Privacy Policy

Organize (“we,” “our,” or “us”) operates the Organize platform — a post-production studio operations and billing management system. This Privacy Policy describes how we collect, use, disclose, and safeguard information about individuals who access or use our services, visit our website, or otherwise interact with us (collectively, “you” or “the User”).

This Policy applies to all personal data processed in connection with our platform, whether you are a studio owner, team member, or a client of a studio using our services. By accessing or using the platform, you acknowledge that you have read, understood, and agree to the practices described herein.

We are committed to processing personal data in accordance with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR) where applicable, and equivalent national and regional data protection legislation.

We collect the following categories of personal data, each strictly limited to what is necessary for the stated purpose:

Account and Identity Data. Name, email address, phone number, and any profile information you provide when creating or managing an account on the platform.

Studio and Business Data. Studio name, business address, tax identification numbers, banking details supplied for invoicing and payment reconciliation purposes, and any custom fields you configure within the platform.

Client Data. Contact and billing information about your clients that you enter into the platform. You are the data controller for this information; we process it solely on your behalf as a data processor.

Usage and Technical Data. IP address, browser type, operating system, device identifiers, session timestamps, pages visited, and feature interactions. This data is collected automatically through server logs and first-party analytics.

Communications Data. Any content you send to us via support channels, feedback forms, or email correspondence.

We process personal data only where a lawful basis exists. The primary bases we rely upon are as follows:

Contractual Necessity. Processing required to perform our agreement with you — including provisioning your account, executing bookings, generating invoices, and facilitating payments.

Legitimate Interests. Processing necessary for our legitimate business interests, such as fraud prevention, security monitoring, and product improvement, provided these interests are not overridden by your fundamental rights.

Legal Obligation. Processing required to comply with applicable laws, including tax, accounting, and anti-money laundering obligations.

Consent. Where we rely on consent — for example, for optional marketing communications — you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Personal data collected is used exclusively for the following purposes:

(a) To create, maintain, and secure your account; (b) to provide and operate the platform's core features including scheduling, invoicing, project tracking, and client management; (c) to process payments and maintain accurate financial records; (d) to send transactional communications such as booking confirmations, invoice notifications, and system alerts; (e) to diagnose technical issues and improve platform performance; (f) to comply with legal, regulatory, and audit obligations; and (g) to detect and prevent fraudulent, abusive, or unlawful activity.

We do not use your data for automated decision-making that produces legal or similarly significant effects without human oversight.

We do not sell, rent, or trade personal data. We disclose data only in the following circumstances:

Service Providers (Sub-processors). We engage trusted third-party vendors to support infrastructure, payment processing, and communications. Each sub-processor is bound by contractual data processing agreements providing protections equivalent to those in this Policy.

Legal Requirements. We may disclose data to law enforcement or regulatory authorities when required by a valid legal order, subpoena, or applicable law, and where legally permissible, we will notify you prior to such disclosure.

Business Transfers. In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to the same protections described here.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Account data is retained for the duration of your subscription and for a period of up to seven (7) years thereafter to satisfy tax and accounting obligations. Usage and technical data is retained for no longer than twenty-four (24) months.

Upon expiry of the applicable retention period, data is securely deleted or anonymised such that it can no longer be attributed to any individual.

Subject to applicable law, you have the following rights with respect to your personal data:

Right of Access. You may request a copy of the personal data we hold about you.

Right to Rectification. You may request correction of inaccurate or incomplete data.

Right to Erasure. You may request deletion of your personal data where there is no legitimate basis for continued processing.

Right to Portability. You may request a machine-readable copy of data you have provided to us.

Right to Object. You may object to processing based on legitimate interests, including profiling.

Right to Restriction. You may request that we restrict processing in certain circumstances while a dispute is resolved.

To exercise any of these rights, please contact us at the address below. We will respond within thirty (30) days. We may require verification of your identity before processing your request.

We use strictly necessary cookies to maintain authenticated sessions and preserve your preferences. We do not deploy third-party advertising cookies or cross-site tracking technologies. Functional cookies essential to the operation of the platform cannot be disabled without impairing service functionality.

Where personal data is transferred outside of the jurisdiction in which it was collected, we ensure that appropriate safeguards are in place — including Standard Contractual Clauses approved by the relevant supervisory authority — to provide a level of protection equivalent to that afforded under applicable data protection law.

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include encryption in transit and at rest, access controls, and regular security assessments. For a detailed description of our security practices, please refer to our Security Policy.

We may update this Policy from time to time. Where changes are material, we will notify you by email or by a prominent notice within the platform at least fourteen (14) days before the changes take effect. Your continued use of the platform after the effective date of a revised Policy constitutes acceptance of its terms.

For questions, complaints, or to exercise your data rights, please contact our privacy team at:

Organize
privacy@organize.so

If you are located in the European Economic Area and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.