Introduction

SchedulHub ("we," "us," or "our") operates the SchedulHub booking platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy.

1. Information Collection

1.1 Personal Data

• Account Information: Full name, email address, phone number, business details, and credentials when you register.
• Payment Information: Credit card details, billing address, and transaction history processed through PCI-compliant third-party processors.
• Profile Information: Business hours, service offerings, staff details, and photos you upload.

1.2 Booking Data

• Client names, contact details, appointment history, and service preferences.
• Special requests, notes, and any health/safety information provided during booking.

1.3 Technical Data

• Device Information: IP address, browser type, operating system, and device identifiers.
• Usage Data: Pages visited, features used, clickstream data, and session duration.
• Cookies: We use essential, functional, and analytics cookies as detailed in our Cookie Policy.

2. Legal Basis for Processing (GDPR Compliance)

• Contractual Necessity: To fulfill our service obligations.
• Legitimate Interests: For business operations and service improvements.
• Consent: For marketing communications and non-essential cookies.
• Legal Compliance: When required by applicable laws.

3. Data Usage

• Provide and maintain our Service
• Process transactions and send booking confirmations
• Send automated appointment reminders via SMS/email
• Develop new features and improve service quality
• Prevent fraud and ensure platform security
• Communicate service updates and (with consent) marketing offers
• Comply with legal obligations

4. Data Sharing & Disclosure

4.1 Service Providers

• Payment processing (Stripe, Flutterwave)
• Cloud hosting and infrastructure
• Customer support tools
• Analytics and marketing services

All vendors undergo rigorous security assessments and are contractually bound to data protection obligations.

4.2 Business Transfers

In mergers, acquisitions, or asset sales, user data may be transferred with appropriate confidentiality protections.

4.3 Legal Requirements

• Comply with legal processes
• Protect against legal liability
• Prevent harm to individuals or property

5. International Data Transfers

• EU Standard Contractual Clauses for EEA transfers
• Adequacy decisions where applicable
• Additional safeguards for sensitive data

6. Data Security

• 256-bit SSL encryption for all data transmissions
• Regular security audits and penetration testing
• Role-based access controls
• Multi-factor authentication options
• Annual staff security training

Despite these measures, no internet transmission is 100% secure. Users should protect their account credentials and notify us immediately of any unauthorized access.

7. Data Retention

• Service provision and business operations
• Legal/compliance requirements
• Dispute resolution

Inactive accounts are deleted after 24 months of dormancy. Clients may request earlier deletion per Section 8.

8. Your Rights

• Access: Request copies of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion under certain conditions
• Restriction: Limit processing of your data
• Portability: Receive your data in a structured format
• Object: Opt-out of certain processing activities
• Withdraw Consent: For consent-based processing

To exercise these rights, contact us at [email protected]. We respond to all requests within 30 days.

9. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect children's data. Parents/guardians discovering such collection should contact us immediately for deletion.

10. Third-Party Links

Our Service may contain links to third-party sites. We are not responsible for their privacy practices and encourage users to review their policies separately.

11. Policy Updates

• Email notification to registered users
• Prominent website notices
• In-app alerts for active users

Continued use after changes constitutes acceptance of the revised policy.

12. Contact

If you have any questions about this Privacy Policy, please contact us at [email protected].