Privacy Policy – 2cents.club
Last Updated: March 25, 2026
1. Introduction and Scope
2cents.club ("Company", "we", "our", "us") is an online platform that enables users to generate booking links and earn rewards for eligible travel reservations. We are based in the Province of Quebec, Canada.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our website, platform, and all related services (collectively, the "Services"). It applies to all website visitors, registered users, and anyone who interacts with our Services.
By accessing or using our Services, creating an account, or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.
If you do not agree with this Policy, please do not access or use our Services.
2. Definitions
In this Privacy Policy, the following terms have the meanings set out below:
- "Personal Information" means any information that can be used, alone or in combination with other information, to identify an individual. Information that has been irreversibly anonymized or aggregated so that it can no longer, whether on its own or in combination with other information, be attributed to an identifiable individual, is not considered Personal Information under this Policy.
- "Service" or "Services" means the 2cents.club platform, website, and all related tools and features we provide.
- "Website" means 2cents.club and any subdomains operated by us.
- "User," "You," or "Your" means any individual who accesses or uses the Services, whether as a visitor or registered account holder.
- "Account" means a registered user account created on our platform.
- "Third-Party Partners" means booking providers and service partners with whom we integrate to enable the Services.
- "Stripe" means Stripe, Inc., our third-party payment processor.
3. Information We Collect
We collect personal information from the following sources and in the following categories:
(a) Information You Provide Directly
- Account registration details: email address and password.
- Communications you send to us, including support requests and feedback.
- Identity verification information when required to process a withdrawal or comply with legal obligations.
- Cryptocurrency wallet addresses or Stripe account details when connecting a payout method.
(b) Information Collected Automatically via Third-Party Analytics
We do not store device, browser, or IP data in our own database. However, the third-party analytics scripts we load in production (Microsoft Clarity, Google Analytics) automatically collect the following data on our behalf and subject to their own privacy policies:
- Device type, operating system, and screen resolution — collected by Microsoft Clarity.
- Browser type and version — collected by Microsoft Clarity and Google Analytics.
- IP address and approximate geographic location — collected by Microsoft Clarity; Google Analytics collects IP with
anonymize_ipenabled, meaning the last octet is masked before storage. - Usage data: pages visited, time on page, click patterns, and referral source — collected by Google Analytics.
- Session recordings: mouse movements, scrolling behaviour, and page interactions — collected by Microsoft Clarity (see Section 11 for opt-out instructions).
(c) Information from Third-Party Partners
- Booking confirmation data from travel providers necessary to validate and credit rewards.
- Booking status updates (completed, cancelled, or modified) to determine reward eligibility.
- Commission and reward eligibility data from our affiliate network.
(d) Payment Information (via Stripe)
- We do not collect or store credit card numbers, bank account details, or other sensitive payment credentials. All payment data is collected and processed directly by Stripe.
- We receive from Stripe: transaction confirmation status, payout status, and account connection status.
- Stripe's handling of your payment information is governed by Stripe's Privacy Policy.
4. Legal Bases for Processing
Where applicable privacy law requires a legal basis for processing your personal information, we rely on the following:
- Consent: For marketing communications, Microsoft Clarity and Microsoft Advertising tracking, and non-essential cookies. You may withdraw consent at any time as described in Section 8.
- Performance of Contract: Processing necessary to operate your account, generate booking links, track and credit rewards, and process withdrawals via Stripe.
- Legitimate Interests: Fraud prevention, platform security, service improvement, and aggregate analytics, where our interests are not overridden by your fundamental rights.
- Legal Obligation: Tax reporting, compliance with court orders or regulatory requests, and financial record-keeping required by law.
5. How We Use Your Information
We use your personal information for the following purposes:
- To provide, operate, and maintain the Services — including generating booking links, tracking bookings, and processing rewards.
- To create and manage your Account and verify your identity where required.
- To process payment withdrawals through Stripe and to credit earned rewards to your Account.
- To communicate with you about your Account, rewards, and service updates. With your consent, we may also send marketing communications. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us at [email protected].
- To monitor and analyze usage patterns in order to improve the Services and develop new features.
- To detect, investigate, and prevent fraudulent activity, platform abuse, or violations of our Terms & Conditions.
