TEMPLATE — pending legal review. This document is a structured starting point generated for the Holix Booking Platform. It is not legal advice and has not been reviewed by an attorney. Have qualified counsel review and adapt it (including for LGPD/GDPR specifics) before relying on it in production.
v0.1-draft · 2026-06-14
This Privacy Policy explains how Holix Tecnologia ("Holix") handles personal data in connection with the Holix booking platform (the "Platform").
Roles matter here. For data about guests who book through an Owner’s site, the Owner is the data controller and Holix acts as a processor on the Owner’s behalf. For account data of Owners who register with Holix, Holix is the controller.
Owner account data: name, email, business details, authentication data. Guest/booking data (processed for the Owner): name, contact details, booking dates, and booking metadata. Payment data is handled by Stripe — Holix does not store full card numbers.
To provide the Platform and perform the contract (operating the booking site, sending transactional emails, processing bookings), and for legitimate interests such as security and service improvement. Where required, processing of guest data is governed by the Owner’s instructions and lawful basis.
Holix relies on infrastructure subprocessors to run the Platform: Supabase (database, authentication, storage), Stripe (payments), Resend (transactional email), Upstash (rate limiting), and Vercel (hosting). Each processes data only as needed to provide its service.
Data may be processed in regions where Holix or its subprocessors operate. Where applicable, transfers rely on appropriate safeguards under LGPD (Brazil) and GDPR (EU).
Personal data is retained for as long as needed to provide the Platform and meet legal, tax, and accounting obligations, then deleted or anonymized. Owners control retention of their guests’ data within the limits of the law.
Subject to applicable law (LGPD art. 18 / GDPR arts. 15–22), individuals may request access, correction, deletion, portability, or restriction of their personal data. Guests should direct requests about their booking data to the Owner; Holix will assist the Owner as processor. Owners may contact Holix about their account data.
Holix uses technical and organizational measures (row-level data isolation per tenant, encrypted transport, scoped access) to protect personal data. No method of transmission or storage is perfectly secure.
Holix may update this Policy. The version and date above identify the current edition; material changes will be surfaced in the Platform.
Questions or data requests? Contact contato@holixtecnologia.com.