felineStudio
Start

Privacy Policy

Effective: 2026-02-17 · Last updated: 2026-03-09 · Version 1.0

Privacy Policy

This Privacy Policy explains how personal data is processed in connection with felineStudio.

1. Who is responsible for data processing?

felineStudio has two GDPR roles depending on the context:

  1. As a processor: felineStudio processes personal data on behalf of a cattery (the cattery is the controller).
  2. As an independent controller: felineStudio processes certain data for its own legal and operational purposes (for example account administration, platform security, abuse prevention, and support handling).

1.1 Controller details (for felineStudio-controlled processing)

The controller under GDPR is the person identified in the Imprint.

Privacy email: [email protected]

1.2 Cattery as controller

For data that a cattery enters and manages in the app (for example buyer contacts, waiting list records, contracts, and cat records), the cattery is generally the controller under Article 4(7) GDPR. felineStudio acts as processor under Article 4(8) GDPR for that processing.

2. Categories of personal data

Depending on feature usage and configuration, the following categories may be processed:

  • Account and profile data: owner name, cattery name, email, phone, address, login/account identifiers.
  • Contact and inquiry data: first/last name, email, phone, inquiry preferences, inquiry notes, consent timestamp.
  • Business records entered by catteries: contacts, waiting list entries, contracts, transactions, and related notes.
  • Media and document data: cat images, uploaded documents/images for OCR features, and extracted content.
  • Technical and security data: IP-derived request metadata, throttling/security logs, session/auth state, and system event logs.
  • Communication data: operational emails and reminder notifications.

3. Purposes and legal bases

Where felineStudio acts as controller, processing is based on one or more of the following legal bases:

  • Article 6(1)(b) GDPR (contract): providing and operating the service, account access, and core functionality.
  • Article 6(1)(c) GDPR (legal obligation): retention and compliance obligations where required by applicable law.
  • Article 6(1)(f) GDPR (legitimate interests): service security, fraud/abuse prevention, reliability, and platform defense.
  • Article 6(1)(a) GDPR (consent): processing that is explicitly consent-based where implemented.

Where felineStudio acts as processor, processing is carried out on documented instructions from the relevant cattery controller.

4. Recipients and processors/sub-processors

felineStudio uses service providers to deliver the platform. Depending on configuration, these include:

  • Supabase: database, storage, and authentication services.
  • Vercel: hosting, infrastructure, and deployment/runtime services.
  • Lettermint (optional): transactional email delivery.
  • OCR/AI provider (optional): Cortecs (routing gateway).

felineStudio maintains contractual safeguards (including data processing terms) with providers used for personal data processing.

4a. Web analytics (Plausible Analytics)

felineStudio uses Plausible Analytics, a privacy-friendly analytics tool that is self-hosted on our own infrastructure at analytics.felinestudio.app.

Plausible Analytics uses no cookies and does not track individuals. No personal data is collected and no data is shared with third parties. The data collected consists solely of aggregated, anonymous usage statistics such as pages visited, referral sources, country (not city), device type, and browser/OS category.

Because no personal data is processed and no cookies are used, no cookie consent is required for this analytics feature.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in understanding anonymous platform usage in order to improve the service).

5. International data transfers

Some providers or their sub-processors may process data outside the EEA/UK/Switzerland. Where required, transfers rely on an appropriate transfer mechanism, such as:

  • an adequacy decision, and/or
  • EU Standard Contractual Clauses (SCCs), and/or
  • UK transfer addendum/IDTA or equivalent legal mechanism.

You may request more information on applicable safeguards via the privacy contact listed above.

5.1 Hosting location transparency

felineStudio is intended to be operated with EU hosting/processing locations. Where data is processed in the EU, this is configured through selected provider settings and regions. If a provider or sub-processor processes data outside the EU/EEA, the safeguards listed above apply.

6. Retention periods

felineStudio applies data minimization and storage limitation principles. Retention depends on context and legal requirements.

Baseline operational retention currently includes:

  • Scheduled account deletion: account marked for deletion, then permanently purged after a 30-day grace period.
  • Data export packages: generated portability files include signed media links that expire (currently 24 hours).
  • Security and abuse-prevention records: retained only as long as necessary for protection and incident handling, subject to legal obligations.

Controller catteries remain responsible for defining lawful retention periods for the records they control and for meeting local legal retention obligations.

7. Data subject rights

Under GDPR, data subjects may have the right to:

  • access personal data (Art. 15),
  • rectify inaccurate data (Art. 16),
  • erase data (Art. 17),
  • restrict processing (Art. 18),
  • data portability (Art. 20),
  • object to processing (Art. 21),
  • withdraw consent at any time (where processing is consent-based).

7.1 How to exercise rights

  • For data controlled by a cattery: requests should first be directed to that cattery as controller.
  • For data controlled directly by felineStudio: contact [email protected].

felineStudio supports controller catteries in handling valid rights requests where felineStudio acts as processor.

8. Automated decision-making

felineStudio does not perform solely automated decision-making that produces legal effects or similarly significant effects within the meaning of Article 22 GDPR.

9. Security measures

felineStudio implements technical and organizational measures appropriate to the risk, including measures such as encryption in transit, access controls, role separation, logging/monitoring, and incident response processes.

No system can be guaranteed 100% secure, but controls are designed to reduce risk and protect confidentiality, integrity, and availability.

10. Children

The service is not directed to children. Catteries using the platform remain responsible for ensuring they have a valid legal basis for any personal data they enter into the service.

11. Complaints to supervisory authorities

Data subjects have the right to lodge a complaint with a competent supervisory authority in their habitual residence, place of work, or place of alleged infringement.

Primary supervisory authority: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany, Email: [email protected].

12. Changes to this Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version and effective date are shown at the top of this document.

If you have questions about this policy, contact: [email protected].