Last updated: July 5, 2026
This Privacy Policy explains how Westra ("Westra", "we", "us") collects, uses, and protects personal data in connection with Westra (the "Service"). It should be read alongside our Terms of Service.
This is a general‑purpose template intended to be reviewed by qualified legal counsel and completed with your registered business and contact details — including under Indonesia's Personal Data Protection Law (Law No. 27 of 2022) and any other law applicable to your business — before being relied upon in production.
Westra is multi‑tenant software used by independent businesses ("Studios") to manage their own clients, providers, and leads. For a Studio's own account data (e.g. the business name, the admin's name/email/phone, and billing details), Westra acts as the data controller. For personal data a Studio enters about its Clients, Providers, and Leads ("Studio Data"), the Studio is the data controller and Westra acts only as a data processor, processing that data solely to provide the Service on the Studio's instructions. If you are a client, provider, or lead of a Studio and have a question about your personal data, please contact that Studio directly — we will assist the Studio in responding to your request.
We do not sell personal data, and we do not use Studio Data to serve advertising.
We retain account and Studio Data for as long as the relevant account/tenant is active. Certain records (e.g. deleted clients, sessions, or leads) are initially soft‑deleted and recoverable for a limited period before permanent deletion. When a Studio closes its account, we retain its data for a reasonable period to allow export, after which it is deleted or anonymized, except where we are required to retain it for legal, accounting, or security purposes.
Access to Studio Data is scoped per tenant and further restricted by role‑based permissions within each Studio. Passwords are hashed, sensitive integration tokens (e.g. Google Calendar credentials) are encrypted at rest, and uploaded files are served through access‑checked, non‑public storage. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Depending on your location and applicable law (including Indonesia's Personal Data Protection Law), you may have rights to access, correct, delete, or export your personal data, to withdraw consent, or to object to certain processing. Studio admins/managers can access, correct, and delete data through the Service itself; account holders may update their own profile from within the app. If you are a Studio's client, provider, or lead, please direct these requests to that Studio in the first instance — we will support the Studio in fulfilling them as its processor. Otherwise, contact us at hello@getwestra.com.
Depending on where our infrastructure providers operate, personal data may be processed in a country other than where you or the relevant Studio are located. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place consistent with applicable data protection law.
The Service itself is intended for use by business staff, providers, and their adult clients — it is not directed at children as account holders. Some Studios (e.g. music schools, swim schools, tutoring centres) may store records about minors as part of their own client base (for example, a child's name, date of birth, or guardian contact). That data is Studio Data controlled by the Studio, which is responsible for ensuring it has an appropriate legal basis (such as parental/guardian consent) to collect and store it.
We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by other reasonable means, and the "Last updated" date above will reflect the most recent revision.
Questions about this Privacy Policy or how your data is handled can be sent to hello@getwestra.com.
See also our Terms of Service.