easybook.studio logo
easybook.studio

Privacy Policy

Information on the processing of your personal data in accordance with GDPR

Last updated: January 1, 2026

Privacy at a Glance

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. This privacy policy informs you about the type, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content.

Controller

The controller responsible for data processing on this website is: easybook.studio Christoph Morosoli, c/o embrace yoga, Felsenkellerstr. 1b, 07745 Jena, Germany. Email: contact@easybook.studio

Data Protection Contact

Email: contact@easybook.studio

Data Collection

Data Processing for Studio Owners (Tenants)

Types of Personal Data: We collect the following personal data: Name, email address, phone number (optional), business address (street, postal code, city, country), VAT ID (optional), payment information (Stripe Customer ID, payment method), subscription data (plan, status, billing period), usage data (login times, platform usage), consents (terms acceptance with timestamp and version).

Processing Purposes: Purpose: Provision and management of your account, billing and payment processing, communication regarding the service, improvement of our platform, fulfillment of legal retention obligations.

Legal Basis for Processing: Legal basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(f) GDPR (legitimate interest in platform improvement).

Data Processing for Class Participants (End Users)

Types of Personal Data: We process the following data on behalf of studio owners: First name, last name, email address, phone number (optional), address (optional), profile picture (optional), booking history, attendance data, credits and subscriptions, payment information (Stripe Customer ID), language preference, communication preferences.

Processing Purposes: Purpose: Booking management for studio owners, payment processing on behalf of studios, communication on behalf of studios, provision of the booking platform.

Legal Basis for Processing: Legal basis: Art. 6(1)(b) GDPR (contract performance with the studio owner). Important: The studio owner is the controller for class participant data. We process this data as a processor in accordance with Art. 28 GDPR.

Data Sharing

We only share your data with third parties if this is necessary for contract performance, we are legally obliged to do so, or you have consented.

We use the following service providers:

  • Stripe (payment processing, USA/EU with Standard Contractual Clauses)
  • Supabase (database hosting, EU servers)
  • Cloudflare & Google Cloud (hosting, EU servers)
  • Resend.com (email delivery, USA with Standard Contractual Clauses, no storage of personal data)

Retention Period

We retain personal data as long as the user account or subscription remains active. After termination of the contract, personal data is deleted or anonymized within 90 days unless legal retention obligations apply. Accounting and invoicing data are retained for up to 10 years in accordance with §147 AO and §257 HGB. After deletion requests, we delete data immediately or anonymize them completely.

Your Rights

You have the following rights under GDPR:

Right to Access (Art. 15 GDPR)

You have the right to request information about your personal data processed by us.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate or the completion of your personal data stored by us.

Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data stored by us, unless further processing is necessary.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used and machine-readable format.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

Cookies and Tracking

Our website uses only technically necessary cookies for authentication and security. These cookies are required for the operation of the website and cannot be disabled. We do not use tracking or analytics cookies. Therefore, consent is not required.

Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These include: SSL/TLS encryption for all data transmissions, encrypted data storage, regular security updates, access restrictions and authentication, hosting on secure EU servers.

Contact

If you have questions about these terms, contact us at: contact@easybook.studio