Privacy Policy

This policy describes how Easl Space handles personal information when you use easl.space, our marketplace for short-term studio rentals. It applies together with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Personal information means information that relates to an identifiable individual — for example a name, email address, or booking record tied to you.

Easl Space is the data controller for the processing described in this policy. Privacy contact: hello@easl.space

You provide: name; email; phone number (including for verification where we offer it); profile details you choose to add; studio photos and descriptions (hosts); booking-related details; messages between hosts and artists; reviews and ratings; and anything you send when you contact support. Payments: when you pay or receive payouts, card and bank details and related payment data are collected and processed by Stripe (see section 6). We may receive non-sensitive payment-related information needed to run the marketplace (for example that a payment succeeded, amounts, and identifiers Stripe gives us). We do not store full card numbers or equivalent payment credentials on our own servers. Automatically: technical and usage data such as IP address, device/browser type, pages viewed, and similar data — including through cookies (see section 8 and our Cookie Policy at easl.space/cookie-policy). Lawful bases (UK GDPR) — summary: • Name, email, phone — account, bookings, support, security. Contract; where relevant before signup, legitimate interests (responding to you, preventing misuse). • Profile and listing content — operating the marketplace. Contract; legitimate interests (accurate listings). • Booking history, messages, reviews — bookings, communication, trust, disputes. Contract; legitimate interests (safety, fraud prevention); legal obligation where records must be kept (see retention). • Payment data handled by Stripe — paying and receiving payment. Contract. • Cookies / analytics — consent where required for non-essential cookies; legitimate interests for strictly necessary cookies and security; contract where essential for the logged-in service.

We use personal information to run easl.space (accounts, listings, search, bookings); process payments and payouts through Stripe; let hosts and artists communicate about bookings; send service and security messages; detect and prevent fraud, abuse, and misuse; improve the product (including analytics consistent with your cookie choices); and send marketing only where the law allows and, where required, with your consent (you can opt out of promotional email where applicable). We do not sell your personal information.

We may disclose personal information: • Between users where needed for the marketplace (for example host and artist contact and booking details shown as part of a listing or reservation). • To service providers who work for us under contract (see section 6). • For legal reasons — if we believe in good faith that disclosure is required or permitted by law, to protect rights, safety, and the integrity of the platform, or to respond to valid requests from public authorities.

Stripe (including Stripe Connect) — payment processing. Card and bank details and related payment information are handled by Stripe, not stored on Easl Space servers. Stripe operates at high industry security standards (for example PCI DSS Level 1). How Stripe processes payment data is explained in its privacy notice: https://stripe.com/privacy Supabase — database and authentication; SOC 2 Type II; hosted on AWS eu-west-1 (Ireland) for the environments we use for this product. Vercel — frontend / website hosting. Railway — backend / API hosting. Some providers may process data in the United States or other countries outside the UK. Where that happens, we use safeguards recognised under UK law (for example the UK extension to the EU–US Data Privacy Framework, the UK IDTA / Addendum, or UK-approved Standard Contractual Clauses), as set out in our agreements with suppliers.

Core database and authentication data for the service is hosted in the EU (Ireland — AWS eu-west-1). Transfers outside the UK are covered in section 6.

We use cookies and similar technologies as explained in our Cookie Policy: https://easl.space/cookie-policy

Under UK data protection law you may have the right to access, rectify, erase, restrict processing, data portability, and object (including to direct marketing). How to exercise your rights: email hello@easl.space. We may ask you to verify your identity. We aim to respond within one calendar month (we may extend by up to two further months for complex requests and will tell you if so). These rights are not unlimited — for example we may need to retain certain financial records even if you ask for erasure. You may also complain to the UK ICO — see section 14.

Transaction and booking records (including what we need for tax and company law): up to 6 years after the relevant tax year or transaction. Account and profile data: while your account is active, then up to 12 months after closure, unless we must keep certain information longer for legal, tax, or dispute reasons. Messages tied to a booking: 12 months after the booking end date (or after cancellation if there was no stay), unless a longer period is needed for a dispute, claim, or legal obligation. When retention ends, we delete or anonymise data where we can. Backup copies may persist for a limited time.

We use measures including encryption in transit (TLS) and encryption at rest (for example AES-256) where our providers support it, and we limit access to people who need it to run the service. No online service can guarantee perfect security.

The platform is not for under-18s. We do not knowingly collect personal information from children. If you believe we have, contact hello@easl.space and we will take steps to delete it.

We may update this policy and will post the new version here with an updated Last updated date. If changes are material, we may also email you or show a notice in the product.

Privacy: hello@easl.space Supervisory authority (UK): Information Commissioner's Office — https://www.ico.org.uk/