Privacy Policy

Last updated: February 27, 2026

1. Scope

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and how we protect it.

1A. Controller Identity

The data controller for this service is WorkStudio.Online.

Privacy contact: mail@workstudio.online

2. Data We Collect

• Account data: email, password hash, account ID, status, and account timestamps.
• Security/access data: IP address, login attempts, activation/recovery events, and session security metadata.
• Usage data: app and modal events used to understand and improve the product.
• Admin analytics data: IP-to-country mapping (GeoLite2), visible only in admin activity tools.
• Optional profile data: given name and family name.

3. Why We Process Data

• To create accounts and provide login/authentication.
• To protect the platform and prevent abuse.
• To improve features and usability based on usage patterns.
• To review traffic regions and suspicious activity in admin-only security analytics.
• To send service emails (activation, password reset, security notices).

4. Data Sharing

WorkStudio.Online does not sell or share registered user data with external parties for marketing.

We may disclose data only when required by law or when necessary to protect security, rights, or the service.

Account/profile data is not shared externally except in those cases.

4A. Processors and Transfers

WorkStudio.Online is hosted on Google Cloud Platform (GCP) infrastructure in Europe.

We may also use providers for email and security under contractual controls.

Our normal setup is processing in Europe/EEA. If a transfer outside the EEA is needed, we apply GDPR safeguards and update this policy.

5. Legal Basis and GDPR

Where GDPR applies, we rely on:

• Contract: to provide account and service features you request.
• Legitimate interests: security, abuse prevention, and service improvement.
• Legal obligations: where laws require processing or recordkeeping.
• Consent: only where legally required.
• Your rights may include access, correction, deletion, restriction, portability, and objection (subject to legal/security limits).
• You can withdraw consent where consent is the legal basis.

6. Retention

We keep account and security data only as long as needed to run the service, meet legal obligations, and prevent abuse.

7. Security

We use technical and organizational security controls, including password hashing, access controls, request protections, and logging. No online service is 100% risk-free.

8. Cookies

WorkStudio.Online currently uses only first-party essential cookies for core operation (sessions/authentication, CSRF protection, and security controls).

We do not currently use third-party analytics cookies. Admin analytics currently use first-party server logs.

If optional analytics cookies are added later, consent controls will be shown where required by law.

9. Contact

For privacy requests or questions, contact: mail@workstudio.online