your explicit consent, which you may withdraw at any time

Where we process special category data (such as dietary requirements that may indicate health conditions or religious beliefs), we do so on the basis of your explicit consent under Article 9(2)(a) of the UK GDPR.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing your user account
  • Processing meeting bookings and dining selections
  • Facilitating payments between members and lodges
  • Sending booking confirmations, payment receipts, and meeting reminders
  • Enabling lodge officers to manage meetings, attendance, and dining
  • Generating attendance and dining reports for lodge administration
  • Facilitating the table planning and seating arrangement process
  • Maintaining an audit trail for security and accountability
  • Responding to your enquiries via the contact form

5. Data Sharing

We share your personal data with the following third-party service providers, each of which has appropriate data processing agreements in place:

  • Stripe (payment processing) — Processes card payments on our behalf. Stripe is PCI DSS Level 1 certified. We never receive or store your full card details. See Stripe's Privacy Policy
  • Resend (email delivery) — Delivers transactional emails such as booking confirmations and meeting reminders on our behalf
  • Supabase (database hosting and authentication) — Hosts our database infrastructure in London (eu-west-2) and provides authentication services. All data remains within the UK/EU
  • Vercel (application hosting) — Hosts the Platform in the London region. Vercel processes request data as part of serving the application

We do not sell, rent, or trade your personal data to any third parties. We do not share your data with advertising networks or analytics platforms.

Lodge officers (Secretary, Treasurer, Director of Ceremonies) can access member and booking data for their own lodge only, as required for lodge administration.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Active accounts: Your profile and booking data are retained for as long as your account remains active
  • Deleted accounts: When you request account deletion, personally identifiable information is scrubbed immediately. Your account is deactivated and cannot be recovered
  • Audit logs: Retained for 7 years to comply with financial record-keeping requirements and to maintain the integrity of lodge records
  • Payment records: Retained for 7 years in accordance with HMRC requirements for financial record-keeping

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of all personal data we hold about you. You can export your data from your account settings at any time
  • Right to rectification: You can correct inaccurate personal data through your account profile, or contact us for assistance
  • Right to erasure: You can request deletion of your account and personal data through your account settings or by contacting us
  • Right to restriction: You can request that we restrict processing of your data in certain circumstances
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format
  • Right to object: You can object to processing based on legitimate interests at any time
  • Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing

8. How to Exercise Your Rights

You can exercise most of these rights directly from your account settings page, where you can update your profile, export your data, and request account deletion.

For any requests you cannot complete through your account, or if you do not have an account, please contact us. We will respond to your request within one month, as required by the UK GDPR.

9. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

10. Cookies

We use a minimal number of essential cookies to keep you signed in and ensure the Platform functions correctly. We do not use analytics, advertising, or third-party tracking cookies. For full details, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The “Last updated” date at the top of this page indicates when this policy was last revised. Material changes will be communicated to registered users via email.