Skip to content
StudioBook
Back to home

How we handle your studio's data

Security at StudioBook

We're a German company. Studio owners trust us with their members' bookings, contact details, and payment history. Here's exactly how that data is handled, where it lives, and what happens if something goes wrong.

Where your data lives

All studio data is stored on Supabase Postgres in Frankfurt (eu-central-1). No data leaves the European Union for storage. Backups are encrypted and retained inside the EU as well.

Encryption in transit and at rest

Every connection to StudioBook uses HTTPS with TLS 1.2 or higher — enforced by HSTS, no fallback. The database encrypts data at rest with AES-256. Edge functions run inside Supabase's isolated runtime; they never log payment details or auth tokens.

Payments and card data

We don't store credit-card numbers. Every payment runs through Stripe Connect — Stripe is PCI-DSS Level 1 certified and handles the card data directly. Money goes from your members to your own Stripe Connect account, then to your bank. StudioBook never touches the funds.

Who else processes your data

Four subprocessors, all GDPR-compliant: Supabase (database, auth, storage — Frankfurt), Stripe Payments Europe (payments, Connect onboarding — Ireland HQ, EU data-residency for EU customers), Resend (transactional email — EU region), and Vercel (hosting the dashboard and marketing site — global edge with SCC and DPA). A current list with each subprocessor's role and DPA link is sent on request.

Your rights under the GDPR

You can export, correct, or delete every piece of data at any time. The dashboard exports members, bookings, payments, and notes as CSV in two clicks. We sign a DPA (Auftragsverarbeitungsvertrag) on request — write to hello@studiobook.app and we'll send it the same day.

If something goes wrong

We notify affected studio owners within 72 hours of confirming a personal-data breach, as required by Art. 33 GDPR. Suspected vulnerabilities or security questions go to security@studiobook.app — we read every email.

Leaving StudioBook

Your data is yours. If you decide StudioBook isn't for you, export everything and we'll close the account on request — no retention games, no hidden lock-in.