Privacy Policy

Soho House operates this website and the membership services accessible through it (collectively, the "Service"). This privacy policy explains how we collect, use, store, and protect your personal data when you use our Service.

We collect information you provide directly when you apply, hold a membership, use the Service, or contact us. This includes: - Membership information: name, email address, password (hashed, never stored in plain text) - Application information: your work, your proposers, and what you tell us about yourself - Billing information: processed securely by our payment processor. We do not store card numbers. - Usage data: bookings, events attended, and visits to your House - Communications: emails, requests, and feedback you send us We also collect information automatically: - Device information: browser type, operating system, screen resolution - Network information: IP address, approximate location (country/region) - Cookies: session cookies for authentication. See section 6 for details.

We use your data to: - Run your membership: take your application to committee, authenticate your account, settle bills - Look after the Houses: book your tables and rooms, and tell you what is on - Improve the Service: understand usage to fix problems and make the experience better - Communicate with you: send membership emails (confirmations, receipts, notices) - Keep things safe: detect and prevent fraud, abuse, and unauthorized access - Meet legal obligations: tax reporting and lawful requests We do NOT sell your personal data. We do NOT use your data for advertising.

We share your data only with: - Payment processor: to process membership dues and payments - Hosting providers: to run the Service infrastructure (servers, databases, CDN) - Email provider: to send membership emails (confirmations, receipts, notices) - Analytics: to understand aggregate usage patterns (no individual tracking) All third-party providers are bound by data processing agreements. We only share the minimum data necessary for each provider to perform their function. We may also disclose data if required by law, regulation, legal process, or governmental request.

You have the right to: - Access: request a copy of the personal data we hold about you - Rectification: correct inaccurate or incomplete data - Deletion: request deletion of your account and associated data - Portability: receive your data in a structured, machine-readable format - Objection: object to processing of your data for specific purposes - Restriction: request restriction of processing in certain circumstances If you are in the European Economic Area (EEA), these rights are guaranteed under the General Data Protection Regulation (GDPR). If you are in California, you have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact the membership team.

We use cookies for: - Authentication: session cookies to keep you signed in (essential, cannot be disabled) - Preferences: remembering your settings (theme, language, sidebar state) We do NOT use cookies for advertising or cross-site tracking. We do NOT use third-party tracking cookies. You can clear cookies at any time through your browser settings. Clearing authentication cookies will sign you out.

We implement industry-standard security measures: - Encryption in transit: all connections use TLS 1.2+ (HTTPS) - Encryption at rest: database encryption for stored data - Password hashing: passwords are hashed (never stored in plain text) - Access controls: role-based access limits who can view member data - Monitoring: automated alerts for suspicious activity No system is 100% secure. If you discover a security vulnerability, please report it to the membership team.

We retain your data for as long as your membership is active. When you close your account: - Account data (profile, preferences): deleted promptly - Billing records: retained for 7 years for tax compliance - Anonymized analytics: retained indefinitely (not linked to your identity) - Backups: purged within 30 days of account closure You can request prompt deletion of all your data by contacting the membership team.

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact the membership team and we will delete it.

We may update this privacy policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact the membership team.