Privacy Policy (Global Privacy Notice)

1) Who we are (Controller)

2) What this notice covers

This notice explains how we collect, use, share, and protect personal data when you use Beshare (including when you sign in with Google, Apple, or Facebook). It also explains your choices and rights.

This notice does not cover third-party websites, apps, or services that you access via links from Beshare.

3) What personal data we collect

We collect data in the following categories (depending on how you use the Service):

A. Account and profile data

• Name, username, profile photo (optional)
• Email address
• Phone number (optional)
• Account identifiers (internal user ID)

B. Authentication and social login data

If you choose to sign in using Google / Apple / Facebook, we receive certain data from that provider (depending on the permissions/scopes you approve), such as:

• Provider user ID (a unique identifier)
• Name, email address (may be missing), profile photo (optional)

Apple Sign In: you may choose to hide your email; Apple may provide a relay email address instead.

C. Booking and service usage data

• Bookings you make (time, location, workspace/studio, status)
• Cancellations, changes, messages/support requests
• Preference settings

D. Payment and billing data

• Payment status, transaction history, refunds
• Limited payment instrument info (e.g., last four digits, card brand, tokenized payment reference)
• Billing address (if required)

We do not intentionally store full card numbers or full CVV on our servers. Payment processing is typically handled by a regulated payment service provider.

E. Location data

• Approximate location inferred from IP address
• Precise location (GPS) if you enable it in your device settings (e.g., to show nearby studios)

F. Biometric data (if you enable biometric features)

If you use biometric features (for example, identity verification or access control to a studio), we may collect:

• Biometric identifiers / biometric information (e.g., a face geometry template or similar derived data)
• Capture metadata (time, device information)
• Verification results (match/no match, liveness result), confidence scores

Biometric data is treated as highly sensitive. In many jurisdictions it requires explicit consent and clear retention rules.

G. Device, log, and analytics data

• Device identifiers, OS/app version, language, time zone
• IP address, approximate location, browser/app logs
• Diagnostic and security logs
• Analytics events (pages viewed, features used)

H. Communications

• Messages you send to support
• Emails/notifications we send you (service messages; optional marketing)

4) Where we get data from

We collect personal data:

• Directly from you (sign-up, bookings, support)
• Automatically (cookies, device logs, usage analytics)
• From social login providers (Google/Apple/Facebook) when you choose them
• From payment processors (payment confirmation, chargebacks)
• From partners (e.g., workspace/studio operators) where necessary to provide bookings

5) Why we use personal data (purposes)

We use personal data for:

• Providing the Service: Create and manage your account, enable bookings, process payments, and deliver access to spaces.
• Identity, security, and fraud prevention: Authenticate users, secure accounts, detect abuse, protect the Service and users.
• Biometric features (only if enabled): Verify identity and/or provide controlled access to a location/space; prevent unauthorized access; comply with safety requirements.
• Customer support and communications: Respond to requests, send service notifications (e.g., booking confirmations, changes, payment receipts).
• Product improvement and analytics: Understand usage, debug, improve performance, develop new features.
• Legal compliance: Comply with legal obligations (e.g., tax/financial recordkeeping), respond to lawful requests, enforce Terms.

6) Legal bases (EEA/UK users)

If you are located in the EEA or UK, we rely on legal bases under data protection laws, typically including:

• Contract necessity (to provide bookings, account, payments)
• Legitimate interests (service security, fraud prevention, product improvement)
• Consent (cookies where required; marketing where required; biometrics and other sensitive processing)
• Legal obligation (tax/accounting, compliance)

7) Biometric data - key rules (summary)

• We will ask for clear, explicit consent before collecting or using it (unless a narrow legal exception applies in your jurisdiction).
• We will publish a retention schedule and follow deletion rules, including deleting biometric data when the original purpose is satisfied and/or within statutory time limits where required.
• You can withdraw consent (where applicable) by disabling biometric features and/or requesting deletion via our request portal.

