Data Protection
How Tapi approaches EU hosting, customer booking data and GDPR responsibilities for studios.
Overview
Tapi is built for professional studios and is designed around data minimisation, EU hosting and clear controller/processor responsibilities.
The main service infrastructure runs on EU hosting. Customer booking data belongs to the studio that receives the booking.
Infrastructure
- Hosting is provided on EU infrastructure operated by Hetzner.
- Cloudflare is used for DNS, DDoS protection, traffic filtering and web security.
- Transactional emails are sent through Resend.
- Studio subscription checkout, billing, tax calculation and invoices are processed through Stripe.
- Appointment payments are not processed by Tapi unless a studio enables a separate online payment feature.
Studio customer data
Studios decide what customer data they collect through their booking page. Tapi processes that booking data only to provide the booking service, send transactional notifications, secure the service and support the studio.
Security measures
- Access to studio dashboards requires authenticated user accounts.
- Access to studio records is restricted by account roles and permissions.
- Uploads are size-limited and stored in controlled file storage.
- Operational logs are limited to reliability, security and abuse prevention needs.
- Backups and infrastructure access are managed to protect availability and confidentiality.
Data subject requests
Studios and customers can contact [email protected] for privacy requests. Where a request concerns a studio customer booking, Tapi may coordinate with the studio because the studio is the controller for that customer relationship.