Log inStart for free
Log inStart for free

Privacy Policy

Information on how Wone processes personal data across the website, apps, and booking features.

1. Controller

Wone - Lukas Hamm
Südstraße 38
77963 Schwanau
Germany
Email: support@wonehq.com

2. Processing when visiting this website

a) Server log data

When this website is accessed, technically required information is transmitted by the browser to the server. This includes in particular:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the requested file
  • Website from which the access originated
  • Browser used and, where applicable, operating system

We process this data to provide the website, ensure stability, and detect misuse or technical issues. The legal basis is Art. 6(1)(f) GDPR.

b) External fonts

Some parts of our website use Google Fonts. This may involve a connection to Google servers and the processing of data such as IP address, browser information, and the page accessed. The legal basis is Art. 6(1)(f) GDPR unless further consent is legally required.

c) Cookie banner and local storage

On the marketing website we use a cookie banner to store your choices regarding non-essential cookies. This involves a local storage entry in your browser so your choice can be respected on later visits. The legal basis is Art. 6(1)(c) GDPR where legally required and Art. 6(1)(f) GDPR for the technical implementation of consent management.

3. Use of the web app, mobile app, and booking features

When you use Wone, we process personal data that you enter yourself or that is generated as part of the service. This may include in particular:

  • Account data such as name, email address, and login information
  • Profile and workspace data
  • Appointment, service, team, customer, and booking data
  • Technical session and authentication data
  • Legal texts and booking website content, where you store these in Wone

We process this data in particular to provide the software, manage user accounts, handle bookings, support team and client workflows, and maintain technical security. The legal basis is usually Art. 6(1)(b) GDPR. Where you provide optional information or activate optional features, Art. 6(1)(a) GDPR may also apply.

a) Hosting, database, and authentication via Supabase

Core functions of our current web app and mobile app use Supabase. This includes authentication, database access, file processing, realtime functions, and technical server-side capabilities. Supabase processes the personal and usage data required for using Wone.

b) Public booking pages

When clients use your booking page, we process the information entered there, especially name, email address, phone number, selected services, appointment times, and booking-related notes. This processing is necessary for completing the booking and is based on Art. 6(1)(b) GDPR and, where relevant, Art. 6(1)(f) GDPR.

c) Sessions and login

In the web app and app we store technically required session and login data so you can stay signed in and access protected areas. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

4. Sign in with Google

You can sign in to Wone using Google. When you choose this option, authentication and account data are processed between Google and our authentication service so the login can be completed. The legal basis is Art. 6(1)(b) GDPR and, where the login choice is voluntary, Art. 6(1)(a) GDPR.

5. Notifications in the mobile app

Our mobile app may use local notifications and push notifications for bookings, appointments, and app-related events.

  • For local notifications, information is processed on your device.
  • For push notifications, we use Firebase Cloud Messaging. This includes the processing of a device-related push token and its connection to your user account.

The legal basis is your consent under Art. 6(1)(a) GDPR where the operating system requires notification permission, and Art. 6(1)(b) GDPR for function-related notifications as part of app usage.

6. Analytics and subscription services in the mobile app

a) Firebase Analytics

In the mobile app we use Firebase Analytics to better understand usage, stability, and product behavior. Device-related and usage-related information may be processed. The legal basis is Art. 6(1)(a) GDPR where consent is required, otherwise Art. 6(1)(f) GDPR.

b) RevenueCat

For managing certain subscription and in-app purchase features on iOS, we use RevenueCat. This may involve processing app user IDs, workspace references, purchase status, and subscription-related information. The legal basis is Art. 6(1)(b) GDPR.

7. Additional service providers and possible recipients

We only share personal data where this is necessary to provide our services, where we are legally required to do so, or where you have given consent. Depending on the feature used, the following providers may be involved:

  • Supabase: hosting, database, authentication, realtime, and server functions
  • Google / Firebase: Google login, Firebase Cloud Messaging, Firebase Analytics, and in older web areas additional Firebase services such as Firestore, Storage, App Check, or Cloud Functions
  • RevenueCat: subscription-related processing in the iOS app
  • Google Fonts: delivery of external fonts on parts of the website

Where providers are located outside the EU or EEA, or where data is transferred there, we rely on appropriate safeguards, especially the standard contractual clauses of the European Commission, unless another lawful basis applies.

8. Legal bases of processing

  • Art. 6(1)(a) GDPR, where you provide consent, for example for notifications or certain analytics features
  • Art. 6(1)(b) GDPR for pre-contractual measures and for performing our contract with you
  • Art. 6(1)(c) GDPR where legal obligations apply
  • Art. 6(1)(f) GDPR for legitimate interests such as system security, product stability, abuse prevention, and the economic operation of our services

9. Storage period

We store personal data only for as long as required for the relevant processing purposes, where legal retention obligations apply, or where legitimate interests justify continued storage. Session data and technical logs may be stored for shorter periods than account, booking, or billing-related data.

10. Data security

We implement appropriate technical and organizational measures to protect personal data against loss, unauthorized access, manipulation, or unlawful processing.

11. Your rights

Under the applicable legal provisions, you have in particular the right to:

  • Access the personal data stored about you
  • Rectify inaccurate data
  • Delete your data
  • Restrict processing
  • Data portability
  • Object to certain kinds of processing
  • Withdraw any consent you have given with effect for the future

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful.

If you no longer have access to your account, you can also request account deletion through our public page at wonehq.com/legal/account-delete.

12. Contact for privacy questions

For privacy-related inquiries, you can contact us at any time: support@wonehq.com

13. Changes to this Privacy Policy

We may update this Privacy Policy when our services, the legal framework, or the way we process data changes. The version published on this page is the version that applies.

Last updated: May 4, 2026