MasEase Privacy Policy

This Privacy Policy explains how MasEase (the 'Controller') collects, uses, shares, and protects personal data when providing its website, landing pages, and web application services (the 'Service').

This notice is designed to meet the transparency requirements of Articles 12-13 GDPR and applies to visitors, account holders, and integration users in the EEA/UK.

If a Data Protection Officer (DPO) is appointed, DPO contact details will be published here; otherwise a privacy contact is provided as above.

• Account data: name, email, business details, role, and authentication identifiers (e.g., Google sign-in).
• Billing and payments: subscription tier, tax information, and payment transaction metadata processed by our payment provider (card data is not stored by us).
• Business/lead data from integrations: messages, contacts, services, notes, images, and scheduling data synced from connected platforms (e.g., Manychat, Calendly, Fresha).
• Usage and device data: IP address, device/browser type, pages viewed, time on page, engagement metrics and event logs, collected via our application platform (e.g., Supabase) and limited diagnostics.
• Notifications data: device tokens for push or in-app alerts where enabled.

We do not intentionally collect special category data; where such data is present in imported leads, processing is limited to providing the Service and minimized by design.

We share personal data with trusted service providers acting under written data processing terms, solely for the purposes described:

• Platform/hosting and database: Supabase (infrastructure, authentication, storage).
• Payments: Stripe (payment processing, subscription management).
• Authentication and sign-in: Google (OAuth sign-in).
• Integrations selected by the account: Manychat, Calendly, Fresha (data sync and scheduling).
• Professional advisors and authorities where legally required (e.g., tax authorities, courts).

A current list of core processors and sub-processors is available on request and may be updated as our stack evolves.

Individuals in the EEA/UK have rights under GDPR: access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and the right to withdraw consent at any time (without affecting prior processing).

Requests can be submitted to the contact above. We respond without undue delay and in any event within one month of receipt; where necessary due to complexity or number of requests, we may extend by up to two further months and will notify within the first month with reasons.

If concerns remain, a complaint may be lodged with a supervisory authority in the EU/EEA/UK where residence, work, or the alleged infringement occurs.