← Back to home

Privacy Statement

Last updated: May 19, 2026

1. Who We Are

The Workshop Deck is operated by Facilitators' Corner, the data controller responsible for your personal data.

Facilitators' Corner

Terspautlosweg 18, 3090 Overijse, Belgium

VAT: BE1033331201

Email: mehdi@facilitators-corner.com

2. What Personal Data We Collect

We collect the following personal data when you use the Service:

  • Account information: your name, email address, and profile picture (provided via Google OAuth or magic link authentication).
  • Usage data: pages visited, features used, interactions within the app, session duration, and similar analytics data collected via PostHog.
  • Device and technical data: browser type, operating system, screen resolution, and IP address (anonymised where possible).
  • User-generated content: custom activities, workshop agendas, notes, and other content you create through the Service.
  • Payment data: if you make a purchase, payment details are collected and processed by our payment provider. We do not store full payment card details.

3. Why We Process Your Data (Legal Bases)

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6(1)(b)): to provide you with the Service, manage your account, process payments, and deliver the features you signed up for.
  • Consent (Art. 6(1)(a)): for analytics cookies (PostHog). You can grant or withdraw consent at any time via our cookie banner or Cookie Notice page.
  • Legitimate interest (Art. 6(1)(f)): for security measures, fraud prevention, and improving the Service.
  • Legal obligation (Art. 6(1)(c)): where we are required to retain data for tax, accounting, or legal compliance purposes.

4. Who We Share Your Data With

We do not sell your personal data. We share data only with trusted service providers that help us operate the Service:

  • Supabase (EU region), database, authentication and file storage.
  • Vercel, application hosting and edge delivery.
  • PostHog (EU region), product analytics (only when you have given consent).
  • Google, OAuth authentication (when you sign in with Google).
  • Resend, transactional email delivery (magic links, team invitations, account notifications).
  • LemonSqueezy, payment processing and invoicing for paid plans. We do not store full payment card details.

These providers act as data processors and are contractually obligated to process your data only on our instructions and in compliance with the GDPR.

5. International Data Transfers

Some of our service providers may process your data outside the European Economic Area (EEA). Where this is the case, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.

6. How Long We Keep Your Data

We retain your personal data only as long as necessary:

  • Account data: deleted from our active database when you delete your account from the app settings. Database backups containing your data are retained for up to 30 days for disaster recovery and then automatically purged.
  • Analytics data: anonymised or deleted within 24 months.
  • Payment and webhook audit records: retained for up to 12 months for refund handling and fraud prevention, and longer where required by Belgian tax and accounting law (up to 7 years).
  • Team invitations: the invited email is retained for the lifetime of the team unless the team owner removes the invitation or deletes the team.

7. Your Rights Under the GDPR

As a data subject, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data ("right to be forgotten").
  • Restriction — ask us to restrict the processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — withdraw consent at any time (e.g., for analytics cookies).

To exercise any of these rights, please contact us at mehdi@facilitators-corner.com. We will respond within 30 days.

8. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données (APD)

Rue de la Presse 35, 1000 Brussels, Belgium

Website: www.autoriteprotectiondonnees.be

9. Cookies

We use cookies and similar technologies on the Service. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Notice.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Statement or how we handle your personal data, please contact us:

Facilitators' Corner

Terspautlosweg 18

3090 Overijse, Belgium

Email: mehdi@facilitators-corner.com