- To comply with applicable legal obligations and respond to lawful requests from government or regulatory authorities.
- To enforce our Terms & Conditions and protect the rights, property, or safety of the Company, our users, or others.
6. Sharing and Disclosure
We do not sell your personal information to third parties. We share your personal information only in the following circumstances:
- (a) Service Providers: Third-party companies that perform services on our behalf, such as cloud hosting, analytics, and customer support. These providers are contractually obligated to use your information only for the purposes of the services they provide to us.
- (b) Payment Processor (Stripe): We share booking and account data necessary for Stripe to process your withdrawals. Please refer to Stripe's Privacy Policy for details on how Stripe handles your data.
- (c) Third-Party Booking Partners: Booking-related information is shared with our affiliate and booking partners to track and validate reservations. For operational and contractual reasons, we do not disclose the identity of our partners to users. This information constitutes confidential business information of the Company.
- (d) Legal Requirements: We may disclose your personal information when required by applicable law, regulation, legal process, or governmental request; to enforce our Terms & Conditions; or to protect the rights, privacy, safety, or property of the Company, our users, or the public.
- (e) Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your personal information may be transferred to the acquiring entity. We will notify you by email and by posting a prominent notice on our website before your personal information becomes subject to a different privacy policy.
7. Cross-Border Data Transfers
We are based in the Province of Quebec, Canada. Your personal information may be transferred to and processed in Canada and in other countries where our service providers operate, including countries outside Canada and the European Economic Area.
Please be aware that these countries may not provide the same level of data protection as your home jurisdiction. By using our Services, you consent to the transfer of your personal information to these jurisdictions.
Where required by applicable law, we implement appropriate safeguards for cross-border transfers, such as contractual provisions that require recipients to protect your personal information in accordance with applicable privacy standards.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request correction of inaccurate or incomplete personal information.
- Right to Deletion: You may request deletion of your personal information, subject to our legal retention obligations.
- Right to Data Portability: Where applicable, you may request that we provide your personal information in a structured, commonly used, machine-readable format.
- Right to Withdraw Consent: Where we process your personal information based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to Object: You may object to the processing of your personal information where we rely on legitimate interests as the legal basis.
- Right to Restrict Processing: You may request that we restrict the processing of your personal information in certain circumstances.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, including the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or your local data protection authority.
To exercise any of these rights, contact our Privacy Officer at [email protected]. We will respond within 30 days of receiving your request. We may require identity verification before processing your request.
9. Cookies and Tracking Technologies
Cookies are small text files placed on your device by websites you visit. We use cookies and similar tracking technologies to operate and improve our Services. When you first visit 2cents.club, a cookie consent banner allows you to accept, reject, or customize non-essential cookies. You can update your preferences at any time via our Cookie Preferences page. Your consent choices are stored in your browser for 180 days.
Cookie Categories
(a) Necessary Cookies — Always Active
These cookies are required for the platform to function. They cannot be disabled through the consent banner.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _twocentsclub_session | 2cents.club | Maintains your authenticated session and protects against cross-site request forgery (CSRF) | First-party, HTTP-only, Secure | Session (cleared when browser closes) |
(b) Analytics Cookies — Require Consent
These cookies help us understand how visitors use our website. They are only activated after you provide consent via the cookie banner, except where noted.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users by assigning a randomly generated number as a client identifier | First-party | 2 years |
| _ga_* | Google Analytics 4 | Maintains session state and stores event data for Google Analytics 4 property | First-party | 2 years |
| _gid | Google Analytics | Distinguishes users within a 24-hour session window | First-party | 24 hours |
| _gat | Google Analytics | Throttles request rate to Google's servers | First-party | 1 minute |
| _clck | Microsoft Clarity | Persists a unique user ID to stitch sessions across page views for session replay | First-party | 1 year |
| _clsk | Microsoft Clarity | Connects multiple page views within a single Clarity session replay | First-party | 1 day |
Note: Google Analytics is implemented with Google Consent Mode v2. When analytics consent is denied, Google Analytics sends cookieless pings only and does not set the cookies listed above. Microsoft Clarity currently loads on all page visits; we are working to fully gate Clarity behind consent.
