Privacy policy
1. Controller
90day.business
Palma, España
CIF: B26633875 · VAT: ESB26633875
Email: hello@90day.business
90day.business is built and operated by the 90day.business team.
2. What data we collect
- Waitlist: email address, signup source, language preference, consent timestamp, and policy version.
- Enrolled students: name, email, password (hashed by our auth provider), course progress, and payment reference.
- Technical data: server logs from our hosting provider (IP address, browser type, timestamps) for security and reliability.
3. Why we process your data
- Waitlist emails: with your consent (Art. 6(1)(a) GDPR) to send launch updates and early-bird offers.
- Course delivery: to perform our contract with you when you enrol (Art. 6(1)(b) GDPR).
- Security and fraud prevention: legitimate interest (Art. 6(1)(f) GDPR).
4. Processors and third parties
We use the following service providers to operate 90day.business:
- Supabase - database and authentication (EU-hosted where configured)
- Stripe - payment processing
- Resend - transactional and waitlist emails
- Vercel - website hosting and privacy-friendly analytics
We do not sell your personal data. Processors act on our instructions and under data processing agreements where required.
5. Retention
- Waitlist data is kept until you unsubscribe or 12 months after programme launch, whichever comes first.
- Student account and progress data is kept for the duration of your access plus applicable legal retention periods.
6. Your rights
Under GDPR you may request access, correction, deletion, restriction, portability, or object to processing. You may withdraw consent at any time (e.g. via the unsubscribe link in our emails) without affecting prior lawful processing.
Contact us at hello@90day.business. You also have the right to lodge a complaint with your local supervisory authority.
7. Cookies
The marketing site uses no marketing cookies. When you log in, essential session cookies are set by our authentication provider to keep you signed in. We use privacy-friendly analytics that do not use cross-site tracking cookies.
8. Changes
We may update this policy. Material changes will be reflected in the version date above. Continued use after an update constitutes acceptance where permitted by law.