1. Accounts and Authentication
Models: User, PushToken, AuditLog
Data: email, name, role, onboarding status, preferences, hashed credentials, login/logout events, push tokens.
This page mirrors the internal reference (`docs/legal/data-inventory.md`) and shows which Prisma models hold the personal data we process.
Models: User, PushToken, AuditLog
Data: email, name, role, onboarding status, preferences, hashed credentials, login/logout events, push tokens.
Models: Booking, Payment, Order, UserBalance, UserDebt, WithdrawalRequest, RefundRequest, BalanceLedger
Data: spots, timestamps, statuses, Stripe IDs, credits/debits, bank details (JSON), compliance documents.
Models: Cafe, CafeMember, CafeInvite, PartnerInvite, QRCode, CafeInterest
Data: cafe metadata, addresses, amenities, opening hours, adminSanitized status, invites, QR scan counts.
Models: BookingEvent, WebhookEvent, FeatureFlag, MenuItem, Spot, AuditLog
Data: event logs, webhook payloads, feature toggles, menu snapshots, spot attributes, error traces.
General compliance inquiries: hello@cafework.nl
DPO: dpo@cafework.nl, Support: support@cafework.nl, Legal: legal@cafework.nl
We update this inventory whenever the schema changes and keep the GDPR page in sync.