Privacy Policy

Introduction

This privacy notice ("Privacy Notice") describes how KronoSync ("we", "us", or "our") collect, use, and disclose your Personal Data in the course of our business. Throughout this document, we will use a few defined terms.

"Personal Data" when used in this Privacy Notice means any data relating to an identified or identifiable natural person that is processed by us as described in this Privacy Notice when such information is protected as "personal data" or "personal information" or a similar term under applicable data protection laws.

"Services" when used in this Privacy Notice means all of our websites, applications (including, but not limited to, mobile and web applications), tools, platforms, and services offered by us.

"Website" when used in this Privacy Notice means our website and any other proprietary website owned by us or that we have the authority to manage and control and which link to this Privacy Policy.

Applicability of this Privacy Notice

This Privacy Notice applies when we are acting as a data controller with respect to the Personal Data of website visitors, prospects, customers, and end users. A data controller is the person or company that decides how and why Personal Data is processed. This Privacy Notice does not apply to Personal Data that we process on behalf of our customers or their authorized users ("Customer Data"), which is generally governed by our customer agreements.

Controller vs. Processor

We act as a data controller when:

• Processing information about our website visitors and prospects
• Managing customer accounts and billing information
• Providing customer support and communications
• Marketing our services

We act as a data processor when processing Customer Data on behalf of our customers through our Services.

Information We Collect

Customer Account Information

When you create an account or use our Services, we collect:

• Identity Information: Name, email address, phone number, and other contact details
• Account Credentials: Username, encrypted passwords, and authentication tokens (managed by Clerk)
• Profile Information: Profile pictures, bio, timezone, and preferences
• Business Information: Company name, job title, and business contact details

Billing and Payment Information

For paid services, we collect billing information through our payment processor (Stripe):

• Billing Details: Name, billing address, and tax identification numbers
• Payment Information: Credit card details, payment method preferences (processed and stored by Stripe)
• Transaction Data: Payment history, invoices, and transaction records

We do not store complete payment card information on our servers. Payment processing is handled by Stripe in compliance with PCI DSS standards.

Service Usage Data

When you use our Services, we automatically collect:

• Usage Information: How you interact with our Services, features used, and activity logs
• Device Information: Device type, operating system, browser type and version
• Technical Data: IP addresses, session identifiers, and access times
• Performance Data: Page load times, error reports, and diagnostic information

Communications and Marketing

• Email Communications: Records of emails sent and received, including support communications
• Marketing Preferences: Communication preferences and marketing consent status
• Survey Data: Responses to surveys, feedback forms, and user research

Third-Party Integrations

When you connect third-party services to your account:

• Google Calendar: Calendar events, availability, and synchronization data
• Authentication Services: Information from Clerk for identity verification
• Integration Data: Data exchanged with connected services and APIs

Customer Data

Customer Data includes any Personal Data that you or your authorized users submit, upload, or create using our Services. This may include:

• Appointment and booking information
• Client and customer contact details
• Calendar events and scheduling data
• Files, documents, and attachments
• Custom forms and responses
• Communications and messages

How We Use Your Information

We use the information we collect for the following purposes:

Service Provision

• Providing, operating, and maintaining our Services
• Processing appointments, bookings, and payments
• Synchronizing calendars and managing schedules
• Sending notifications and reminders
• Facilitating team collaboration and invitations

Account Management

• Creating and managing user accounts
• Authenticating users and preventing unauthorized access
• Processing subscription and billing activities
• Providing customer support and technical assistance

Communications

• Responding to inquiries and support requests
• Sending service-related notifications and updates
• Delivering marketing communications (with consent)
• Conducting user research and gathering feedback

Legal and Business Operations

• Complying with legal obligations and regulatory requirements
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service and other agreements
• Supporting business transfers and corporate transactions

Information Sharing and Disclosure

We may share your Personal Data in the following circumstances:

Service Providers

We share information with trusted service providers who assist us in operating our Services:

• Clerk: Authentication and user management services
• Stripe: Payment processing and billing services
• Google: Calendar integration and synchronization
• Email Providers: Transactional and marketing email services
• Cloud Infrastructure: Hosting, storage, and computing services

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, subpoenas, or court orders
• Respond to government requests or regulatory inquiries
• Protect our rights, property, or safety
• Prevent fraud or investigate security incidents

Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to confidentiality obligations.

