Privacy Policy

This policy explains how Classia (a product of Toskaas Limited) collects and uses personal data when you use our service, visit our public pages, or contact support. We follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are and how to contact us

Classia is a product of Toskaas Limited, a company registered in England and Wales (Company Number: 16275508). Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

For privacy questions, contact [email protected].

Our role and the role of class providers

For the purposes of UK GDPR:

• Class providers (studios and organisers) are the data controllers for personal data about parents/guardians, participants, and staff in their account.

• Classia is a data processor for class providers. We are a data controller for our own operations (account management, security, billing, analytics, and legal compliance).

Personal data we collect

Account and staff data

• Names, email addresses, and phone numbers for users and teachers

• Login credentials (password hashes, login codes, email confirmation status)

• Studio and account details (name, address, website, public profile settings)

• Class, term, studio, and schedule information

• Geocoding data for addresses (coordinates and geocode responses)

Parents and guardians

• Names, email addresses, and phone numbers

• Enrolment requests, relationship to participant, and approvals

• Support messages and communications about classes

Participants (children or adults)

• Name, date of birth, and enrolment details

• Attendance records and class bookings

• Photo consent flags where recorded

Adults may have their own accounts. Children do not create user accounts and are managed by a parent or guardian.

Payments data

When class providers enable payments, Stripe processes payment details. Classia does not store card or bank details. We receive limited transaction and payout information (such as payment status, amounts, and Stripe account status).

Support and communications

If you use the support widget or contact us, we store your messages, conversation history, and limited context (such as visitor identifiers, IP address, and user agent) to provide support and maintain audit trails.

Technical data

We log device and usage data such as IP address, browser type, session identifiers, and timestamps. Login codes also record IP address and user agent to prevent abuse.

How we use personal data and our lawful bases

We use personal data to:

• Provide and operate the Classia platform (contract)

• Manage classes, enrolments, attendance, and staffing (contract)

• Facilitate payments and Stripe Connect onboarding (contract)

• Send service emails such as login codes, password resets, and support replies (contract)

• Maintain security, prevent misuse, and enforce rate limits (legitimate interests)

• Meet legal, tax, and regulatory obligations (legal obligation)

We do not sell personal data or use it for advertising or profiling.

Cookies and similar technologies

We use cookies and local storage to keep you signed in, remember your cookie preferences, and support the help widget. We also use Google Tag Manager for analytics where you consent.

• Essential: session cookies, security, and consent preferences.

• Analytics: measurement through Google Tag Manager (only if you opt in).

You can manage cookie preferences via the cookie banner or the floating cookie button on our site.

Who we share data with

We use trusted service providers to operate Classia. These include:

• Stripe (payments and Stripe Connect)

• Cloudflare (Turnstile bot protection and R2 file storage)

• Resend (transactional email delivery)

• Sentry (error monitoring, with no default PII)

• Google Tag Manager (analytics, only with consent)

We may also share data with professional advisers or authorities where required by law.

International transfers

Some of our providers process data outside the UK. Where that happens, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

How long we keep data

We keep personal data only for as long as needed to provide the Service, meet legal obligations, and resolve disputes. Examples:

• Account and class data stays while an account is active.

• Support conversations are retained for continuity and audit.

• Security logs and session data are retained for fraud prevention.

Security

We use security controls such as access restrictions, secure cookies, and encrypted transport. No system is completely secure, but we minimise data collection and protect it appropriately.

Your rights

Under UK GDPR, you can:

• Access, correct, or delete your personal data

• Object to or restrict processing

• Request data portability

• Withdraw consent (where consent is the basis)

Contact [email protected] to exercise these rights. We may need to verify your identity.

Children and safeguarding

Classia is used for classes involving children. Children do not create user accounts. Class providers and parents/guardians are responsible for ensuring appropriate consent and safeguarding practices. We limit children's data to what is needed for class management.

Public class pages

Where a class provider enables a public Classia page, certain non-personal information may be displayed publicly, including:

• School or studio name

• Class descriptions, schedules, and age ranges

Personal contact details for parents, guardians, or participants are never displayed publicly.

Public visibility is subject to verification requirements designed to protect families and ensure platform trust.

Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date and, where appropriate, provide notice in the Service.