Privacy Policy — Business Customers

Last updated: February 5, 2026 · Version: 1.0

1. Introduction

Lumera Studio Lab ("we", "us") is committed to protecting your personal data. This policy explains what we collect, why, and your rights as a business customer using our booking platform.

2. Data Controller

The data controller for your business account data is Lumera Studio Lab.

[Insert your registered company name, address and contact email here]

3. What Data We Collect

  • Account details: owner name, email, phone
  • Business information: salon name, address, services, working hours
  • Payment information (processed directly by Stripe — we do not store card numbers)
  • Usage analytics: which features you use, login frequency

4. Legal Basis for Processing

We process your data based on contract performance (GDPR Art. 6(1)(b)) — the data is necessary to provide you with the booking platform service. For aggregated analytics we rely on legitimate interest (Art. 6(1)(f)).

5. Data Retention

Active accounts: data is retained for the duration of service plus 7 years to comply with tax and accounting obligations. Deleted accounts: data is permanently erased 30 days after confirmed deletion request.

6. Your Rights

  • Access — download all your data from the Privacy settings page
  • Rectification — edit your information in the dashboard at any time
  • Erasure — delete your account from Privacy settings (30-day grace period)
  • Portability — export your data as JSON
  • Object — cancel your service at any time

7. Sub-Processors

ProcessorPurposeData locationCompliance
Supabase Inc.Database hosting (EU region)EUSOC 2, GDPR DPA
Stripe Inc.Payment processingEUPCI DSS, GDPR DPA
Resend Inc.Transactional emailUSA (SCCs)GDPR DPA
Google LLCCalendar synchronisationEU/USA (SCCs)ISO 27001, GDPR DPA

All sub-processors operate under Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework. We maintain signed DPAs with each.

8. Contact

For data-related questions contact our privacy team.

[Insert your privacy contact email, e.g. [email protected]]