Privacy Policy
1. Definitions
Provider: Businesses or individuals who create an account to offer services through Suitespace. Customer or End User: Individuals who book or purchase services from Providers. Personal Data: Any information relating to an identified or identifiable individual. Processing: Any operation performed on personal data, such as collection, storage, use, or deletion. Controller: Entity that determines the purposes and means of processing personal data. Processor: Entity that processes personal data on behalf of a Controller. Suitespace acts as: Data Controller for Provider Account Data. Data Processor for Customer booking data processed on behalf of Providers. This Privacy Policy is designed to comply with: GDPR (European Union) KVKK (Türkiye) PIPEDA (Canada) Relevant US state privacy laws (where applicable)
2. Personal Data We Collect
2.1 Data Provided by Providers
- Full name
- Email address
- Password
- Business details
- Service descriptions
- Images and content uploaded
- Subscription and billing information
- Stripe account ID
2.2 Data Provided by Customers (End Users)
This data is processed solely on behalf of the Provider. Providers remain responsible for informing Customers and collecting lawful consents.
- Full name
- Email address
- Phone number (where applicable)
- Booking details
- Event or appointment information
- Messages or notes submitted to Providers
2.3 Automatically Collected Data
- IP address
- Device type and browser type
- Usage logs
- Session information
- Cookies and tracking technologies (analytics and marketing cookies if consented)
2.4 Payment Data
Suitespace does not store credit card numbers. All payment information is processed by Stripe.
3. Purposes of Processing
- Platform operation and account management
- Subscription billing and Provider payments
- Processing bookings and providing platform functionality
- Security monitoring and fraud prevention
- Customer support
- Analytics and performance measurement
- Marketing (only with appropriate permissions)
4. Legal Bases for Processing
We rely on the following legal bases: Performance of a contract (Provider agreements, Customer bookings) Legitimate interest (platform improvement, fraud monitoring) Consent (cookies, marketing preferences) Legal obligations (tax records, security logs)
5. Providers as Data Controllers
When Customers submit personal data during a booking, the Provider is the Data Controller. Provider determines: What Customer information is collected How long it is retained How it is used to deliver services Suitespace only acts as a Data Processor for Customer booking data. Providers must comply with GDPR/KVKK requirements, including: Providing Customer notices Obtaining explicit consents where required Responding to Customer data requests
6. Suitespace as Data Controller
Suitespace is the Data Controller for Provider account data, including: Login credentials Subscription records Account preferences Analytics related to Provider use of the platform
7. Data Retention Policy
Active accounts: Data is retained for the duration of the account. Booking data: Retained for 12 months after account deletion. Financial records: Retained for 5 years in accordance with tax laws. Support tickets: Retained for up to 24 months. Cookies: Retention depends on cookie type and user consent. Data is deleted or anonymized once retention periods expire.
8. International Data Transfers
Suitespace stores and processes data in AWS us-east-1 (N. Virginia, USA). By using Suitespace, you acknowledge and agree that your data may be transferred to and processed in the United States. Safeguards include: Standard Contractual Clauses (SCCs) where applicable Encryption in transit and at rest Strict access controls
9. Cookies and Tracking Technologies
Suitespace uses: Essential cookies (session and security) Analytics cookies (Google Analytics, if consented) Marketing cookies (Meta Pixel, Google Ads, if consented) Users may accept, reject, or customize cookie preferences through the cookie banner. Providers using Suitespace-generated websites are responsible for informing their Customers of cookie usage.
10. Data Sharing
Suitespace may share personal data with: Stripe for payment processing AWS for hosting Email delivery providers Analytics tools (only if consent is provided) Law enforcement (as required by law) Suitespace does not sell personal data.
11. Security Measures
We implement industry-standard security practices including: Encryption at rest and in transit Access control and authentication mechanisms Activity logs Firewall and network protections Regular vulnerability assessments No system is 100 percent secure, but Suitespace continuously improves its security posture.
12. User Rights Under GDPR and KVKK
Users have the right to: Access their personal data Request correction Request deletion ("right to be forgotten") Request data export Object to processing Withdraw consent for cookies or marketing Requests may be sent to privacy@suitespace.app. Suitespace responds within 30 to 90 days depending on request complexity.
13. Children's Data
Suitespace does not knowingly collect personal data from children under 16 without parental consent. Providers offering services to minors are solely responsible for compliance with child privacy regulations.
14. Account Termination
Upon Provider account deletion: Booking data is retained 12 months Financial data is retained 5 years Remaining data is securely deleted or anonymized after applicable periods
15. Third-Party Links
Provider websites hosted on Suitespace may include third-party links. Suitespace is not responsible for the privacy practices of external sites.
16. Modifications to This Policy
Suitespace may revise this Privacy Policy at any time. Continued use of the platform indicates acceptance of updated terms.
17. Contact Information
For questions about this Privacy Policy: support@suitespace.app privacy@suitespace.app
Last updated: January 15, 2026
Ready to Get Started?
Start your free trial today. No credit card required.