Last Updated: 6. Juli 2026
At Zeity, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our booking platform.
Moon Regents is the data controller responsible for your personal data. You can contact us at: Moon Regents 47805 Krefeld Germany Email: info@zeity.me
When you make a booking through our platform, we collect: • Full Name • Email Address • Phone Number (optional) • Appointment Date and Time • Service Type • Notes or Special Requests This data is necessary to process your appointment request and send you confirmation emails and reminders.
We process your personal data based on GDPR Article 6(1)(b) - processing is necessary for the performance of a contract (your appointment booking). We may also process data based on your explicit consent for receiving appointment reminders.
Your data is used exclusively for: • Processing and confirming your appointment • Sending appointment reminders and notifications • Communicating with you about your booking • Providing you with appointment details and updates We do not sell, rent, or share your data with third parties for marketing purposes.
We retain personal data only for as long as necessary, and the retention period depends on whose data it is. (a) Zeity's own data, as controller: • Product analytics (PostHog): 30 days • Error events (Sentry): 90 days • Server logs (Better Stack): 3 days • Your account data: for the life of your account, deleted on closure or on request • Zeity's own subscription and platform-fee invoices to business owners: 8 years, per § 147 AO / § 257 HGB as amended by the Bureaucracy Relief Act (Bürokratieentlastungsgesetz IV, 2025) — the underlying accounting books and ledgers are kept for 10 years (b) Client booking data, where Zeity acts as a processor on a business's instructions: Your appointment history and client records are retained for as long as the business relationship between you and the business lasts, and are deleted when the business closes its account or instructs us to delete them. Independently of that, you can request deletion of your own data at any time — see our data-deletion process. If you paid online, your payment metadata is held by Stripe under the business's own statutory bookkeeping obligation. That is the business's tax duty, not data Zeity retains for its own accounting records.
We use essential cookies that are strictly necessary for the functioning of our service. These remain exempt from consent requirements under § 25 Abs. 2 TDDDG (the German Digital Services Data Protection Act, formerly TTDSG). Essential Cookies: • Session Management: Supabase authentication cookies enable you to stay logged into your account • Language Preference: Stores your selected language (English or German) for a better user experience • Cookie Consent: Remembers whether you have acknowledged this cookie notice These cookies are stored locally in your browser and contain no personal data beyond what is necessary for their specific purpose. Non-essential device storage (§ 25 Abs. 1 TDDDG — only with your consent): • PostHog: product analytics (EU-hosted). PostHog only runs, and only sets non-essential cookies or records which pages you visit, after you opt in through our cookie banner. If you choose "Essential Only", none of this is set or fires. Server-side processing (not a cookie, no consent required): • Sentry: error monitoring. Sentry processes technical data, including your IP address, on the basis of our legitimate interest in keeping Zeity secure and reliable (Art. 6(1)(f) GDPR). This runs on our servers, does not set a cookie in your browser, and is therefore separate from the cookie-consent choice above. We do not use advertising or retargeting cookies, and we do not sell or share cookie data with third parties for marketing purposes.
We use the following third-party service providers to operate Zeity. Subprocessors of your clients' data (acting on our instructions, under our Data Processing Agreement at https://zeity.me/dpa): • Supabase: database hosting and storage of your data • Resend: transactional and booking emails • Vercel: application hosting and content delivery (CDN) • Better Stack (Logtail): production logging (EU region, with personal data masked) • Stripe: payment processing, where online payments are enabled Stripe also acts as an independent controller of payment data for its own fraud-prevention, anti-money-laundering and legal-compliance purposes, under Stripe's own privacy policy. Vercel processes aggregated service and usage data as a controller under its own privacy policy. We also use the following tools to operate, secure and improve Zeity itself, which process usage and technical data rather than your booking clients' records: • PostHog: product analytics (EU-hosted, used only with your consent) • Sentry: error monitoring Except where stated above that a provider acts as an independent controller, these providers process personal data on our instruction under a data-processing agreement and in accordance with the GDPR. Where a provider processes the personal data of a business owner's own clients on that business owner's behalf, it does so as our subprocessor; our Data Processing Agreement (https://zeity.me/dpa) lists those subprocessors.
Some of the tools we use as controller for Zeity's own operations process personal data outside the European Economic Area (EEA). Error monitoring (Sentry): Technical data, including your IP address, may be accessed and processed in the United States. This transfer relies primarily on the EU-US Data Privacy Framework (an EU adequacy decision) as its legal basis, with the EU Standard Contractual Clauses incorporated as a fallback safeguard, together with supplementary technical measures such as encryption and PII scrubbing. Product analytics (PostHog): EU-hosted — no third-country transfer occurs. A copy of the safeguards referred to above (including the Standard Contractual Clauses) is available on request using the contact details in this Privacy Policy.
Under GDPR, you have specific rights regarding your personal data. Here's how to exercise them: 🔍 Right of Access (Article 15) Request a copy of all your personal data in JSON format. Click "Request Data Export" in your account settings or send an email to support@zeity.me We will provide your data within 30 days. ✏️ Right to Rectification (Article 16) Correct or update your personal information. Edit your details anytime in your account settings. Changes are effective immediately. 🗑️ Right to Erasure / Right to be Forgotten (Article 17) Request permanent deletion of your personal data. Your personal information will be deleted after 7-day confirmation period. Some records may be kept for legal compliance (German tax law, dispute resolution). 📊 Right to Data Portability (Article 20) Receive your data in a structured, machine-readable format (JSON). Download your data export and import it into other services. ⛔ Right to Object (Article 21) Object to certain processing activities. Contact support@zeity.me to discuss your concerns. 🛑 Right to Restrict Processing (Article 18) Temporarily stop processing of your data while we resolve disputes. Contact support@zeity.me to request restrictions. ⚙️ Right to Withdraw Consent Withdraw consent for non-essential processing at any time. This does not affect the validity of processing before withdrawal. Automated Decision Making (Article 22) We do NOT use automated profiling or decision-making for users. All decisions affecting you involve human review. How to Exercise Your Rights • Dashboard: Use the "Your Data Rights" section in account settings • Email: Send requests to support@zeity.me with proof of identity • Response Time: 30 days (can be extended by 2 months for complex requests) • No Fee: Requests are free unless manifestly unfounded Data Protection Authority If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.
Your data is protected by: • HTTPS encryption for all data in transit • Encrypted storage in Supabase's secure infrastructure • Access controls limited to authorized personnel only • Regular security audits and updates While we implement strong security measures, no method of transmission over the internet is 100% secure.
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: Email: info@zeity.me Address: 47805 Krefeld, Germany We take your privacy seriously and will respond to all inquiries promptly.