Privacy Policy

Last updated: April 10, 2026

1. Scope

This Privacy Policy explains what personal data WorkStudio.Online collects, why we collect it, how we use it, and how we protect it when you use the service or purchase a subscription.

1A. Controller Identity

The data controller for this service is Objective Online Company S.R.L., operating the WorkStudio.Online service.

Address: Str. Iani Buzoiani nr. 3, bl. 16, sc. B, ap. 73, Sector 1, Bucuresti, 011571.

Trade Register No.: J2017019036407.

Unique registration number (CUI): 38481980.

Privacy contact: mail@workstudio.online

2. Data We Collect

• Account data, such as email, password hash, account ID, account status, and account timestamps.
• Profile and organization data, such as given name, family name, workspace role, company or team labels, and settings you choose to store.
• Content and file data that you upload, save, or generate in the apps, including document metadata and storage references.
• Security and access data, such as IP address, login attempts, session metadata, activation and recovery events, and abuse-prevention signals.
• Usage data, such as app, page, and modal events used to operate, support, and improve the product.
• Billing and transaction data related to subscriptions, such as plan, subscription status, transaction and customer IDs, billing country, tax or business details supplied at checkout, and payment status information made available to us by Paddle.
• Support data, such as messages you send through support or forum channels.

3. Why We Process Data

• To create accounts and provide login, authentication, storage, collaboration, AI, and other service features you request.
• To process purchases, activate paid access, manage subscriptions, prevent fraud, and reconcile billing events.
• To protect the platform, investigate abuse, and maintain service security and reliability.
• To improve features and usability based on product usage patterns and support feedback.
• To send service emails such as activation messages, password resets, security notices, billing-related notices, and service updates.

4. Data Sharing

WorkStudio.Online does not sell or share registered user data with external parties for marketing.

We may disclose data only when required by law or when necessary to protect security, rights, or the service.

We share data with service providers acting for us or alongside us in delivering the service, including providers for hosting, email, security, and payment operations.

4A. Processors and Transfers

WorkStudio.Online is hosted on Google Cloud Platform (GCP) infrastructure in Europe.

We use Paddle for checkout, billing, invoicing, and tax handling as merchant of record; Brevo for transactional email delivery; Namecheap for mailbox hosting or routing used for mail@workstudio.online; and OpenAI for AI-backed features that you choose to use inside the service. We may also use other infrastructure, domain, DNS, or security providers under contractual controls where needed to operate the service.

Our normal setup is processing in Europe or the EEA where possible. If a transfer outside the EEA is needed, we apply GDPR safeguards and update this policy.

5. Legal Basis and GDPR

Where GDPR applies, we rely on one or more of the following legal bases:

• Contract, or steps taken at your request before entering into a contract, to create your account, provide access to the service, process subscriptions, provide support, and deliver the service features you request.
• Legitimate interests, for security, abuse prevention, service analytics, operational logging, fraud prevention, and service improvement.
• Legal obligations, where laws require processing, invoicing, tax handling, retention, or recordkeeping.
• Consent: only where legally required.
• Your rights may include access, correction, deletion, restriction, portability, and objection (subject to legal/security limits).
• You can withdraw consent where consent is the legal basis.

6. Retention

We keep account, service, and security data only as long as needed to run the service, meet legal obligations, resolve disputes, and prevent abuse. Billing and tax records may be kept for longer periods where required by law.

7. Security

We use technical and organizational security controls, including password hashing, access controls, request protections, and logging. No online service is 100% risk-free.

8. Cookies

WorkStudio.Online currently uses only first-party essential cookies for core operation (sessions/authentication, CSRF protection, and security controls).

We do not currently use third-party analytics cookies. Admin analytics currently use first-party server logs.

If optional analytics cookies are added later, consent controls will be shown where required by law.

9. Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and in some cases to receive a portable copy of your data. You may also have the right to complain to a supervisory authority.

10. Contact

For privacy requests or questions, contact mail@workstudio.online. If your question is specifically about payment collection or invoicing, Paddle may also process your request as part of its merchant-of-record role. Business customers who need processor terms can review our Data Processing Addendum (DPA).