Legal

Policies

Privacy Policy, Cookie Policy, GDPR information and Terms of Service. Last updated 26 June 2026.

Summary

Persocia (“Persocia”, “we”, “us”) provides a link-in-bio platform with traffic analytics, bookings and payments at persocia.com. This page explains, in plain language, what personal data we process, why, on what legal basis, who we share it with, how long we keep it and the rights you have under the EU/UK General Data Protection Regulation (GDPR).

  • We collect only what we need to run the service: your account details, the content you publish, and analytics about visits to your public page.
  • We never sell personal data, and we do not run third-party advertising or cross-site tracking.
  • Payment card data is handled directly by regulated payment providers — we never see or store full card numbers.
  • You can access, correct, export or delete your data at any time (see Your GDPR rights).

1. Who we are

Persocia is the data controller for personal data processed to operate the platform and for visit analytics. For personal data that a creator collects from their own audience (e.g. booking and purchase details), the creator is the controller and Persocia acts as a processor on their behalf — see section 11.

Controller: HiddenFlame, based in Poland (EU). For any privacy question, contact privacy@persocia.com. [add registered address & company/VAT number].

2. Information we collect

2.1 Account holders (creators)

  • Identity & account: name, email address and profile photo from your Google sign-in; the username, display name, bio, avatar, category, time zone and working hours you set.
  • Authentication: sign-in tokens and a session cookie, managed by our authentication layer.
  • Billing: subscription status, trial dates and identifiers from our payment processor (Stripe customer / subscription IDs). We do not store your card number.
  • Connected accounts: access tokens for payment providers (Stripe, PayPal, Mollie, SumUp) and calendars (Google, and others as released) that you choose to connect. These secrets are encrypted at rest.
  • Email sending: if you connect your own email provider, we store its API key encrypted and your sender address.
  • Content: the links, products, events, social links, email templates and availability you create.
  • Support & feedback: feature requests, votes and comments you post.

2.2 Visitors & customers of a creator’s page

  • Analytics: a random, anonymous session identifier (stored in your browser’s local storage), an approximate country/city derived from your IP, device type, browser, operating system, referring source, page views and link clicks. We store only an anonymised IP (the last part is removed) on the visit record — not your full IP.
  • Bookings: the name, email, optional phone number and message you submit, plus the time slot you choose.
  • Purchases: your email, the amount and currency, a payment-provider reference and the payment status.

IP-to-location lookup is performed locally on our servers using an offline database; your IP is not sent to a third-party geolocation service, and only the anonymised form is retained. For visitors in the EEA and UK we ask for consent before storing the analytics identifier; if you decline, we do not store it and do not record your visit or clicks.

3. How we use it & legal bases

Under Article 6 GDPR we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): to create and run your account, publish your page, process bookings and purchases, and provide support.
  • Legitimate interests (Art. 6(1)(f)): to secure the service and prevent fraud and abuse, to produce aggregate traffic statistics for creators, and to maintain and improve the product. We balance these against your rights and you may object (see section 8).
  • Consent (Art. 6(1)(a)): where we ask for it — for example non-essential cookies or optional communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to meet tax, accounting and other legal requirements connected with payments.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not sell it.

4. Cookies & tracking

  • Essential (authentication): a session cookie that keeps you signed in to the app. Without it the app cannot function.
  • Analytics identifier: a first-party anonymous ID stored in your browser’s local storage, used to count unique visits and clicks on a public page. It is not used for advertising and is never shared for cross-site tracking. EEA/UK visitors are asked to consent before it is stored.
  • Product analytics (app only): inside the signed-in app we use a privacy-friendly product-analytics tool (hosted in the EU) to understand feature usage. It is not loaded on public bio pages.

You can clear or block cookies in your browser settings; blocking the essential cookie will prevent sign-in. We do not perform cross-site tracking or behavioural advertising.

5. Sharing & processors

We share personal data only with service providers (processors) that help us run the platform, each under a data-processing agreement:

  • Google — sign-in / authentication.
  • Stripe, PayPal, Mollie, SumUp — payment processing. When a creator connects one of these, that provider processes their customers’ payment data directly.
  • Resend — sending transactional emails (e.g. booking confirmations).
  • Our product-analytics provider (EU-hosted) — usage analytics within the app.
  • Hosting & infrastructure — the provider that hosts our servers and database.

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety and security of Persocia, our users or the public. We do not sell personal data.