With Your Consent

We may share information for any other purpose with your explicit consent or at your direction.

Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

• Encryption of data in transit and at rest using industry-standard protocols
• Secure authentication systems managed by Clerk
• Regular security assessments and vulnerability testing
• Access controls and multi-factor authentication for administrative systems

Organizational Measures

• Employee training on data protection and privacy practices
• Limited access to Personal Data on a need-to-know basis
• Regular review and update of security policies and procedures
• Incident response procedures for data breaches

Payment Security

Payment information is processed by Stripe, which maintains PCI DSS Level 1 compliance—the highest level of certification in the payments industry.

Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law.

Retention Periods

• Account Data: Retained while your account remains active and for a reasonable period after account closure
• Payment Data: Retained according to tax and accounting requirements (typically 7 years)
• Usage Data: Typically retained for 2-3 years for analytics and improvement purposes
• Customer Data: Retention controlled by our customers through their account settings

Data Deletion

You may request deletion of your Personal Data at any time, subject to legal and contractual obligations. We will respond to deletion requests within 30 days.

Your Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your Personal Data:

Access and Portability

• Request access to your Personal Data
• Obtain a copy of your data in a portable format
• Export your Customer Data through our Services

Correction and Updates

• Update your account information and preferences
• Correct inaccurate or incomplete Personal Data
• Modify your communication preferences

Deletion and Restriction

• Request deletion of your Personal Data
• Restrict processing of your information
• Object to certain types of processing

Marketing Communications

You can opt out of marketing communications at any time by:

• Using the unsubscribe link in marketing emails
• Updating your preferences in your account settings
• Contacting us directly at hello@kronosync.com

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

• Right to Know: Request information about the categories and specific pieces of Personal Data we collect
• Right to Delete: Request deletion of your Personal Data, subject to certain exceptions
• Right to Opt-Out: Opt out of the sale of Personal Data (we do not sell Personal Data)
• Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

Categories of Personal Data

Over the past 12 months, we have collected the following categories of Personal Data:

• Identifiers (name, email, phone number)
• Commercial information (transaction history, payment details)
• Internet activity (usage data, device information)
• Professional information (job title, company details)

How to Exercise Your Rights

To exercise your CCPA rights, please contact us at hello@kronosync.com with the subject line "[Your Name] - CCPA Exercise" or use our privacy request form. Please include your full name, email address associated with your account, and specify which rights you wish to exercise. We will verify your identity and respond within 45 days.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and we may require you to verify your identity directly.

Appeal Process

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at hello@kronosync.com.

Dispute Resolution

Any disputes arising from this Privacy Notice or our data practices will be subject to the dispute resolution and arbitration provisions set forth in our Terms of Service, including mandatory arbitration and class action waiver provisions. Please review our Terms of Service for complete details on how disputes will be resolved.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and gather information about usage patterns:

Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Analytics Cookies: Help us understand how you use our Services
• Preference Cookies: Remember your settings and customizations
• Authentication Cookies: Maintain your login session (managed by Clerk)

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect Personal Data from children under 13. If we become aware that we have collected Personal Data from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at hello@kronosync.com.

Data Breach Notification

In the event of a data breach that may adversely affect your Personal Data, we will:

• Notify affected users within 72 hours when feasible
• Provide details about the nature and scope of the breach
• Describe steps taken to address the breach
• Offer guidance on protective measures you can take
• Comply with applicable breach notification laws

Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, Services, or applicable laws. When we make changes, we will:

• Update the "Last Updated" date at the top of this notice
• Notify users of material changes via email or in-app notification
• Provide a clear summary of key changes
• Allow a reasonable period for review before changes take effect

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Notice.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our privacy practices, please contact us:

We will respond to privacy-related inquiries within 30 days of receipt.