Abonio

Privacy Policy

Last updated: 2026-06-30

This Privacy Policy explains what personal data Abonio collects, why and on what legal basis we process it, and the rights you and your clients have.

1. Who we are

Abonio (the "Service") is an online platform for managing studios, schools and clubs: client records, scheduling, memberships, payments and analytics.

The Service is owned and operated by an Individual Entrepreneur registered in Georgia: Individual Entrepreneur Vitaliy Dudarevich, personal ID 345644190, address: Batumi, R. Nizheradze 1, Georgia (the "Operator", "we", "us").

By using the Service you confirm that you have read this Policy and agree to the processing of data on the terms described here. If you do not agree, please do not use the Service.

2. Data we process

We process two categories of data depending on whom it belongs to:

  • Account data (studio owners and staff): name, email address, password in hashed form, studio name and settings, selected plan, sign-in and activity logs.
  • Client data entered by the studio: client name, phone, email, attendance and membership history, payments, notes, and Telegram identifier where the client has connected the bot.
  • Technical data: IP address, device and browser type, and cookies required for sign-in and for the interface to work.

3. Purposes and legal bases

We process personal data on the following GDPR legal bases (Art. 6):

  • Performance of a contract - to register users, provide access and deliver the Service's features.
  • Legitimate interests - to secure the Service, prevent fraud, provide support and improve the product using aggregated data.
  • Legal obligation - to keep billing and accounting records required by law.
  • Consent - for optional features such as Telegram notifications, where applicable.

4. Controller and processor roles

For account data of owners and staff we act as the data controller.

For the client data a studio enters, the studio is the controller - it decides what data to collect and why. We act as a processor and process such data only on the studio's documented instructions to provide the Service. The studio is responsible for having a valid legal basis (for example, client consent) to enter that data.

5. Sharing and sub-processors

We do not sell personal data. We may disclose data to authorities only where required by a lawful request.

To run the Service we use trusted service providers (sub-processors) acting on our behalf:

  • Vercel Inc. (USA) - application hosting and infrastructure.
  • Supabase - database and authentication (storage of account and client data).
  • Telegram Messenger - where the Telegram bot integration is used.
  • Payment providers - when you pay for a plan; card details are processed on their side and we do not store them.

6. International transfers

The Operator is based in Georgia, and our providers may be located outside your country, including the USA and the EU. Where we transfer personal data internationally, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) to ensure an adequate level of protection.

7. Data retention

We keep data for as long as your account is active and as needed for the purposes described here. After account deletion we delete or anonymise data within a reasonable period, except information we must retain by law (such as payment records for accounting).

8. Security

We apply organisational and technical measures: password hashing, encrypted transmission over HTTPS, role-based access control and least-privilege access. No method of transmission over the internet is fully secure, so we cannot guarantee absolute security.

9. Your rights

If you are a client of a studio, please contact that studio first for matters concerning your data, as it is the controller. Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate data;
  • request erasure or restriction of processing;
  • object to processing and request data portability;
  • withdraw consent at any time;
  • lodge a complaint with a data protection authority.

10. Cookies

The Service uses only functionally necessary cookies for sign-in, session and language preference. We do not set third-party advertising cookies. You can manage cookies in your browser, but disabling them may break some features.

11. Changes to this Policy

We may update this Policy. The current version is always available on this page with the last-updated date. We will make reasonable efforts to notify users of material changes.

12. Contact

For privacy questions contact us at vitaliy.dudarevich@gmail.com, Individual Entrepreneur Vitaliy Dudarevich, Georgia.