How we protect your studio's data and your clients' data.
Your Stripe, Netopia, SMTP and other integration keys are encrypted with AES-256-GCM before they reach the database. Account passwords are never stored in plain text; they're hashed with bcrypt. Nobody, not even our own engineering team, can read a key or a password straight out of the database.
Every studio's data is separated at the database level. Every query that touches customer data checks which studio that data belongs to, and this is tested automatically, not just assumed. One studio cannot see or reach another studio's data.
We run a full, encrypted backup every night and send it to a separate location (Google Drive), outside the main server. Every backup's integrity is verified automatically, the same night it's created, not just when we happen to need it.
We don't keep data forever. Leads that never convert into customers are automatically deleted after 24 months. WhatsApp and SMS messages are automatically deleted after 180 days. Every automatic deletion is logged in a GDPR audit trail, so there's always a record of what was deleted and when.
Payments run through Stripe and Netopia. SMS runs through SendSMS.ro. Email runs through a dedicated SMTP provider. WhatsApp messages use the WhatsApp (Meta) network. Each of these providers operates under a Data Processing Agreement. The full list, with details on each one, is public on our sub-processors page.
You can delete your account any time, directly from your account settings. If you'd rather, write to us and we'll delete the data for you. Requests are handled under GDPR (Art. 17, the right to erasure).