LashBoss

Privacy Policy

Last updated: May 20, 2024 • Version 2.0

VGPD/CCPA/LGPD Compliant
This Privacy Policy explains how we collect, use, and protect your personal information. By using our services, you consent to the data practices described in this policy.

1. Data Collected

1.1 Scheduling Data

We collect and store the following information to facilitate scheduling services:

  • Customer's full name
  • Contact information (email and WhatsApp number)
  • History of scheduled services
  • Schedule preferences and availability
  • Service history and preferences

1.2 Payment Data

Payment information is processed securely via our payment processors (Stripe/PagSeguro):

  • Last 4 digits of payment cards
  • Transaction IDs and references
  • Payment status and history
  • Billing addresses

We do not store complete payment card details on our servers at any time.

1.3 Technical Data

We automatically collect certain technical information when you use our platform:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and features used
  • Time and duration of visits
  • Referring websites or sources

2. How We Use Your Data

We use the collected information for the following purposes:

  • Optimize appointment suggestions via machine learning
  • Send automatic appointment reminders and notifications
  • Generate financial and business performance reports
  • Improve our services and user experience
  • Provide customer support and troubleshooting
  • Prevent fraud and ensure platform security

Our AI-powered features use anonymized data to provide personalized recommendations and insights, helping businesses optimize their scheduling and operations.

3. Sharing with Third Parties

We share your data only with essential service providers:

  • Payment processors (Stripe, PagSeguro)
  • SMS/Email notification providers
  • AWS hosting services (located at US East (N. Virginia))
  • Analytics and error tracking services

Data Flow

SOURCES
Calendar
Payments
CRM
DESTINATIONS
AWS S3
Stripe
Twilio

All third-party service providers are required to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than providing services to us.

4. User Rights

Under applicable data protection laws (LGPD, GDPR, CCPA), you have the right to:

  • Export all your appointments and client data in CSV format
  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Revoke access to integrations and third-party connections
  • Object to processing of your data
  • Request restriction of processing
  • Data portability

To exercise these rights, please contact us at support@schedoon.comor through your account settings.

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods:

  • Account information: For the duration of your account plus 30 days after deletion
  • Appointment data: 7 years for tax and legal compliance
  • Payment information: 7 years for financial record-keeping
  • Technical logs: 90 days

After the retention period expires, we will securely delete or anonymize your data.

6. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for account access
  • Regular security audits and vulnerability testing
  • Employee access controls and training
  • Data backup and disaster recovery procedures

While we take all reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Cookies & Tracking

Our platform uses cookies and similar technologies to enhance functionality and user experience:

  • Essential cookies: Required for basic platform functionality
  • Functionality cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand how users interact with our platform
  • Marketing cookies: Used to deliver relevant advertisements

You can manage cookie preferences through your browser settings. Disabling certain cookies may impact your experience on our platform.

8. Changes to Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes:

  • We will notify users via email
  • We will post a notice on our platform
  • We will update the "Last Updated" date at the top of this policy

We encourage you to review this policy regularly. Continued use of our services after policy changes constitutes acceptance of the updated terms.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

  • Email: support@schedoon.com
  • Postal address: Av. Paulista, 1000, São Paulo, SP, Brazil
  • Phone: +55 (11) 3000-0000

We are committed to resolving any complaints about our collection or use of your personal data. If you have a complaint, please contact us first.

10. Change History

Document Change History

Version 2.0 (2024-05-20)

  • Updated to comply with LGPD regulations
  • Added Data Flow Diagram
  • Expanded user rights section

Version 1.1 (2024-02-10)

  • Added information about AI data processing
  • Updated third-party service providers list
  • Clarified data retention periods

Version 1.0 (2024-01-10)

  • Initial privacy policy document