Privacy Policy

Version and effective date: June 12, 2026

Política de Privacidad

Versión y fecha de vigencia: 12 de junio de 2026

Important: Privacy requirements depend on where Chroify and its users operate. This policy should be reviewed as Chroify expands into new jurisdictions or introduces materially different data uses.

This Privacy Policy explains how Chroify processes personal information when people use the Service. Business customers generally act as controllers of Customer Data; Chroify generally processes that data to provide the Service.

1. Information collected

We process account details such as name, email, phone, authentication identifiers, role, and consent records; business and client records; appointments, messages, support requests, invoices, receipts, and reviews; transaction and subscription information from payment providers; and technical information such as device/browser details, logs, approximate location derived from IP, security events, and usage data.

2. Sources and purposes

Information comes from users, their organizations, clients making bookings, service providers, and automated use of the Service. We use it to authenticate users; provide bookings and business workflows; process payments; communicate; prevent fraud and abuse; secure, troubleshoot, analyze, and improve the Service; comply with law; and establish or defend legal claims.

3. Legal bases

Where required, processing relies on contract performance, legitimate interests, consent, and legal obligations. Business customers are responsible for identifying their lawful basis and providing required notices for Customer Data they control.

4. Sharing and subprocessors

Information may be shared with authorized business users, clients as directed by the business, and vendors supporting hosting, database/authentication, payments, communications, analytics, security, and support. Current core providers may include Supabase, Vercel, and Stripe. We may also disclose information for legal compliance, safety, corporate transactions, or with consent. We do not sell personal information for money.

5. Retention

We retain information while needed to provide the Service, meet contractual and legal obligations, resolve disputes, enforce agreements, and maintain security. Retention depends on data type, account status, legal requirements, and backup cycles. Consent and legal acceptance records may be retained as evidence after account closure where lawful.

6. Security and incidents

We use reasonable safeguards including authentication, access controls, encryption provided by infrastructure vendors, row-level database policies, and logging. No security method is perfect. If a qualifying personal-data breach occurs, Chroify will investigate and provide notifications required by applicable law. Users must promptly report suspected incidents and protect their credentials.

7. International transfers

Information may be processed in countries different from where users live. Where required, we use recognized transfer mechanisms and contractual safeguards through our providers.

8. Privacy choices and rights

Depending on location, individuals may have rights to access, correct, delete, restrict, object, port, or withdraw consent, and may appeal or complain to a regulator. Requests concerning Customer Data should usually be directed first to the relevant business customer. We may verify identity and retain information where legally permitted or required.

9. Children and sensitive data

The Service is not directed to children under 18. Do not submit highly sensitive or specially regulated information unless authorized and appropriate safeguards and agreements are in place.

10. Cookies, local storage, and masked analytics

The browser app uses essential local storage and authentication/session technologies to maintain language preferences, secure sign-in, and provide requested application features. Chroify uses Microsoft Clarity on public marketing pages to understand visits and improve website usability. Signup forms are marked for masking. For authenticated owners, workers, and clients, Clarity does not begin recording the application until the user accepts this Privacy Policy. Authenticated application content is marked for masking, no Chroify account email or user identifier is intentionally sent to Clarity, and strict masking must remain enabled in Clarity. Superadmin sessions are excluded. Clarity may process device, browser, interaction, approximate-location, and usage information as described by Microsoft. Where applicable law requires a different consent mechanism, Chroify will provide it.

11. Changes and contact

We may update this policy and will notify users of material changes as required. Send privacy requests to privacy@chroify.com, suspected security incidents to security@chroify.com, and general support requests to support@chroify.com.

Importante: Esta traducción facilita la comprensión. Esta política debe revisarse cuando Chroify se expanda a nuevas jurisdicciones o introduzca usos de datos materialmente diferentes.

Chroify procesa datos de cuenta, negocio, clientes, citas, mensajes, pagos y uso técnico para proporcionar, proteger y mejorar el Servicio, cumplir la ley y gestionar reclamaciones.

Responsabilidades y derechos

Los negocios generalmente controlan los datos de sus clientes y deben contar con una base legal. Dependiendo de su ubicación, las personas pueden solicitar acceso, corrección, eliminación, restricción o portabilidad.

Análisis de uso enmascarado

Microsoft Clarity comienza en las páginas públicas de marketing para ayudarnos a entender el uso del sitio. Los formularios de registro están marcados para enmascararse. En la aplicación autenticada, Clarity comienza solamente después de que el propietario, trabajador o cliente acepte esta Política de Privacidad. El contenido autenticado permanece enmascarado y las sesiones de superadministrador están excluidas.

Seguridad e incidentes

Usamos medidas razonables de seguridad, pero ningún sistema es perfecto. Investigaremos incidentes y enviaremos las notificaciones exigidas por la ley aplicable.

Contacto

Solicitudes de privacidad: privacy@chroify.com. Incidentes de seguridad: security@chroify.com. Soporte general: support@chroify.com.

Texto completo

La versión inglesa contiene la política completa. En caso de conflicto, la versión inglesa controla en la medida permitida por la ley aplicable.

Chroify · Privacy version 2026-06-12