PRIVACY POLICY

This service is operated by STENCIL ("STENCIL", "we", "us"). STENCIL is the data controller responsible for the personal data described in this policy and determines how and why that data is processed.

We collect only what we need to run the service:

• Account information — name, email, login credentials, and profile details you provide.
• Booking details — appointment information, messages, and quote details between artists and clients.
• Usage and device data — log data, device identifiers, and IP address used to operate and secure the service.
• Payment metadata — transaction records such as amounts, plan, and status. Full card details are handled directly by our payment provider, Paddle, and are never stored by us.

We process your personal data on the following legal bases:

• Performance of a contract — to create your account, provide the platform, and process bookings and subscriptions.
• Legitimate interests — to secure the service, prevent fraud, and improve our product.
• Consent — for optional marketing communications and non-essential cookies, where required.
• Legal obligation — to comply with tax, accounting, and other legal requirements.

We do not sell your personal data.

We share personal data only with:

• Service providers / subprocessors — hosting, database, analytics, and support tooling that help us run the platform.
• Paddle — our Merchant of Record and payment provider. Paddle.com handles checkout, subscription management, payments, tax compliance, invoicing, and refunds, and receives the data necessary for those purposes.
• Professional advisers and authorities — legal and accounting advisers, or authorities where required by law.

We keep personal data only for as long as needed to provide the service and to meet legal, accounting, and reporting obligations. Account and booking data is retained while your account is active and for up to 24 months after closure, after which it is deleted or anonymised. Transaction records may be retained longer where required by law (typically up to 7 years).

We follow GDPR principles for data handling. You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, to receive a portable copy, and to withdraw consent at any time. You may also lodge a complaint with your local supervisory authority. To exercise these rights, contact us at the email below; we respond within one month.

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your information.

We apply appropriate technical and organisational measures: data is encrypted in transit and at rest, access to personal data is restricted, and we review our practices regularly.

We use essential cookies to keep you signed in and remember preferences, and analytics cookies to understand how the service is used. You can manage non-essential cookies through your browser settings or any in-product cookie controls.

Questions about your privacy or this policy? Email STENCIL at support@stencils.life.