6. International transfers

We aim to keep data within the EEA where practical. Some processors (for example certain payment and authentication providers) may process data outside the EEA. Where they do, the transfer is protected by an adequacy decision or by the European Commission’s Standard Contractual Clauses together with appropriate supplementary measures.

7. Data retention

  • Account & content: kept while your account is active. If your subscription lapses or you cancel, your account and associated data are permanently deleted after a short grace period.
  • Analytics: retained to provide statistics; you can request deletion at any time.
  • Bookings & orders: kept for the creator and, where applicable, for the period required by tax and accounting law.
  • Backups: residual copies in backups are overwritten on our normal backup cycle.

8. Your GDPR rights

If you are in the EEA or the UK, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — you can delete your account from settings, or ask us.
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting processing already carried out.
  • Lodge a complaint with your local data-protection supervisory authority.

To exercise any right, email privacy@persocia.com. We respond within one month. If your data was submitted to a creator’s page (e.g. a booking), that creator is the controller — we will help route your request to them.

9. Security

We protect data with encryption in transit (HTTPS), encryption at rest for sensitive secrets such as payment and calendar tokens, scoped access controls and regular updates. No system is perfectly secure, but we work to keep risk low and will notify affected users and regulators of a personal-data breach as required by law.

10. Children

Persocia is not directed to children. You must be at least 16 (or the minimum age of digital consent in your country) to create an account. If you believe a child has provided us personal data, contact us and we will delete it.

11. For bio-page owners (controller & processor)

When visitors interact with your page — booking a slot, making a purchase or being counted in your analytics — you are the data controller for that personal data and Persocia processes it on your behalf as your processor. As controller you are responsible for:

  • having your own lawful basis and, where required, providing your audience with a privacy notice;
  • obtaining any consents you need (for example for marketing you send to people who booked);
  • handling and forwarding data-subject requests, with our assistance;
  • using the data only for the purposes you disclosed.

We will only process this data on your documented instructions, keep it confidential, assist with your GDPR obligations, and delete or return it when you close your account.

12. Terms of Service

12.1 Your account

You are responsible for the activity on your account and for keeping your sign-in secure. Provide accurate information and keep it up to date.

12.2 Acceptable use

You agree not to use Persocia to:

  • break the law or infringe others’ rights (including intellectual-property and privacy rights);
  • publish or sell illegal, harmful, deceptive, hateful or sexually-exploitative content;
  • send spam, run phishing, distribute malware, or attempt to disrupt or reverse-engineer the service;
  • violate the rules of any connected payment provider or process prohibited transactions.

We may suspend or remove content or accounts that breach these terms or applicable law.

12.3 Payments between creators and their customers

Payments your customers make for your products, events or bookings are processed by the payment provider you connect — not by Persocia. Persociais not a party to those transactions and does not hold the funds. You are responsible for fulfilment, taxes, and any refunds or disputes with your customers, in line with your provider’s terms.

12.4 Subscription & billing

Paid plans are billed through our payment processor on the cycle shown at checkout, after any trial. You can cancel at any time from your account; cancellation stops future renewals and your access continues until the end of the paid period. Except where required by law, payments already made are non-refundable. We will give reasonable notice of price changes.

12.5 Availability & warranties

We work to keep Persociaavailable and reliable, but it is provided “as is” and “as available”, without warranties of any kind to the maximum extent permitted by law. We do not guarantee uninterrupted or error-free operation.

12.6 Limitation of liability

To the extent permitted by law, Persocia is not liable for indirect, incidental or consequential damages, or for lost profits, revenue or data. Nothing in these terms limits liability that cannot be excluded by law (such as for death or personal injury caused by negligence, or for fraud). Your statutory consumer rights are unaffected.

12.7 Termination

You may stop using Persocia and delete your account at any time. We may suspend or terminate access for breach of these terms or where required by law. On termination, the data-retention rules in section 7 apply.

12.8 Governing law

These terms are governed by the laws of Poland, and disputes are subject to the competent Polish courts, without affecting any mandatory consumer protections in your country of residence.

13. Changes

We may update these policies as the service evolves or the law changes. We will revise the “last updated” date above and, for material changes, give you reasonable notice. Continued use after a change means you accept the updated terms.

14. Contact

Questions, requests or complaints:

You also have the right to complain to your local data-protection authority. In Poland this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), uodo.gov.pl.