Privacy Policy

1. Data Collection & Fiduciary

At Pynath Booking, operated by Pynath Technologies Private Limited (Data Fiduciary / Data Controller), we collect information necessary to provide you with scheduling automation services. This includes:

• Profile Data: Name, email address, and company or business details provided during registration.
• Authentication Data: Credentials used to sign in, including passwords, passkeys, or social login identifiers. Passwords are hashed and never stored in plain text.
• Contact Details: Phone numbers and addresses used for business profile configuration.
• Booking Data: Information about scheduled appointments, including guest names, emails, service details, and timestamps.
• Financial Data: Subscription plan status and payment history. Card or bank account details are processed by our payment provider and never stored on our servers.
• Technical Data: IP address, browser type, device information, and usage patterns collected for security monitoring and abuse prevention.

2. How We Use Your Data

We use the collected data for the following purposes:

• To provide, maintain, and improve our scheduling services.
• To process payments and manage your subscription.
• To send transactional notifications regarding bookings, cancellations, and account activities.
• To ensure the security of our platform, detect fraud, and prevent abuse.
• To comply with legal obligations and respond to lawful requests.

We do not use your data for advertising, profiling, or selling to third parties.

3. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to any third parties for marketing or advertising purposes. We share information only with categories of trusted service providers essential to operating the Platform:

• Payment Processors: Receive your name, email, and payment details solely to process subscription payments and manage billing. Our payment partners are PCI-DSS compliant. We do not store your card or bank account details on our servers.
• Cloud Infrastructure Providers: Host our databases, handle authentication, and provide the computing infrastructure that powers the Platform. Your data is stored in encrypted, access-controlled environments.
• Email Delivery Services: Receive email addresses and booking details to deliver transactional notifications (e.g., booking confirmations, reminders, and password resets). No marketing emails are sent via these services without your explicit consent.
• Security and Performance Services: Process anonymized or pseudonymized technical data (e.g., IP hashes, request metadata) for rate limiting, DDoS protection, and abuse prevention. No personally identifiable information is stored by these services.

What We Never Share

• Your customer lists, booking histories, or revenue data with any third party.
• Personal data with advertisers, data brokers, or analytics platforms.
• Data with government agencies unless compelled by a valid legal order from an Indian court or competent authority.

Service Provider Accountability

All third-party service providers are contractually bound to process your data only for the specific purposes we instruct. We regularly review our service providers to ensure they meet our security and privacy standards. A current list of service providers can be made available upon written request to [email protected].

International Data Transfers

Some of our service providers may process data in regions outside India. In such cases, we aim to ensure adequate safeguards are in place as part of our privacy-first design.

Note: We currently do not synchronize data with external calendars or third-party applications. Any future integrations will require your explicit consent before any data is shared.

4. Cookies

We use essential cookies only for session management and authentication. These cookies are strictly necessary for the Platform to function correctly and do not track your activity across other websites. We do not use advertising, analytics, or tracking cookies.

By using our service, you consent to the use of these essential cookies. You may disable cookies in your browser, but this may prevent you from accessing the Platform.

5. Data Retention and Deletion

We retain your data as long as your account is active or as needed to provide our services. Specifically:

• Active accounts: Data is retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
• Financial records: Retained for a minimum of 8 years as required by Indian tax and accounting regulations.
• Activity logs: Retained for 7 days (Free Plan) or 1 year (Pro Plan), then automatically purged.
• Technical logs: Security-related logs are retained for up to 90 days for incident investigation purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest.
• Secure access controls with role-based permissions.
• Passkey and biometric authentication support.
• Regular security assessments and vulnerability scanning.
• Rate limiting and DDoS protection on all endpoints.

7. Your Rights

We aim to support the following data protection principles as part of our commitment to user privacy:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Update or correct inaccurate personal data via your dashboard settings.
• Right to Erasure: Request deletion of your account and associated data.
• Right to Data Portability: Export your data in machine-readable format (JSON) from your dashboard.
• Right to Withdraw Consent: Withdraw consent for optional data processing at any time.
• Right to Grievance Redressal: File a complaint with us or with the Data Protection Board of India.

To exercise any of these rights, contact us at [email protected] or use the self-service options in your dashboard settings.

8. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a child's data has been collected without parental consent, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 15 days before they take effect. Continued use of the Platform after the effective date constitutes your acceptance of the updated policy.