Terms overview

Privacy Policy

Last updated: May 24, 2026

Introduction

At offhrs (“we”, “us”, “our”), we are committed to protecting the privacy and security of our users. For the purposes of the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation, offhrs acts as the data custodian and controller for information collected through our ecosystem.

This Privacy Policy (“Notice”) outlines how we collect, manage, use, and safeguard personal data across the website offhrs.app, the vendor portal partners.offhrs.app, and our official mobile applications on the Apple App Store and Google Play Store (collectively, the “Services”).

If you have any questions or wish to exercise your data rights, contact us at admin@offhrs.app.

1. Scope of this notice

This Notice applies to the following individuals interacting with the Services:

  • Consumers (students/bookers): individuals who browse the app, create profiles, and book creative workshops.
  • Vendors (makers/studio owners): solo entrepreneurs, instructors, or businesses who subscribe to our SaaS tier (Lite or Pro) to host classes and manage scheduling.

2. Information we collect & how we use it

2.1 Technical and device infrastructure data

Whenever you interact with offhrs.app or partners.offhrs.app we automatically log network data to ensure application performance and prevent fraud:

  • What we collect: IP addresses, device hardware signatures, operating-system versions, browser types, session interaction telemetry, and cookie tokens.
  • Approximate location. If you choose to share it, we may store a Canadian postal code and/or coarse latitude/longitude derived from your device or from geocoding that postal code, so we can show and sort workshops by distance. This is optional and is not used for advertising or sold to third parties.
  • Lawful basis: legitimate interests (platform stability, security, and performance).

2.2 Account and profile records

  • Consumers: name, email, optional mobile number, postal code, and tokenized payment references (we never store full card numbers).
  • Vendors: during signup on partners.offhrs.app, we collect business name, business email, contact details, address, and the verification information Stripe Connect requires for payouts (tax ID, banking).
  • Lawful basis: performance of a contract (to operate your account and fulfil a booking).

2.3 Booking and scheduling data

  • What we process: workshop timestamps, capacity, slot availability, booking history, attendance, cancellations, and refund records.
  • Data flow: we render open slots to consumers based on the Vendor’s published schedule and the active bookings in the system. Slot counts are reconciled automatically when bookings, refunds, or account deletions occur.
  • Lawful basis: performance of a contract & legitimate interests (preventing scheduling conflicts).

3. Data sharing and marketplace architecture

offhrs is a marketplace facilitator. To complete transactions, your data flows along specific paths:

  • Between consumer and vendor. When a student purchases a workshop ticket, their name, contact number (if provided), and email are shared with the hosting Vendor so the studio can coordinate materials and communicate logistics.
  • Sensitive data note. If a Vendor requests health or accommodation information via their own intake forms (e.g. allergies in a cooking class), the Vendor is the sole data controller for that sensitive information. offhrs is not the controller for off-platform forms.
  • No selling of personal data. offhrs does not sell, lease, or trade your phone number, email, or reviews to third-party data brokers or external marketing lists.

4. Service providers we use

We share data only as needed to run the Services:

  • Supabase — authentication and database hosting.
  • Stripe & Stripe Connect Express — processing payments for workshop tickets and the monthly Vendor SaaS subscription, and routing Vendor payouts. We never store raw credit card numbers or CVV codes. We retain only tokenized references provided by Stripe (card brand, last four digits, expiry).
  • Resend — sending transactional emails (booking confirmations, refund notices, account alerts) and any marketing emails you have explicitly agreed to receive.
  • Vercel — web hosting and edge delivery for offhrs.app and partners.offhrs.app.
  • Expo / Apple / Google — mobile app distribution and over-the-air updates.

5. Data retention

  • Active accounts. Profile settings, calendar structures, and workshop history are retained for the lifecycle of your active registration.
  • Account deletion. When you delete your account from the mobile Profile screen, we immediately remove your profile, saves, reviews, and active bookings from production databases. Affected workshop slots are reconciled so partners see accurate availability.
  • CRA retention. Transaction logs, HST billing records, and Stripe settlement records are retained securely for up to six (6) years to satisfy Canada Revenue Agency audit requirements.
  • Anonymized telemetry. Aggregated platform telemetry stripped of personally identifiable information may be retained indefinitely.

6. Your Canadian privacy rights

Under PIPEDA you have:

  • Right of access. Request an export of your profile and booking history at admin@offhrs.app.
  • Right of rectification. Correct inaccurate records or update tax/postal-code settings at any time in the app.
  • Right of erasure. Request permanent deletion of your account. We purge personal information from production within 30 days, keeping only what is required for tax audit validation (see section 5).
  • Right to complain. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC).

7. Security and international transfer

We use industry-standard measures to protect your data, including TLS encryption in transit and Row Level Security on the Supabase backend. Our providers may process data in the United States or other countries; we rely on appropriate safeguards (such as standard contractual clauses) where required.

8. Revisions to this notice

We may modify this Notice as our product evolves. Any changes will be posted on this page with an updated timestamp. For significant changes impacting user tracking or data flows, we will push an alert or a mandatory update confirmation inside our mobile applications.

9. Contact

For privacy requests or questions, email admin@offhrs.app.