8) Cookies and similar technologies

We use cookies and similar technologies for:

• Essential operation (security, session management)
• Preferences
• Analytics
• Advertising/marketing cookies (if applicable)

Where required by law, we ask for consent for non-essential cookies and provide a cookie preferences center.

9) Sharing and disclosure of personal data

We share personal data only as needed for the purposes above, including with:

A. Service providers (processors)

Examples:

• Cloud hosting and infrastructure
• Payment processing
• Customer support tools
• Analytics and crash reporting
• Email/SMS/push notification providers
• Identity verification providers (if used)
• Access-control hardware/software providers for autonomous studios (if used)

We require service providers to protect data and use it only for our instructions.

B. Workspace/studio operators and partners

To fulfill a booking or access to a location, we may share necessary data with the operator (e.g., booking status, name/contact if needed for access/support).

C. Social login providers

If you use Google/Apple/Facebook login, those providers process data under their own policies.

D. Legal and safety disclosures

We may disclose data if we believe it is reasonably necessary to:

• Comply with law or lawful requests
• Protect rights, safety, and security
• Prevent fraud or abuse

E. Business transfers

If Beshare is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction (subject to appropriate safeguards).

10) Sale / sharing of data (US state laws)

We do not sell personal data for money. Some US state privacy laws define 'sell' or 'share' broadly (including certain disclosures for cross-context behavioral advertising). If we engage in processing that qualifies as 'sale' or 'sharing' under applicable law, we will provide an opt-out mechanism.

11) International data transfers

Beshare operates internationally, so your data may be transferred to and processed in countries other than where you live.

Where required, we use recognized transfer mechanisms such as:

• EU Standard Contractual Clauses (SCCs) for transfers from the EEA to countries without an adequacy decision
• Where applicable, transfers to certified US recipients under the EU-US Data Privacy Framework may be available
• UK transfer mechanisms (e.g., IDTA/Addendum) where applicable

12) Data retention

We keep personal data only as long as needed for the purposes described in this notice, including:

• While your account is active
• As needed to provide bookings and support
• For legal, tax, accounting, and dispute-resolution obligations
• For security and fraud prevention

Biometric retention is addressed specifically in our Biometric Retention & Destruction Policy.

13) Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is 100% secure. If we learn of a data breach that affects you, we will notify you as required by applicable law.

14) Your rights and choices

Depending on your location, you may have rights such as:

• Access to personal data
• Correction of inaccurate data
• Deletion
• Portability
• Objection / restriction
• Withdrawal of consent
• Opt-out of certain processing (e.g., targeted advertising, where applicable)

How to exercise rights: Submit a request at https://beshare.pro/privacy-requests

We will verify requests and respond within legally required timeframes.

Regional notes (high level)

• EEA/UK: GDPR/UK GDPR rights apply; transparency and lawful basis requirements are set out in GDPR Article 13 and related provisions.
• Canada: PIPEDA emphasizes openness and making policies/practices readily available.
• Australia: APP 1 requires open and transparent handling and a clearly expressed privacy policy.
• Brazil: LGPD applies broadly, including to biometric data as 'sensitive personal data,' and establishes controller/operator roles and data subject rights.
• US states (incl. California): consumer privacy rights and notices are required.
• Russia: additional rules may apply to processing of personal data, including consent and special categories.

15) Children

Beshare is not intended for children, and we do not knowingly collect personal data from children or minors. If you believe a child has provided us personal data, please contact us so we can take appropriate steps.

16) Third-party requirements (Google/Facebook platform notes)

If you use Google Sign-In, we must provide a clear privacy policy that accurately discloses what data we request and how we use it; changes to Google-user-data use require updating the policy and obtaining consent where required.

If you use Facebook Login, Meta may require providing user data deletion instructions and/or a data deletion callback mechanism.

17) Changes to this notice

We may update this notice from time to time. If changes are material, we will provide additional notice (e.g., in-app notification) as required.

18) Contact and complaints

If you are in the EEA/UK, you also have the right to lodge a complaint with your local supervisory authority.