Privacy Policy

1. Introduction asyncz ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our comprehensive scheduling platform services, including appointment management, team collaboration, analytics, and related features. By using asyncz, you consent to the practices described in this policy. 2. Information We Collect 2.1 Personal Information • Account information (name, email address, phone number, professional title) • Business information (company name, address, business type, industry classification) • Profile information, preferences, and custom settings • Payment information (processed securely through PCI-DSS compliant third-party providers) • Authentication credentials and security settings • Communication preferences and notification settings 2.2 Appointment and Scheduling Data • Appointment details (date, time, duration, type, location, procedure information) • Customer and client information entered by you or your team • Notes, comments, and attachments related to appointments • Schedule and availability information for experts and resources • Recurring appointment patterns and templates • Cancellation and rescheduling history • Blacklist and security-related appointment data 2.3 Business Operations Data • Branch and location information • Expert profiles, specializations, and work schedules • Procedure definitions, pricing, and service catalogs • User roles, permissions, and access controls • Team member information and organizational structure • Custom branding elements (logos, colors, domain settings) 2.4 Analytics and Performance Data • Booking patterns, conversion rates, and performance metrics • Dashboard usage and feature utilization statistics • Revenue tracking and financial performance data • Customer satisfaction scores and feedback • System performance and optimization metrics 2.5 Technical Information • Device information, browser type, and operating system details • IP addresses, geolocation data, and network information • Log files, error reports, and system diagnostics • Cookies, session tokens, and similar tracking technologies • API usage logs and integration data • Security event logs and access patterns 2.6 Communication Data • Email communications and notification history • Support tickets, chat logs, and customer service interactions • Survey responses and feedback submissions • Marketing communication preferences and engagement data 3. How We Use Your Information 3.1 Core Service Provision • Provide and maintain our scheduling platform and all associated features • Process appointments, manage calendars, and coordinate schedules • Enable team collaboration and multi-user access management • Generate analytics, reports, and business insights • Facilitate integrations with third-party calendar and business systems 3.2 Communication and Support • Send appointment confirmations, reminders, and notifications • Provide customer support and technical assistance • Respond to inquiries and resolve service issues • Deliver system updates and important service announcements 3.3 Service Improvement and Security • Analyze usage patterns to improve our services and develop new features • Ensure platform security, prevent fraud, and detect malicious activity • Maintain blacklist protection and automated security measures • Perform system maintenance, backups, and disaster recovery • Conduct quality assurance and performance optimization 3.4 Legal Compliance and Business Operations • Comply with applicable laws, regulations, and legal obligations • Process payments and maintain financial records • Enforce our Terms of Service and other agreements • Protect our rights, property, and legitimate business interests 3.5 Marketing Communications (With Consent) • Send promotional materials about new features and services • Provide educational content and best practices • Invite participation in surveys, beta programs, and user research • Share industry insights and relevant business content 4. Information Sharing and Disclosure 4.1 We may share your information with: • Authorized service providers and subprocessors who assist in platform operations under strict confidentiality agreements • Payment processors and financial institutions for secure transaction processing • Analytics and infrastructure providers to maintain and improve our services • Legal authorities when required by law, court order, or to protect rights and safety • Professional advisors (lawyers, accountants, auditors) under confidentiality obligations • Potential acquirers in the event of a merger, acquisition, or business transfer (with prior notice) 4.2 We strictly do not: • Sell, rent, or lease your personal information to third parties for commercial purposes • Share customer appointment data or business information without explicit consent • Use your data for advertising or marketing by third parties • Provide access to your data to unauthorized parties or competitors • Share sensitive business information outside of necessary operational requirements 4.3 Data Minimization Principle We share only the minimum amount of information necessary to accomplish the specific purpose, and we require all recipients to maintain appropriate security measures and use restrictions. 5. Data Security We implement comprehensive, industry-leading security measures to protect your information: 5.1 Technical Safeguards • End-to-end SSL/TLS encryption (minimum TLS 1.2) for all data transmission • AES-256 encryption for data storage and backups • Multi-factor authentication and advanced access controls • Regular penetration testing and vulnerability assessments • Intrusion detection and prevention systems • Secure API endpoints with rate limiting and authentication 5.2 Operational Safeguards • Regular security audits and compliance assessments • Employee security training and background checks • Incident response procedures and breach notification protocols • Regular automated backups with geographic redundancy • Disaster recovery and business continuity planning • Secure development lifecycle and code review processes 5.3 Compliance Standards • SOC 2 Type II compliance for security and availability • GDPR compliance for EU data protection requirements • ISO 27001 security management standards alignment • PCI DSS compliance for payment processing • Regular third-party security certifications and audits 6. Your Rights and Choices 6.1 Access and Control Rights • View, update, and correct your personal information through your account settings • Download your data in portable formats (JSON, CSV, PDF) • Delete your account and associated data (with 30-day grace period) • Control notification preferences and communication settings • Manage team member access and permissions • Export appointment data and business records 6.2 GDPR Rights (EU/EEA Residents) • Right to access your personal data and receive information about processing • Right to rectification of inaccurate or incomplete data • Right to erasure ("right to be forgotten") under applicable circumstances • Right to restrict processing when certain conditions are met • Right to data portability in structured, machine-readable formats • Right to object to processing based on legitimate interests • Right to withdraw consent for consent-based processing • Right to lodge complaints with supervisory authorities 6.3 CCPA Rights (California Residents) • Right to know what personal information is collected and how it's used • Right to delete personal information (subject to certain exceptions) • Right to opt-out of the sale of personal information (we do not sell data) • Right to non-discrimination for exercising privacy rights 6.4 Exercising Your Rights To exercise any of these rights, contact us at [email protected] or through your account settings. We will respond to verified requests within 30 days (or as required by applicable law). Identity verification may be required for security purposes. 7. Data Retention We retain your information for as long as necessary to provide our services, comply with legal obligations, and protect our legitimate business interests. Our specific retention periods are: • Active account data: Retained while account is active plus 30 days after deletion request • Appointment and scheduling data: 3 years after appointment completion for business continuity • Financial and payment records: 7 years for tax compliance and audit requirements • Analytics and aggregated data: 5 years for business intelligence and service improvement • System logs and security data: 12 months for security monitoring and incident response • Marketing communication data: Until unsubscribe request or 2 years of inactivity • Support and communication records: 3 years for quality assurance and dispute resolution 7.1 Data Deletion Process Upon account deletion or data retention period expiration, we securely delete or anonymize your data using industry-standard methods. Some information may be retained in anonymized form for statistical purposes or as required by law. 8. International Data Transfers Your information may be transferred to and processed in countries other than your own, including the United States and European Union. We ensure appropriate safeguards are in place for all international transfers: • Standard Contractual Clauses (SCCs) approved by the European Commission • Adequacy decisions by relevant data protection authorities • Binding Corporate Rules for intra-group transfers • Certification schemes and approved codes of conduct • Additional security measures for transfers to countries without adequacy decisions 8.1 Primary Data Processing Locations • European Union (primary data centers in Germany and Ireland) • United States (backup and disaster recovery facilities) • United Arab Emirates (regional processing and support) 9. Children's Privacy Our services are designed for business use and are not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected such information without proper parental consent, we will take immediate steps to delete it and terminate any associated accounts. 10. Cookies and Tracking Technologies We use cookies and similar technologies to enhance your experience and analyze platform usage: 10.1 Essential Cookies Required for basic platform functionality, authentication, and security. These cannot be disabled. 10.2 Functional Cookies Remember your preferences and settings to improve your experience. 10.3 Analytics Cookies Help us understand how you use our platform to improve performance and features. 10.4 Cookie Management You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may limit platform functionality. 11. Updates to This Policy We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated through email notifications and prominent in-app notices at least 30 days before they take effect. Your continued use of asyncz after changes become effective constitutes acceptance of the updated policy. 11.1 Version Control Previous versions of this policy are archived and available upon request. We maintain a change log documenting all material modifications. 12. About asyncz asyncz is a comprehensive scheduling and business management platform developed and operated by Deviofy, a technology company specializing in business automation, scheduling solutions, and enterprise software development. Product: asyncz - Comprehensive Scheduling Platform Developer & Data Controller: Deviofy Technology Solutions Business Type: Software as a Service (SaaS) Platform Registered Address: IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates Data Protection Officer: [email protected] 13. Contact Information If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us through the following channels: Privacy Email: [email protected] General Inquiries: [email protected] Postal Address: asyncz by Deviofy, Privacy & Legal Team, IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates Phone: +971 4 123 4567 Response Time: We respond to privacy inquiries within 72 hours 13.1 EU Representative For EU residents, our European representative can be contacted at: [email protected] 14. Effective Date and Jurisdiction This Privacy Policy is effective as of January 15, 2025. This policy is governed by the laws of the United Arab Emirates and the European Union General Data Protection Regulation (GDPR) where applicable. Any disputes will be resolved in accordance with the jurisdiction specified in our Terms of Service.