Longrein.

Legal

Privacy Policy

Effective: 2026-05-02 · Last updated: 2026-05-02

1. Who is the controller

Longrein is operated by Andreja Adaranda, a sole trader registered in Vilnius, Lithuania. We act as the data controller for the data described below. Contact: hello@longrein.eu.

2. What data we collect

Data you give us when you sign up or use the Service:

  • Account: email, full name, role, password (hashed), optional phone, optional photo URL.
  • Stable data: stable name, address (optional), opening hours, services, price list.
  • Operational data: horses (name, age, breed, owner, photo, health records, weekly limit), clients (name, email, phone, skill level, emergency contact), lessons, sessions, payments, expenses, charges, notes.

Data we collect automatically:

  • Login timestamps, IP address, browser user agent, device type (for security and abuse detection).
  • Audit log entries — who created, edited, or deleted records inside your Stable.
  • Cookies — see the Cookie Policy.

3. Why we collect it (legal bases)

  • Contract (GDPR Art. 6(1)(b)) — to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse, debug issues, and improve the product.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and any optional marketing emails.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and law-enforcement requests.

4. Who we share it with (processors)

We do not sell personal data. We share it only with the processors below, under written data processing agreements:

  • Supabase Inc. (USA, EU region: Ireland) — primary database, file storage, and authentication. Customer Data is hosted in West EU (Ireland).
  • Vercel Inc. (USA, EU region: Frankfurt) — application hosting and edge delivery.
  • Resend Inc. (USA) — transactional email (welcome, password reset, team invites, lesson reminders).
  • Hostinger (Lithuania) — domain registration for longrein.eu.

Where data is transferred outside the EU/EEA, we rely on EU Standard Contractual Clauses and the providers' supplementary measures.

5. How long we keep it

  • Active account data — for as long as your Stable account is active.
  • Closed account data — exportable for at least 30 days after closure, then deleted from active systems within 60 days; deleted from backups within 90 days.
  • Audit log entries — retained for 36 months for security and dispute resolution.
  • Email server logs — 30 days.
  • Tax / accounting records — as required by Lithuanian law (currently 10 years for invoices once issued).

6. Your rights (GDPR)

You have the right to:

  • access the personal data we hold about you;
  • have it corrected if inaccurate;
  • have it deleted (“right to be forgotten”) where applicable;
  • have it exported in a portable format (we provide CSV export from Settings → Backup);
  • object to or restrict processing;
  • withdraw consent for any consent-based processing at any time;
  • lodge a complaint with the Lithuanian State Data Protection Inspectorate (VDAI) or your local supervisory authority.

To exercise any of these, email hello@longrein.eu. We respond within 30 days.

7. Security

We use industry-standard measures: HTTPS-only, hashed passwords, optional two-factor authentication, row-level security in the database (every query is filtered by your Stable), regular backups, access logging, principle of least privilege for engineering access. No system is perfectly secure; in the event of a breach affecting your data we will notify you and the supervisory authority within 72 hours, as required by GDPR Art. 33 / 34.

8. Children

The Service is intended for B2B use. Stables may store data about minor riders (lesson clients) — that data is your responsibility as the controller of your stable, with Longrein acting as a processor for the minor-related data. Do not sign up to use the Service yourself if you are under 16.

9. Changes to this policy

We may update this Policy. Material changes are notified by email at least 14 days before they take effect. The “Last updated” date above always reflects the latest version.

10. Contact

Privacy questions: hello@longrein.eu.

This Policy is a working draft for the Founding Members beta. It will be reviewed by qualified counsel before paid customers sign on.