StudioFlowy

Privacy Policy

Last updated: October 2, 2025

This Privacy Policy explains how StudioFlowy (“we”, “us”, “our”) collects, uses, and protects personal data when you use our websites, apps, and services. We comply with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Company: Vitalii Bahmet, PE
Address: Bul. Heroiv Krut, 22/66, Chernivtsi, Ukraine
Email: hello@studioflowy.com

2. What Data We Collect

  • Account data: name, email, password hash, role (owner/admin/instructor/parent).
  • Studio data: studio name, locations, schedule, classes.
  • Usage data: device info, IP address, logs, cookies.
  • Payments: handled by Stripe; we don’t store full card details.
  • Children data: only as provided by a parent/guardian (e.g., name, class enrollment, attendance).

3. Why We Process Data (Legal Bases)

  • Contract (Art. 6(1)(b)): to provide the service, authenticate users, run schedules and attendance.
  • Legitimate interests (Art. 6(1)(f)): product analytics, fraud prevention, service security.
  • Consent (Art. 6(1)(a)): marketing emails, optional cookies where required.
  • Legal obligations (Art. 6(1)(c)): tax/accounting compliance.

4. Cookies & Tracking

We use essential cookies for login/session. Analytics/marketing cookies are used only with consent where required. You can control cookies in your browser settings.

5. Processors & Sub-processors

We use trusted service providers to operate StudioFlowy. Key providers include:

  • Hosting/CDN: Vercel (EU/EEA where available)
  • Database: Supabase/Neon (EU region)
  • File storage: Cloudflare R2 / Amazon S3
  • Payments: Stripe
  • Email/notifications: Postmark/Resend (when enabled)

We sign Data Processing Agreements (DPAs) where applicable.

6. Data Retention

We keep personal data only as long as necessary for the purposes above. You can request deletion of your account; we will delete or anonymize data unless we must retain it by law.

7. International Transfers

If data is transferred outside the EEA/UK, we use appropriate safeguards (e.g., Standard Contractual Clauses).

8. Your Rights (GDPR)

  • Access your data
  • Rectify inaccurate data
  • Erase data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (if processing is based on consent)
  • Lodge a complaint with your local Data Protection Authority

9. Children’s Data

Where a studio serves minors, parent/guardian accounts manage a child’s profile and consents. Studios are responsible for collecting appropriate consents from parents/guardians under applicable law.

10. Security

We apply technical and organizational measures (encryption in transit, access controls, backups). No method is 100% secure; we continuously improve our safeguards.

11. Contact

For privacy questions or requests, email privacy@studioflowy.com.

12. Changes

We may update this policy. We will post changes here and update the “Last updated” date.