Privacy Policy
Effective date: April 2026 • Last updated: April 2026
This policy explains what data spirit.dev collects, why, and what your rights are. I've written it in plain language — because that's what I'd want if I were reading it. If something is unclear, reach out via the social links on the homepage.
1. Who is responsible for your data?
spirit.dev is operated by Claudiu Craciun, as a personal passion project running through an SRL (a Romanian limited liability company), based in Romania. When this policy says "I" or "me," it means Claudiu Craciun, the one person who built and runs this.
For GDPR purposes, I am the data controller for the personal data described in this policy.
2. What data I collect
Here's a breakdown of what spirit.dev collects and why:
| Data | Why it's collected |
|---|---|
| Name | To identify your account and display on your booking page |
| Email address | To create your account, send booking confirmations and reminders |
| Booking data | Session type, date/time, duration — to power the booking system |
| Session preferences | The session types and settings you configure for your booking page |
| Usage analytics | Basic, anonymized data about how the service is used (e.g. which features are used) — to improve the product |
| OAuth tokens | Access tokens for Zoom and Stripe, stored securely, used only to perform actions you authorize (create meetings, process payments) |
3. What I do NOT collect
Just as important as what I collect is what I don't:
- No passwords — you log in via OAuth (Google, etc.). I never see or store your password.
- No payment card details — Stripe handles all payment processing. Your card data goes directly to Stripe and never passes through spirit.dev.
- No Zoom or Stripe credentials — OAuth 2.0 means I get a limited access token, not your login details.
- No advertising or tracking data — I don't build ad profiles, run retargeting, or sell your data to anyone.
- No sensitive personal data — no health records, financial information, or identity documents.
4. How your data is used
I use the data I collect to:
- Create and manage your account
- Display your booking page to your clients
- Send booking confirmations and reminders to you and your clients
- Create Zoom meeting links for booked sessions
- Process payments through your connected Stripe account
- Improve spirit.dev — fixing bugs, improving features — using aggregated, anonymized usage data
- Communicate with you about important changes to the service (not marketing)
I do not use your data for advertising, and I do not sell or rent it to anyone.
5. Third-party services
spirit.dev integrates with Zoom and Stripe. Here's what that means for your data:
- Stripe — When you connect your Stripe account, spirit.dev stores an OAuth access token to create payment sessions on your behalf. Stripe processes all payment data. Their Privacy Policy governs what they do with data they collect.
- Zoom — When you connect your Zoom account, spirit.dev stores an OAuth access token to create meeting links. Zoom handles the video infrastructure. Their Privacy Policy governs what they collect during meetings.
I recommend reading the privacy policies of both services, especially since they may collect data independently of spirit.dev.
6. Data storage and security
Your data is stored on servers in data centers operated by my infrastructure provider(s). I take reasonable technical measures to protect your data — encrypted connections (HTTPS), hashed tokens, and access controls.
Honest note: spirit.dev is a small, one-person project. I don't have an enterprise security team or ISO 27001 certification. I follow good security practices and care about your data, but I can't make the same guarantees a large company might. Please keep that in mind.
If I ever become aware of a data breach that affects your personal data, I will notify affected users as quickly as possible.
7. Cookies
spirit.dev uses minimal cookies. Specifically:
- Session cookies — to keep you logged in while you use the service
- Preference cookies — to remember settings you've chosen
That's it. No advertising cookies. No cross-site tracking. No third-party analytics that follow you around the web.
8. Your rights
You have the following rights over your personal data:
- Access — you can request a copy of the personal data I hold about you
- Correction — you can ask me to correct inaccurate data
- Deletion — you can ask me to delete your account and associated data
- Restriction — you can ask me to restrict processing of your data in certain circumstances
- Portability — you can request your data in a portable format
- Objection — you can object to certain types of processing
- Withdrawal of consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, contact me through the social links on the homepage. I'll respond as soon as I can, typically within a few days. For formal GDPR requests, I'll respond within the legally required 30-day window.
If you believe I've handled your data improperly, you have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) or the supervisory authority in your country of residence.
9. Data retention
I keep your data for as long as your account is active. If you delete your account, I will delete your personal data within a reasonable timeframe — typically within 30 days.
Some data may be retained longer where required by law (for example, financial transaction records). Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytical purposes.
10. Children's privacy
spirit.dev is not intended for anyone under the age of 18. I do not knowingly collect personal data from minors. If you believe a minor has created an account, please let me know and I will delete it.
11. International data transfers
spirit.dev is operated from Romania, within the European Union. However, the services I integrate with — Zoom and Stripe — may process data in the United States or other countries outside the EU/EEA.
Both Zoom and Stripe maintain their own data processing agreements and comply with applicable international data transfer frameworks. You can find details in their respective privacy policies.
Where I use third-party infrastructure providers that process data outside the EU, I rely on standard contractual clauses or equivalent safeguards.
12. GDPR — lawful basis for processing
For users in the EU/EEA, here is the lawful basis I rely on for processing personal data:
| Processing activity | Lawful basis |
|---|---|
| Account creation and management | Contract performance — necessary to provide the service you signed up for |
| Booking and scheduling data | Contract performance — core to what spirit.dev does |
| Booking confirmations and reminders | Contract performance — part of the service |
| Usage analytics (anonymized) | Legitimate interest — improving the service |
| Service announcements | Legitimate interest — keeping you informed about changes |
I do not rely on consent as a lawful basis for any core processing activity — which means you don't need to click "I agree" on a cookie banner to use the service.
13. Changes to this policy
I may update this privacy policy as spirit.dev evolves. When I do, I'll update the effective date at the top of this page. For material changes, I'll try to notify active users through the service itself.
Continued use of spirit.dev after changes means you acknowledge the updated policy.
14. Contact
For privacy-related requests, questions, or concerns, reach out through the social links on the homepage (LinkedIn, Instagram, or X). You can also use the bug report form if that's easier.
I'm one person and I do my best to respond promptly.
The short version
- I collect your name, email, booking data, session settings, and basic usage analytics.
- I don't collect passwords, card details, or anything Zoom/Stripe handles.
- I don't sell your data or use it for advertising. Ever.
- Payments go straight to Stripe — I never see your money or card info.
- Cookies are minimal — session and preferences only, no tracking.
- You can access, correct, or delete your data at any time by contacting me.
- GDPR applies — I'm in Romania, in the EU. Lawful basis is contract performance and legitimate interest.
- I'm a small one-person project, not a big company. I care about your data and handle it responsibly.