Toggle Side Panel

Privacy Policy

Last updated: 22 January 2026

This Privacy Policy explains how Bay Studios Oy (Business ID 2843231-5) (“Bay Studios”, “we”, “us”, “our”) processes personal data when you use programs.bay-studios.com (the “Service”). We process personal data in accordance with the EU General Data Protection Regulation (GDPR).

Controller and contact

Bay Studios Oy (Business ID 2843231-5)
Address: Kanavaranta 7 C 12, 00160 Helsinki, Finland
Email: hey@bay-studios.com

Personal data we process

Depending on how you use the Service, we may process:

  • Account and contact data: name, email address, username, login-related data
  • Profile/community data (if enabled): profile photo and content you choose to share (e.g., posts, comments, messages)
  • Learning data: enrollments, course progress, quiz results, assignments/submissions, certificates
  • Purchase and billing data: orders, receipts, payment status, VAT details where applicable
  • Support communications: messages and information you provide when contacting us
  • Technical data: IP address, device/browser information, logs and similar data needed for security and operation

We do not require special category data (such as health data). Please avoid sharing sensitive personal data in community areas.

Purposes and legal bases

We process personal data to:

  • Provide the Service and deliver training (accounts, access, course delivery, progress tracking, assessments, certificates)
    Legal basis: performance of a contract.
  • Process purchases and manage access (confirmations, receipts, subscription/access management if used, fraud prevention)
    Legal basis: performance of a contract; legitimate interests (security/fraud prevention).
  • Provide customer support and communications
    Legal basis: performance of a contract and/or legitimate interests.
  • Secure and maintain the Service (monitoring, logging, abuse prevention, troubleshooting)
    Legal basis: legitimate interests.
  • Meet legal obligations (e.g., accounting and tax recordkeeping)
    Legal basis: legal obligation.

Where processing is based on consent (for example, optional cookies), you can withdraw consent at any time.

Payments

Payments are processed by Stripe. We do not store full card details. Stripe processes payment and related data needed to complete transactions and help prevent fraud.

Sharing of personal data

We share personal data only as necessary to operate the Service, for example with service providers that support:

  • Hosting and infrastructure: currently Kinsta (EU/Finland) and related infrastructure partners required to operate the hosting environment
  • Payments: currently Stripe
  • Customer support and communications: currently Intercom

We may also share data with professional advisers (such as accountants) and authorities where required by law. We use appropriate contractual protections (including data processing terms) with relevant service providers.

International data transfers

Some service providers may process personal data outside the EU/EEA. Where required, we rely on appropriate safeguards for such transfers, such as Standard Contractual Clauses (SCCs) and/or other lawful transfer mechanisms.

Data retention

We keep personal data only as long as needed for the purposes described above, based on these criteria:

  • Account and learning data: kept while your account is active and as needed to provide the Service; deleted or anonymized within a reasonable period after account deletion, unless retention is required by law.
  • Purchase and accounting records: kept as long as required under applicable accounting and tax rules.
  • Security logs: kept for a limited period appropriate for security and incident investigation.

You can request deletion at any time, but some data may need to be retained to meet legal obligations.

Cookies

We use cookies and similar technologies for security and core functionality. If we use optional cookies (for example, analytics/attribution), we will request consent where required and provide a way to manage cookie preferences through the Service.

Your rights

Under GDPR, you may have the right to access, rectify, erase, restrict processing, object, and receive data portability. Where processing is based on consent, you may withdraw consent at any time.

To exercise your rights, contact: hey@bay-studios.com

Complaints

If you believe your data protection rights have been infringed, you can lodge a complaint with a supervisory authority.

Security

We apply appropriate technical and organizational measures to protect personal data (including access controls and security practices suitable for an online learning and e-commerce service) and minimize any risks.

Updates to this Policy

We may update this Privacy Policy from time to time. We will publish the updated version on this page and update the “Last updated” date.