// Trust & data
Studios run on uptime and trust, not vibes. Here's what's actually wired in — with the engineering primitives behind each promise so you can audit it yourself.
Front-end on Vercel Frankfurt, Payload CMS and Postgres on Render Amsterdam. Member personal data never leaves the continent. Card data is handled by Stripe under PCI DSS — we only store Stripe customer IDs.
Vercel Frankfurt · Render Amsterdam
Every Stripe event is signed and deduplicated against a `ProcessedStripeEvents` ledger — retries never cause double-charges. Bookings deduct credits first, verify capacity, then commit. Oversells roll back and refund the credit automatically.
Webhook idempotency · Atomic bookings
Tenant isolation is enforced in Payload access functions (`readByTenant`, `writeByTenant`, `injectOrganization`) on every business collection — not just hidden in the UI. A trainer in studio A cannot read studio B's bookings, members or revenue. Ever.
Payload access fns · organization scope hook
Stripe is the source of truth for billing — if you leave Clay, your subscriptions keep running on your own Stripe. Members and bookings export to CSV from the admin. After cancellation we hold data for 30 days so you can take everything, then permanently delete.
CSV export · Stripe Connect · 30-day delete
Verified against the internal production-readiness audit (April 2026). The full verdict is published in our docs — ask if you want a copy.
No demo needed. Free to create your tenant, monthly cancellable, your brand from day one. Connect Stripe Connect when you're ready to take the first booking — we'll never touch the money.