Privacy Policy

Effective Date: April 14, 2026

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our appointment scheduling service ("the Service"). We are committed to safeguarding your privacy and handling your data transparently.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data We Collect

We collect the following personal data when you register or use the Service:

• Name — to identify you within the system and in appointments.
• Email address — for account authentication, communication, and notifications.
• Phone number — for appointment-related contact purposes.
• Password — stored in a securely hashed format for account authentication.

If you sign in using Google OAuth, we receive your name and email address from Google. We do not receive or store your Google password.

2. How We Use Your Data

Your personal data is used exclusively for the following purposes:

• Creating and managing your account.
• Scheduling, modifying, and cancelling appointments.
• Sending email notifications such as appointment confirmations, reminders, and updates.
• Providing customer support when you contact us.
• Maintaining the security and integrity of the Service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual necessity — processing is required to provide the Service you signed up for (e.g., managing your account and appointments).
• Consent — where you explicitly agree to data processing, such as when you register for an account or sign in via Google OAuth.
• Legitimate interest — to maintain the security, performance, and reliability of the Service.

4. Third-Party Services

We use the following third-party services:

• Google OAuth — if you choose to sign in with Google, your authentication is handled by Google. Their use of your data is governed by Google's Privacy Policy.
• Email delivery provider — we use a third-party email service to send transactional emails (confirmations, reminders). These providers process your email address solely for the purpose of delivering messages on our behalf.

We do not use analytics trackers, advertising networks, or any other third-party services that profile your behaviour.

5. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Password hashing using industry-standard algorithms.
• Encrypted connections (HTTPS) for all data in transit.
• Access controls limiting data access to authorized personnel only.

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service. If you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, unless we are required by law to retain it for a longer period.

Appointment records may be retained in anonymized form for operational and analytical purposes after account deletion.

7. Your Rights

You have the following rights regarding your personal data, in accordance with applicable data protection laws:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate or incomplete data.
• Right to erasure — you may request deletion of your personal data, subject to legal obligations.
• Right to restriction — you may request that we limit how we process your data in certain circumstances.
• Right to data portability — you may request your data in a structured, commonly used, machine-readable format.
• Right to object — you may object to processing based on legitimate interest.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details provided in Section 10.

8. Cookies

We use strictly necessary cookies to maintain your session and authentication state. We do not use cookies for advertising, tracking, or analytics purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the Service. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at the email address provided on the Service.