Gott-Hughton Irish Dance Academy logoIda OS
Book a demo

Privacy Policy

Last updated: June 13, 2026

Overview

Ida OS (“Ida OS”, “we”, “us”, or “our”) is studio-management software for independent dance studios. This policy explains what personal information we collect, how we use and share it, how long we keep it, how we protect it, and the choices and rights you have. It also covers data accessed through connected third-party services such as Instagram.

Ida OS is operated from Calgary, Alberta, Canada. We handle personal information in accordance with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, and, where they apply, the EU and UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended (CCPA/CPRA).

Our role: controller and processor

Most data in Ida OS is entered by a studio to run its business (for example, family, student, scheduling, and billing records). For that data the studio is the controller (it decides why and how the data is used) and Ida OS acts as a processor / service provider, handling the data on the studio's behalf and under its instructions. If you are a parent, student, or family member, the studio is your primary point of contact for questions about your data, and we will refer most such requests to the studio.

For a limited set of data we determine the purposes ourselves and act as a controller — for example, account registration details for studio staff, billing and subscription records for studios, support communications, and security and service logs.

Information we collect

We collect the following categories of information:

  • Account & studio data: names, email addresses, phone numbers, studio name and address, login credentials, and roles.
  • Family & student data: the family, student, enrollment, attendance, waiver, and note records that studios enter to operate. This can include information about minors(see “Children's data”).
  • Scheduling data: classes, bookings, calendars, workshops, and competitions.
  • Payment data: tuition, invoices, and transaction history. Card details are collected and stored directly by Stripe, our payment processor; Ida OS does not store full card numbers.
  • Communications: emails and messages sent through the platform, and support requests you send to us.
  • Connected-service data:if a studio connects Instagram, basic profile information and recent media (see “Instagram data”).
  • Technical & usage data: IP address, device and browser information, and security and service logs generated when you use the application.

How we use information

We use personal information to:

  • Provide, operate, and maintain the Ida OS service.
  • Process payments and payouts and manage studio subscriptions.
  • Send transactional and studio-initiated communications (such as receipts, schedule changes, and parent updates).
  • Provide customer support and respond to requests.
  • Secure the service, prevent fraud and abuse, and debug issues.
  • Comply with legal, tax, and accounting obligations.

Where the GDPR applies, we rely on the following legal bases: performance of a contract; our legitimate interests in operating and securing the service; compliance with legal obligations; and consent where required (for example, certain optional integrations). For data we process on a studio's behalf, the studio is responsible for establishing the appropriate legal basis and consents.

Children's data

Ida OS is a tool used by dance studios, and studios may enter information about minors(such as a child's name, age or date of birth, class enrollment, and attendance) in order to deliver their services. Ida OS is not directed to children, and children do not create accounts or interact with us directly. We do not knowingly collect personal information directly from children.

When a studio enters a minor's information, the studio is the controller of that data and is responsible for obtaining any parental or guardian consent required by law. We process that information only to provide the service to the studio. If you believe a minor's information has been provided to us improperly, contact the relevant studio, or contact us at privacy@idaos.app and we will work with the studio to address it.

How we share information

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share information only as needed to run the service:

  • With the studio whose account the data belongs to, and its authorized staff.
  • With service providers (subprocessors) that help us operate, listed below, under contracts that require them to protect the data.
  • For legal reasons, when required by law or to protect rights, safety, and the integrity of the service.
  • In a business transfer, such as a merger, acquisition, or sale of assets, subject to this policy.

Service providers (subprocessors)

We rely on the following providers to deliver the service. Each is bound by confidentiality and data-protection obligations.

ProviderPurposeLocation
StripePayment processing, payouts, and Stripe Connect for studios.United States
SupabasePrimary database, authentication, and file storage.United States / EU (project-dependent)
ResendTransactional and studio-to-family email delivery.United States
VercelApplication hosting and content delivery.United States / global edge network
Meta Platforms (Instagram)Optional Instagram integration to display a studio's own posts (only when connected).United States

Instagram data

When a studio connects its Instagram (Professional) account, we access basic profile information and recent media via the Instagram API with Instagram Login, solely to display the studio's posts on its own pages. Access tokens are encrypted at rest. We do not post on your behalf, sell your data, or share it with third parties.

A studio can disconnect Instagram at any time from its dashboard settings, which deletes the stored token and cached posts. You can also remove the app from your Instagram account settings; we honor Instagram's deauthorization and data-deletion callbacks and remove the associated data.

Data retention

We keep personal information for as long as a studio's account is active and as needed to provide the service. When a studio closes its account, we delete or anonymize its data within a commercially reasonable period (typically within 90 days), except where we must retain certain records longer to meet legal, tax, or accounting requirements, resolve disputes, or enforce our agreements. Payment records held by Stripe are retained according to Stripe's own policies and applicable financial-record laws. Backups are purged on a rolling schedule.

Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, encryption of sensitive credentials at rest, access controls and role-based permissions, and regular review of our systems. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify affected parties and regulators as required by applicable law.

International data transfers

We and our service providers may process and store personal information in countries other than where you live, including the United States. Where required, we use appropriate safeguards for cross-border transfers, such as standard contractual clauses and comparable mechanisms, and our providers are contractually bound to protect the data.

Cookies and tracking

Ida OS uses cookies and similar technologies that are strictly necessary to operate the application, such as keeping you signed in and maintaining security. We do not use advertising cookies or sell information for advertising. If we introduce analytics or other non-essential technologies in the future, we will update this policy and provide any choices required by law.

Your rights and choices

Depending on where you live, you may have the following rights over your personal information:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your personal information, subject to legal and contractual retention obligations.
  • Export a copy of your information in a portable format.
  • Object to or restrict certain processing, and withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority (such as the Office of the Privacy Commissioner of Canada, your provincial regulator, or your EU/UK supervisory authority).

To exercise a right, email us at privacy@idaos.app. If your request concerns data a studio entered, we will refer you to, or coordinate with, that studio as the controller. We will not discriminate against you for exercising your rights.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify studios through the application or by email. Continued use of Ida OS after changes take effect means you accept the updated policy.

Contact

Questions about this policy or your data can be sent to privacy@idaos.app. You can also review our Terms of Service.