425 SCHEDULER

Privacy Policy

Last updated: 20 April 2026

1. Who we are

LGH B.V., trading as 425 Scheduler, is the data controller responsible for your personal data. 425 Scheduler is built and operated by The 425 Group (the425group.com).

Address: Hellingweg 86, Den Haag, Netherlands
Email: privacy@scheduler.t425g.com

2. What data we collect

We collect and process the following categories of personal data:

Professionals (Pros):Name, email address, business name, city, country, profession type, billing information (processed via Stripe — we never store card details directly), subscription status, and usage data (session counts, invoice history).

Clients:Name, email address, and city — as entered by the Pro. Client data is controlled by the Pro and processed by us on their behalf.

Sessions:Dates, times, session types, duration, attendance status, and trainer notes — as entered by the Pro.

Invoices: Invoice numbers, line items, amounts, payment status, and due dates.

Waitlist signups: Name, email, city, profession, and any message submitted through our landing page.

3. Why we collect it (legal basis)

We process your data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the 425 Scheduler service, including account creation, session management, invoicing, and client portal access.
  • Legitimate interest (Art. 6(1)(f)): Platform security, fraud prevention, service improvement, and internal analytics. We balance these interests against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): Retention of financial records for tax compliance, and responding to legal requests from competent authorities.

4. Who we share your data with

We share your data only with the following processors, all of which have appropriate data processing agreements in place:

  • Stripe(payment processing) — Stripe, Inc. processes payment information. Stripe's privacy policy applies to card details. EU data processing agreement in place.
  • Supabase(database and authentication) — Hosted in the EU region (West Europe). Data processing agreement in place.
  • Vercel(application hosting) — US-based company. EU Standard Contractual Clauses in place for data transfers.
  • Resend(transactional email) — Used to send invoices, reminders, and notifications. Data processing agreement in place.

We do not sell your personal data. We do not share your data with advertisers or analytics companies. We do not use your data for profiling or automated decision-making.

5. Data retention

  • Active accounts: Your data is retained for as long as your subscription is active.
  • Cancelled accounts: After cancellation, your data is retained for 12 months to allow you to reactivate your account.
  • After 12 months: Personal data is deleted. Anonymised records may be retained for accounting and legal compliance.
  • Waitlist data: Retained until you are invited or request deletion.

6. Your rights

Under GDPR Articles 15–22, you have the following rights:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate personal data.
  • Right to erasure — Request deletion of your personal data (“right to be forgotten”). You can request account deletion via your account settings or by emailing us.
  • Right to data portability — Request your data in a structured, commonly used format.
  • Right to object — Object to processing based on legitimate interest.
  • Right to restrict processing — Request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@scheduler.t425g.com. We will respond within 30 days.

7. International data transfers

Some of your data may be processed outside the European Economic Area (EEA), specifically by Vercel (United States). We ensure adequate protection through EU Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit via TLS for all connections
  • Row-level security (RLS) in our database to isolate data between users
  • We never store payment card details — all payment data is handled by Stripe
  • Regular security reviews of our infrastructure
  • Access to personal data is limited to authorised personnel

9. Cookies

We use only essential cookies required for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics. See our Cookie Policy for details.

10. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 30 days before they take effect.