Skip to content
GoToSauna

Privacy Policy

Last updated: April 2026

GoToSauna ("we", "us", "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights under the GDPR.

Information we collect

When you use GoToSauna, we may collect: account information (email, name, profile picture via Supabase Auth), booking information (dates, guest counts, messages to hosts), payment information (processed by Stripe — we never store card details), and usage data (pages visited, search queries, anonymized clicks).

How we use your data

We use your data to provide and improve the GoToSauna service, process bookings and payments, send transactional emails (confirmations, receipts), respond to support requests, and comply with legal obligations.

Legal basis (GDPR Article 6)

We process your personal data on the following legal bases: performance of a contract (to fulfill bookings), legitimate interest (to improve the service and prevent fraud), legal obligation (to comply with accounting and tax law), and consent (for optional analytics and marketing).

Data sharing

We share data only with: hosts when you book with them, payment processors (Stripe), email providers (Resend), and infrastructure providers (Supabase, Vercel). We never sell your personal data to third parties.

Data retention

We keep your account data as long as your account is active. Booking records are kept for 7 years to comply with accounting law. You can request deletion at any time — see "Your rights" below.

Your rights (GDPR)

If you are in the EU/EEA, you have the right to access, correct, delete, restrict processing, and export your personal data. You can also object to processing and lodge a complaint with your local data protection authority. Use the "Export my data" and "Delete account" buttons in your profile, or email privacy@gotosauna.com.

Cookies

We use essential cookies for authentication and optional analytics cookies. You can manage your preferences via the cookie banner or on our Cookie Policy page.

International transfers

Your data may be stored in the EU (Supabase) and transferred to the US for specific services (Stripe, Sentry) under Standard Contractual Clauses.

Children

GoToSauna is not intended for users under 18. We do not knowingly collect data from children.

Contact

Questions about this policy? Email our Data Protection Officer at privacy@gotosauna.com.