Legal
Privacy Policy
Your privacy matters to us. This policy explains how Calenxo collects, uses, and protects your personal data in compliance with GDPR and the POPI Act.
Last updated: March 2026
Contents
Information We Collect
We collect information in several ways depending on how you interact with Calenxo:
Account Information
When you sign up, we collect your name, email address, phone number, and password. Business owners also provide business name, address, operating hours, and service details.
Customer Data
On behalf of our business clients, we store end-customer names, contact details, booking history, and service preferences. Business clients are the data controllers for this information.
Communication Data
Messages processed through our WhatsApp integration, including booking requests, confirmations, and reminders. We do not read or use message content for purposes other than providing the service.
Usage & Technical Data
We automatically collect device information, IP addresses, browser type, pages visited, and feature usage patterns to improve our service. This data is anonymized where possible.
Payment Information
Payment processing is handled by Stripe. We do not store your full credit card details. We retain only the last four digits and expiry date for reference purposes.
How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: Processing bookings, sending confirmations and reminders, and managing schedules
- Account management: Authenticating users, managing subscriptions, and providing customer support
- Platform improvement: Analyzing usage patterns to improve features, fix bugs, and optimize performance
- Communication: Sending service-related notifications, product updates, and marketing communications (with your consent)
- Security: Detecting and preventing fraud, abuse, and unauthorized access
- Legal compliance: Meeting our obligations under applicable laws and regulations
We process your data based on one or more of the following legal bases: your consent, performance of a contract, our legitimate interests, or compliance with a legal obligation.
Data Sharing & Third Parties
We do not sell your personal data. We share data only in the following limited circumstances:
- Service providers: We work with trusted third parties who assist in operating our platform, including cloud hosting (Vercel, Neon), payment processing (Stripe), email delivery, and messaging services (WhatsApp Business API).
- Business clients: End-customer data is accessible to the business that the customer booked with. Each business can only access their own customers' data.
- Legal requirements: We may disclose information when required by law, court order, or governmental authority.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
All third-party service providers are bound by data processing agreements and are required to handle your data in accordance with this policy and applicable data protection laws.
Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| Booking records | As configured by business (default: 2 years) |
| WhatsApp messages | 90 days |
| Usage analytics | 12 months (anonymized) |
| Payment records | 7 years (legal requirement) |
When data is no longer needed, it is securely deleted or anonymized. Business administrators can configure custom retention periods for customer data within the platform.
Your Rights
Under GDPR, the POPI Act, and other applicable data protection laws, you have the following rights:
Access
Request a copy of the personal data we hold about you
Rectification
Request correction of inaccurate or incomplete data
Erasure
Request deletion of your personal data ("right to be forgotten")
Restriction
Request that we limit how we process your data
Portability
Receive your data in a structured, machine-readable format
Objection
Object to processing based on legitimate interests or direct marketing
To exercise any of these rights, contact us at privacy@calenxo.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Data Security
We take the security of your data seriously and implement industry-standard measures to protect it:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls ensure users can only access data relevant to their role
- Multi-tenant data isolation prevents cross-tenant data access
- Regular security audits and vulnerability assessments
- Automated monitoring for suspicious activity and unauthorized access attempts
- Secure backup procedures with encrypted offsite storage
While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@calenxo.com.
International Data Transfers
Calenxo operates globally, and your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all service providers
- Compliance with POPI Act requirements for cross-border transfers
Children's Privacy
Calenxo is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. When we make material changes:
- We will notify registered users by email at least 30 days before changes take effect
- We will update the "Last updated" date at the top of this page
- For significant changes, we may display a prominent notice on our platform
Continued use of Calenxo after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have questions about this privacy policy or how we handle your data, we're here to help: