Privacy Policy

At Attenda ("we", "our", or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our no-show protection service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Business name and type
• Authentication credentials

1.2 Calendar Data

When you connect your calendar, we access appointment information including:

• Event titles, dates, and times
• Client names and contact information from event details
• Event descriptions and notes

Important: We only access calendar data necessary to provide our no-show protection service. We do not access or store the content of your personal events unrelated to appointments.

1.3 Payment Information

Payment processing is handled by Stripe, our third-party payment processor. We do not store complete credit card numbers on our servers. We receive and store:

• Last four digits of card numbers (for display purposes)
• Card brand and expiration date
• Billing address
• Transaction history

1.4 Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information
• Usage patterns and feature interactions
• Performance and error data

2. How We Use Your Information

We use the collected information to:

• Provide and maintain our no-show protection service
• Send appointment confirmations and reminders to your clients
• Process card authorizations and no-show charges
• Communicate with you about your account and our services
• Improve and optimize our service
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. Information Sharing

We do not sell your personal information. We may share information with:

3.1 Service Providers

• Stripe: Payment processing and card authorization
• Google: Calendar integration (via OAuth)
• Resend: Email delivery
• Supabase: Database and authentication infrastructure

3.2 Your Clients

When sending confirmations, we share relevant appointment details with your clients, including your business name, appointment time, and no-show policy terms.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

4. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with magic links
• Regular security audits and updates
• Access controls and employee training
• Secure third-party service providers

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account deletion:

• Account data is deleted within 30 days
• Transaction records are retained for 7 years (legal requirement)
• Anonymized analytics data may be retained indefinitely

6. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data
• Withdraw consent for optional processing
• Lodge a complaint with a supervisory authority

For EU residents, see our GDPR page for additional rights and information.

7. Cookies and Tracking

We use cookies and similar technologies to operate our service. For detailed information, please see our Cookie Policy.

8. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. Your continued use after changes constitutes acceptance of the updated policy.