1. Data Controller
The data controller responsible for your personal data is:
MB Programų sprendimai
Company code: 304418651
VAT number: LT100011452314
Address: Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
Email: [email protected] 2. What Data We Collect
When you use the eile platform, we may collect the following personal data:
As a customer booking an appointment:
- Full name
- Phone number
- Email address (optional)
- Notes or special requests you provide
As a service provider using the eile app:
- Full name, email, phone number
- Business name, address, and phone
- Staff member information (names, contact details, working hours)
- Client records (names, contact details, appointment history, birthday, allergies, notes, tags)
- Service and pricing information
- Financial records (revenue, expenses, receipts)
- Profile photos, service images, and gallery photos
As a staff member:
- Full name, email, phone number
- Working hours and schedule
- Assigned services and experience level
When contacting us:
- Name, email address, and the content of your message submitted through our contact form
Automatically collected data:
- Device tokens for push notifications (Firebase Cloud Messaging)
- Language preference (stored locally in your browser or device)
- Subscription and purchase information (processed through RevenueCat)
3. How We Use Your Data
We process your personal data for the following purposes:
- Providing the service: Processing appointment bookings, managing schedules, and enabling communication between customers and service providers.
- SMS notifications: Sending SMS messages to customers about booking confirmations, cancellations, and rescheduling via Twilio.
- Push notifications: Sending push notifications to service providers about new bookings and updates via Firebase Cloud Messaging.
- Phone verification: Verifying phone numbers during registration and account setup via Twilio Verify.
- Subscription management: Processing in-app subscriptions and purchases through RevenueCat and the respective app stores (Apple App Store, Google Play).
- Authentication: Enabling sign-in via email, phone, or Apple Sign-In.
- Service improvement: Analyzing usage patterns to improve the platform. On the website, if you consent, we may use PostHog to understand visitor behavior.
- Legal obligations: Complying with applicable laws and regulations.
Legal basis for processing: performance of a contract (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR), and your consent where applicable (Art. 6(1)(a) GDPR).
4. Data Storage and Security
Your data is stored securely using Supabase, a cloud database platform with servers in the European Union. All data is protected with:
- Row Level Security (RLS) ensuring users can only access their own data
- Encrypted connections (HTTPS/TLS)
- Secure authentication mechanisms
Photos and images (profile pictures, service photos, gallery images) are stored in Supabase Storage with appropriate access controls. Public profile images are accessible to anyone viewing a service provider's booking page.
Push notification tokens are processed through Firebase Cloud Messaging (Google). Device tokens are stored in our database and removed when you sign out.
5. Data Sharing
We do not sell your personal data to third parties. Your data may be shared with:
- Service providers you book with: Your name, phone number, email, and notes are shared with the provider when you make a booking.
- Supabase: Database hosting and authentication – processes data on our behalf with servers in the European Union.
- Google Firebase: Push notifications (Firebase Cloud Messaging) – device tokens are shared to deliver notifications.
- Twilio: SMS delivery and phone number verification – phone numbers and booking details are shared to send SMS messages.
- RevenueCat: Subscription and purchase management – user identifiers and purchase data are shared to manage subscriptions.
- Apple (Sign-In with Apple): If you use Apple Sign-In, your name and email (or a relay email) are shared by Apple during authentication.
- Stripe (stripe.com): Payment processing – processes payment information securely on our behalf.
- Resend (resend.com): Transactional email delivery – email addresses and booking details are shared to send confirmation and notification emails.
- Crisp (crisp.chat): Live chat support – if you use the chat widget and consent to functional cookies, your messages and basic device info are processed.
- Cloudflare Turnstile (cloudflare.com): Bot protection – anonymized interaction data is processed to verify you are a real user.
- PostHog (posthog.com): Privacy-friendly analytics – if you consent to analytics cookies on our website, anonymized usage data may be processed by PostHog.
- Meta/Facebook (facebook.com): Advertising – if you consent to marketing cookies, the Meta Pixel may collect page view and conversion data to measure ad performance and build audiences.
All third-party providers process data on our behalf under data processing agreements and applicable privacy regulations.
6. Data Retention
- Customer booking data: Retained for as long as the service provider maintains their account, or until the provider deletes the record.
- Service provider accounts: Retained for the duration of the account. Upon account deletion, all associated data (bookings, clients, services, staff, photos) is removed.
- Staff member data: Retained while the staff member is linked to a service provider account. Removed when the link is severed or the provider deletes their account.
- Push notification tokens: Removed upon sign-out or account deletion.
- Subscription data: Retained for the duration of the subscription and as required by applicable tax and accounting regulations.
- Contact form messages: Retained for as long as needed to address your inquiry and for record-keeping purposes.
- Language preferences: Stored locally on your device and can be cleared at any time.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your data
- Data portability – receive your data in a structured format
- Object to processing based on legitimate interests
- Withdraw consent at any time (where processing is based on consent)
To exercise your rights, please contact us at [email protected].
You also have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) at ada.lt. 8. Cookies and Local Storage
The eile website uses the following storage technologies:
Essential (always active):
- Language preference stored in your browser's localStorage
- Cookie consent preference stored in localStorage
Optional (with your consent):
- Analytics cookies: If you consent, PostHog may be used to understand how visitors interact with our website. You can manage this preference through the cookie banner.
- Functional cookies: Enable enhanced features such as language preferences and personalization.
- Marketing cookies: If you consent, these may be used to deliver relevant content and measure campaign performance.
You can change your cookie preferences at any time by clearing your browser's local storage or managing cookies in your browser settings.
The eile mobile application does not use cookies.
9. Children's Privacy
eile is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at [email protected]. 10. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
11. Contact Us
If you have any questions about this privacy policy or your personal data, please contact us:
Email: [email protected]
Address: Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania