Skip to content
StudioBook
Back to home

How we handle your studio's data

Security at StudioBook

Studio owners trust us with their members' bookings, contact details, and payment history. Here's exactly how that data is handled, where it lives, and what happens if something goes wrong.

Where your data lives

All studio data is stored on Supabase Postgres in Frankfurt (eu-central-1). Data is hosted in the European Union under strict data-protection standards that meet or exceed US privacy requirements. Backups are encrypted and retained in the EU as well.

Encryption in transit and at rest

Every connection to StudioBook uses HTTPS with TLS 1.2 or higher — enforced by HSTS, no fallback. The database encrypts data at rest with AES-256. Edge functions run inside Supabase's isolated runtime; they never log payment details or auth tokens.

Payments and card data

We don't store credit-card numbers. Every payment runs through Stripe Connect — Stripe is PCI-DSS Level 1 certified and handles the card data directly. Money goes from your members to your own Stripe Connect account, then to your bank. StudioBook never touches the funds.

Who else processes your data

Four sub-processors: Supabase (database, auth, storage — Frankfurt), Stripe Payments (payments, Connect onboarding — global, PCI-DSS Level 1), Resend (transactional email), and Vercel (hosting the dashboard and marketing site — global edge). A current list with each sub-processor's role is in our Privacy Policy.

Your privacy rights

You can export, correct, or delete every piece of data at any time. The dashboard exports members, bookings, payments, and notes as CSV in two clicks. CCPA, CPRA, and other US state privacy requests are handled within 45 days — write to privacy@studiobook.app.

If something goes wrong

We notify affected studio owners promptly upon confirming a personal-data breach, in line with state breach-notification laws (typically 30-90 days depending on state). Suspected vulnerabilities or security questions go to security@studiobook.app — we read every email.

Leaving StudioBook

Your data is yours. If you decide StudioBook isn't for you, export everything and we'll close the account on request — no retention games, no hidden lock-in.