Skip to main content

GDPR & Customer Privacy

Privacy laws like the GDPR give your customers the right to ask what data you hold on them, get a copy of it, and have it erased. EquipDash answers all three with one-click tools on the customer's page — no technical work needed.

Download everything you hold on a customer

When a customer asks "what data do you have on me?" (a subject access request):

  1. Open Customers in the sidebar and click the customer.
  2. Click Privacy in the top-right corner of their page.
  3. Click Download customer data.

You'll get a ZIP file containing:

  • summary.html — a readable summary you can hand straight to the customer.
  • data.json — a machine-readable copy (this satisfies the GDPR's data portability requirement).

The export covers everything: their profile, consent history, all bookings, participant records, signed waivers and form answers, emails and texts sent to them, notes, and custom fields.

tip

You have one month to answer an access request under GDPR. With the export button it takes one minute — done.

Erase a customer ("right to be forgotten")

When a customer asks you to delete their personal data:

  1. Open the customer's page.
  2. Click PrivacyForget this customer.
  3. Read the confirmation and click Erase data.

What happens depends on their history:

  • Customer with bookings — their name, contact details, signed waivers, messages, and notes are permanently erased. The bookings and payment records stay in your reports for tax and accounting purposes, but with no personal details attached (the customer shows as "Deleted Customer").
  • Customer with no bookings — the entire record is deleted.
warning

Erasure cannot be undone. If the customer might come back, consider archiving them instead — archiving hides them from your lists but keeps their data.

Each customer's current status is shown on their page — the Marketing emails row in the Contact information card reads Subscribed, Unsubscribed, or Not asked.

EquipDash records marketing consent automatically and enforces it for you:

  • Opt-in at checkout — when the marketing opt-in checkbox is enabled on your booking widget (Settings → Widget), each tick is recorded with the date, time, and source. You have an auditable consent trail without doing anything.
  • One-click unsubscribe — every campaign email you send includes an unsubscribe link in the footer. When a customer clicks it, they're excluded from all future campaigns automatically.
  • SMS opt-out — customers can reply STOP to any text message. The opt-out is recorded and enforced automatically.

Booking-related emails (confirmations, reminders, receipts) are not marketing and keep being delivered — unsubscribing only stops campaigns.

Who can use these tools

The privacy actions follow your existing team permissions:

  • Download customer data needs the Export customers permission.
  • Forget this customer needs the Delete customers permission.

Admins have both by default. You can adjust these per role in Settings → Team.

Your DPA and our sub-processors

Your EquipDash subscription includes a Data Processing Addendum — the GDPR contract that covers EquipDash processing data on your behalf. The list of service providers we use is published at equipdash.com/subprocessors, and an overview of how EquipDash supports your GDPR obligations is at equipdash.com/gdpr.