(c) Marketing / Advertising Cookies — Require Consent (Currently Inactive)
The following cookies are supported by our platform infrastructure but are not currently active. They may be enabled in a future update with advance notice. Consent will be required before any marketing cookies are set.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _fbp | Facebook (Meta) | Tracks visits across websites for Facebook advertising and conversion measurement | Third-party | 90 days |
| _fbc | Facebook (Meta) | Stores the Facebook click identifier from the ad that directed the visit | Third-party | 90 days |
| _gcl_au | Google Ads | Stores and tracks conversions from Google Ads campaigns | First-party | 90 days |
| fr | Facebook (Meta) | Used by Facebook for targeted advertising and measuring ad relevancy | Third-party | 90 days |
(d) Browser Storage (not cookies)
We use browser localStorage (not traditional cookies) to store the following:
| Key | Purpose | Duration |
|---|---|---|
| cookieConsent | Stores your cookie consent preferences (necessary, analytics, marketing) so the banner does not reappear | 180 days from last choice |
Managing Cookies: You can update your cookie preferences at any time on our Cookie Preferences page. You can also control cookies through your browser settings — most browsers let you refuse, delete, or be notified when cookies are set. Note that disabling necessary cookies will impair platform functionality including login.
10. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods include:
- Account data: Retained for the duration of your Account and for up to 7 years after account closure to meet our legal and tax obligations.
- Booking and transaction data: Retained for up to 7 years to comply with tax and financial reporting requirements under applicable law.
- Usage and analytics data: Retained in anonymized or aggregated form for up to 3 years.
- Customer communications: Retained for up to 3 years for customer support and dispute resolution purposes.
When personal information is no longer required, we will delete or anonymize it in a secure manner.
11. Microsoft Clarity and Microsoft Advertising
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay. This data helps us improve and market our Services. Website usage data is captured using first-party and third-party cookies and other tracking technologies to determine the popularity of features and monitor online activity. We also use this data for site optimization, fraud and security purposes, and advertising effectiveness measurement.
Microsoft Clarity's session replay technology may capture mouse movements, clicks, scrolling behavior, and page interactions during your visit. We configure Microsoft Clarity to mask sensitive form fields (such as passwords) to prevent capture of personally identifiable input data.
Opt-out: You may opt out of Microsoft Clarity tracking by:
- Adjusting cookie preferences in your browser settings to block third-party cookies.
- Using a browser extension that blocks analytics and tracking scripts.
- Visiting Microsoft's privacy dashboard to manage your Microsoft advertising and analytics preferences.
Please note that opting out may not remove all tracking immediately and will not affect data already collected. For more information about how Microsoft collects and uses data, visit the Microsoft Privacy Statement.
12. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Internal policies and procedures that limit access to personal information on a need-to-know basis.
- Physical, electronic, and procedural safeguards appropriate to the sensitivity of the information held.
- Encryption of data in transit using TLS/SSL and encryption at rest where applicable.
- Access controls and authentication mechanisms for all systems that store or process personal information.
- Regular security assessments and monitoring of our infrastructure.
- Contractual obligations imposed on service providers and data processors requiring them to maintain equivalent security measures.
Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information. You use the Services at your own risk. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.
13. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at [email protected]. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information as promptly as possible.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes that significantly affect how we handle your personal information — such as changes to data sharing practices, legal bases for processing, or your rights — we will provide at least thirty (30) days' advance notice by sending an email to your registered account address and by posting a prominent notice on our website before the change takes effect.
For non-material changes — such as typographical corrections, formatting updates, or clarifications that do not alter the substance of the Policy — we will update the "Last Updated" date at the top of this page without advance notice.
Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated Policy, you must stop using the Services before the effective date and may request deletion of your personal information by contacting us at [email protected].
We encourage you to review this Policy periodically to stay informed about how we protect your information.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact our Privacy Officer:
- Privacy Officer, 2cents.club
- Email: [email protected]
- Jurisdiction: Province of Quebec, Canada
We aim to respond to all privacy-related inquiries within 30 days of receipt.
You also have the right to contact the Office of the Privacy Commissioner of Canada if you are not satisfied with our response: www.priv.gc.ca.