EquestrianOSBack

Privacy Policy

Last updated: March 1, 2026

Trail Barns operates EquestrianOS at lessons.trailbarns.com. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

1. Who We Are

Trail Barns ("we", "us", "our") operates the EquestrianOS platform, a riding school management system available at lessons.trailbarns.com. We act as the data controller for personal information collected through this platform.

If you have any questions about this policy or how we handle your data, please contact us at [email protected].

2. What Data We Collect

We collect the following categories of personal data:

Account & Identity

  • Name and email address (provided during sign-in via Manus OAuth)
  • Profile information associated with your Manus account
  • Role within the platform (owner, instructor, parent)

Student Records

  • Student first and last name, date of birth, and enrollment date
  • Guardian / parent name and contact email
  • Riding level, skill evaluations, and progress records
  • Lesson history, attendance, and instructor notes
  • Subscription tier and lesson allowance usage

Scheduling & Calendar Data

  • Scheduled lesson dates, times, duration, and lesson type
  • Instructor availability slots and horse day-off records
  • If you connect Google Calendar: OAuth access tokens (stored encrypted) and the calendar ID used for event sync. We only create, update, and delete events in your calendar — we do not read your existing events.

Horse & Facility Records

  • Horse name, breed, age, and health notes
  • Barn name and configuration settings

Usage Data

  • Page views and feature interactions (collected via our analytics service)
  • Session cookies used to maintain your login state
  • Server logs including IP address, browser type, and request timestamps

3. How We Use Your Data

PurposeLegal Basis
Providing and operating the platform (scheduling, progress tracking, billing)Contract performance
Authenticating your identity and maintaining your sessionContract performance
Syncing lessons to your connected Google CalendarConsent (you explicitly connect your calendar)
Sending lesson reminders and operational notifications to barn ownersLegitimate interest
Improving the platform through aggregated usage analyticsLegitimate interest
Complying with legal obligations (e.g. tax records, safeguarding requirements)Legal obligation

4. Google Calendar Integration

If you choose to connect your Google Calendar, we request the following OAuth scopes:

  • calendar.events — to create, update, and delete lesson events in your calendar
  • calendar.readonly — to check for scheduling conflicts

We store your OAuth access token and refresh token in our database, encrypted at rest. We use these tokens solely to sync lesson events on your behalf. We do not read, analyse, or share the contents of your Google Calendar. You can revoke access at any time by clicking "Disconnect" in the Calendar or Availability page, or by removing EquestrianOS from your Google Account permissions.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only in the following circumstances:

  • Service providers: We use Manus (authentication and hosting infrastructure), TiDB (database), and Amazon S3-compatible storage for file uploads. These providers process data on our behalf under data processing agreements.
  • Google: When you connect Google Calendar, lesson event data is sent to Google's Calendar API. Google's Privacy Policy governs how Google handles that data.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.
  • Business transfer: If Trail Barns is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the service. Student records, lesson history, and evaluation data are retained for the duration of the student's enrollment plus a period of up to 3 years thereafter to support continuity of care and legal compliance. Google Calendar tokens are deleted immediately upon disconnection.

You may request deletion of your data at any time by contacting us at [email protected]. We will fulfil deletion requests within 30 days, subject to any legal retention obligations.

7. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Encrypted storage of OAuth tokens at rest
  • Session cookies signed with a secret key (HttpOnly, Secure)
  • Role-based access control — instructors, parents, and owners see only the data relevant to their role
  • Database access restricted to application-layer connections only

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

8. Children's Privacy

EquestrianOS is designed to be used by riding school operators (adults) to manage student records, which may include records for minors. We do not knowingly collect personal data directly from children under 13. All student data for minors is entered by the barn owner or instructor on behalf of the student's guardian. Parents and guardians may request access to, correction of, or deletion of their child's data by contacting us at [email protected].

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: request that we limit how we process your data
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: where processing is based on consent (e.g. Google Calendar), you may withdraw at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies

We use the following cookies:

CookiePurposeDuration
sessionMaintains your authenticated session after login7 days (rolling)
Analytics cookiesAggregated, anonymised page view and feature usage statisticsSession / 1 year

We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in to the platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify barn owners by email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, data requests, or concerns, please contact:

Trail Barns

Email: [email protected]

Website: lessons.trailbarns.com