1. Introduction

Scheduler ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling software service (the "Service") accessed via our website at scheduler.so and our web application.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are the data controller for the purposes of data protection law.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, phone number, and password when you create an account
• Profile Information: Business details, scheduling preferences, time zone, and calendar settings
• Payment Information: Billing address and payment method details (processed securely through Stripe)
• Communication Data: Messages sent through our contact forms, support tickets, and customer service interactions
• Content Data: Appointment details, customer information, booking forms, and scheduling data you input into our system

2.2 Information We Collect Automatically

• Usage Data: How you interact with our Service, including pages visited, features used, and time spent
• Device Information: IP address, browser type, operating system, device identifiers, and mobile carrier
• Location Data: General location information based on IP address for drive time calculations and appointment optimisation
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies

2.3 Information from Third Parties

• CRM Integration Data: Customer information, contact details, and appointment history from connected CRM systems (such as Zoho CRM)
• Calendar Integration: Calendar events and availability from connected calendar services
• Authentication Services: Profile information when you use third-party login services

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• Providing and maintaining our scheduling software service
• Managing your account and user profile
• Processing and managing appointments and bookings
• Optimizing drive times and scheduling efficiency
• Integrating with your CRM and calendar systems

3.2 Communication

• Sending appointment confirmations, reminders, and notifications
• Providing customer support and responding to inquiries
• Sending important service updates and security notices
• Marketing communications (with your consent)

3.3 Business Operations

• Processing payments and billing
• Analyzing usage patterns to improve our Service
• Conducting research and development
• Ensuring security and preventing fraud
• Complying with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: Processing necessary to perform our contract with you or to take steps at your request before entering into a contract
• Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our Service and ensuring security
• Consent: Where you have given specific consent for certain processing activities
• Legal Obligation: Processing necessary to comply with our legal obligations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

• Payment Processing: Stripe for secure payment processing
• Cloud Hosting: Trusted cloud service providers for data hosting and storage
• Analytics: Analytics services to understand how our Service is used
• Customer Support: Third-party customer support tools and services

5.2 Legal Requirements

We may disclose your information when required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit and at rest using industry-standard protocols
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Employee training on data protection and security practices
• Incident response procedures for data breaches

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records for legitimate purposes

Account data is typically retained for 3 years after account closure. Payment records are retained for 7 years as required by UK law.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@scheduler.so.

9. International Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the UK government
• Binding corporate rules
• Certification schemes and codes of conduct

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Authenticate your identity
• Analyze how our Service is used
• Provide personalized content

You can control cookies through your browser settings. Some features may not function properly if cookies are disabled.

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, at ico.org.uk.