Privacy Policy
This Privacy Policy explains how Shveson ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services. Shveson is operated by Sergei Shveidel as a sole trader.
1. Who We Are (Data Controller)
Sergei Shveidel, operating as Shveson
Berlin, Germany
Email: privacy@shveson.com
2. What Data We Collect
When you register as a business owner:
- Name and email address
- Business name, city, country, and phone number (optional)
- Password (stored as a cryptographic hash — never in plain text)
When your clients book an appointment through your booking page:
- First name, last name, and phone number
- Appointment details (date, time, service)
- Optional notes provided by the client
Automatically collected data:
- Anonymized page view statistics via Cloudflare Web Analytics (no cookies, no personally identifiable data)
- Standard server logs (IP address, browser type) retained for up to 30 days by Cloudflare
3. How We Use Your Data
- To provide and operate the Shveson booking platform
- To send transactional emails (account confirmation, booking notifications)
- To respond to support and privacy inquiries
- To improve the service based on aggregated, anonymized usage data
We do not sell your data. We do not use your data for advertising.
4. Legal Basis for Processing (GDPR)
- Contract performance (Art. 6(1)(b) GDPR) — processing your registration and booking data to deliver the service
- Legitimate interests (Art. 6(1)(f) GDPR) — anonymized analytics to improve the platform
- Consent (Art. 6(1)(a) GDPR) — where you have explicitly agreed, such as optional communications
5. Data Storage and Processors
We use the following third-party processors, all operating under GDPR-compliant terms:
- Supabase — database and authentication, hosted in Frankfurt, Germany (EU)
- Cloudflare — content delivery and anonymized analytics, EU data residency where applicable
- Resend — transactional email delivery
6. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Booking data: retained for 2 years from the booking date, or as required by your local tax regulations
- Server logs: retained for up to 30 days
7. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request that we limit how we use your data
To exercise any of these rights, contact us at privacy@shveson.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. Cookies
Shveson does not use tracking cookies or advertising cookies. Our analytics (Cloudflare Web Analytics) operate without cookies and do not collect personally identifiable information. Essential session data is stored in your browser's local storage solely to keep you logged in.
9. Children's Privacy
Our service is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to registered account holders. The date at the top of this page reflects the most recent update.
Privacy questions? Email us at privacy@shveson.com — we aim to respond within 5 business days.