Privacy Policy
Last updated: April 1, 2026
1. Data Controller
The data controller for this Service is:
Yoga Bible ApS
Torvegade 66
1400 Copenhagen K, Denmark
CVR: 12345678
Email: privacy@bookingbible.com
When studio operators ("Operators") use BOOKING BIBLE to manage their members, the Operator is the data controller for their member data, and BOOKING BIBLE acts as a data processor. This relationship is governed by our Data Processing Agreement.
2. Data We Collect
Account Data
Name, email address, phone number, date of birth, profile photo, and emergency contact information provided during registration.
Booking and Activity Data
Class bookings, attendance history, check-in records, pass purchases, cancellation history, and class feedback/ratings.
Payment Data
Payment method details are processed and stored by Stripe. We store transaction records, invoice history, and Stripe customer identifiers. We do not store full card numbers or CVV codes.
Health Data
Responses to health questionnaires required for certain class types (e.g., hot yoga). This data is processed with your explicit consent.
Technical Data
IP address, browser type, device information, pages visited, and interaction events collected for analytics, security, and service improvement.
Communication Data
Email delivery status, SMS delivery status, and engagement metrics (opens, clicks) for service communications.
3. Purpose and Legal Basis
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the booking service | Art. 6(1)(b) — Contract performance |
| Processing payments | Art. 6(1)(b) — Contract performance |
| Service communications (confirmations, reminders) | Art. 6(1)(b) — Contract performance |
| Health questionnaires | Art. 9(2)(a) — Explicit consent |
| Marketing communications | Art. 6(1)(a) — Consent |
| Analytics and service improvement | Art. 6(1)(f) — Legitimate interest |
| Legal compliance (tax, accounting) | Art. 6(1)(c) — Legal obligation |
4. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion request.
- Booking history: Retained for 3 years for service quality and dispute resolution.
- Payment records: Retained for 5 years per Danish bookkeeping law (Bogforingsloven).
- Health questionnaires: Retained for 1 year after last activity, then deleted.
- Analytics data: Aggregated and anonymized after 24 months.
- Audit logs: Retained for 2 years.
5. Your Rights
Under GDPR, you have the following rights:
- Right of Access (Art. 15) — Request a copy of your personal data.
- Right to Rectification (Art. 16) — Correct inaccurate personal data.
- Right to Erasure (Art. 17) — Request deletion of your data ("right to be forgotten").
- Right to Data Portability (Art. 20) — Receive your data in a machine-readable format.
- Right to Object (Art. 21) — Object to processing based on legitimate interest.
- Right to Restrict Processing (Art. 18) — Request limitation of processing.
- Right to Withdraw Consent (Art. 7) — Withdraw consent at any time for consent-based processing.
To exercise your rights, email privacy@bookingbible.com or use the data export/delete features in your account settings. We will respond within 30 days.
6. Cookies
We use cookies for essential service functionality (authentication, session management) and, with your consent, for analytics and marketing. You can manage cookie preferences via the cookie consent banner displayed on first visit.
- Essential cookies: Required for the Service to function. Cannot be disabled.
- Analytics cookies: Google Analytics 4 for usage patterns. Opt-in via consent banner.
- Marketing cookies: Meta Pixel and Google Tag Manager for conversion tracking. Opt-in via consent banner.
7. Third-Party Processors
We use the following third-party services to provide the Service:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | EU (Frankfurt) |
| Stripe | Payment processing | EU/US (SCCs) |
| Vercel | Application hosting | EU/US (SCCs) |
| Mux | Video streaming and recording | US (SCCs) |
| Resend | Email delivery | US (SCCs) |
| Gateway API | SMS delivery | EU (Denmark) |
| BunnyCDN | Media content delivery | EU |
| Sentry | Error monitoring | US (SCCs) |
| Google Analytics | Website analytics | US (SCCs, consent-based) |
Where data is transferred outside the EU/EEA, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) or adequacy decisions.
8. Data Protection Officer
For data protection inquiries, contact our Data Protection Officer:
Email: dpo@bookingbible.com
Yoga Bible ApS
Torvegade 66
1400 Copenhagen K, Denmark
9. Supervisory Authority
You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email and a notice on the Service. The "Last updated" date at the top reflects the most recent revision.