Privacy Policy

Last Updated: January 8, 2026

1. Introduction

Welcome to Citaspace. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our appointment scheduling platform.

Citaspace ("we," "us," or "our") operates the website and application located at citaspace.com (the "Service"). This policy applies to all users including service providers (businesses) and their clients.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

  • Account Information: Name, email address, phone number, password, business name, and profile information
  • Business Profile: Business hours, services offered, pricing, specialties, location, website, and social media links
  • Booking Information: Appointment dates, times, service selections, client details, and notes
  • Payment Information: Processed securely through Stripe and PayPal (we do not store full credit card numbers)
  • Communications: Messages, support requests, and feedback you send us
  • Media: Profile photos, business logos, and service images you upload

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: Session cookies, authentication tokens, and analytics data (see our Cookie Policy)
  • Location Data: General location based on IP address (not precise GPS)

2.3 Third-Party Integrations

When you connect third-party services:

  • Google Calendar: Calendar access to sync appointments
  • Payment Processors: Stripe and PayPal transaction data
  • Email Services: AWS SES for transactional emails

3. How We Use Your Information

We use your information to:

  • Provide Services: Create accounts, process bookings, send notifications, manage calendars
  • Process Payments: Handle transactions, refunds, and billing through our payment partners
  • Communications: Send appointment reminders, confirmations, updates, and support responses
  • Improve Service: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect fraud, prevent abuse, protect user accounts
  • Compliance: Meet legal obligations, enforce our Terms of Service
  • Marketing: Send promotional emails (you can opt out anytime)

4. Data Sharing and Disclosure

4.1 Service Providers Share with Clients

When you book an appointment, your information (name, email, phone, appointment details) is shared with the service provider you're booking with.

4.2 Third-Party Service Providers

We share data with trusted partners who help us operate:

  • Payment Processing: Stripe, PayPal (PCI DSS compliant)
  • Cloud Hosting: AWS, Vercel for infrastructure
  • Email Delivery: AWS SES for transactional emails
  • Analytics: Aggregated usage statistics (no personally identifiable information)
  • Customer Support: Support ticket systems

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal processes
  • Protect our rights and property
  • Prevent fraud or security issues
  • Protect user safety

4.4 Business Transfers

If Citaspace is acquired or merged, your information may be transferred to the new entity. We'll notify you before this happens.

4.5 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Authentication: Secure password hashing (bcrypt), JWT tokens
  • Access Controls: Role-based permissions, limited employee access
  • Infrastructure: Secure cloud hosting with regular security updates
  • Monitoring: Automated threat detection and logging
  • PCI DSS Compliance: For payment card data (handled by Stripe/PayPal)

While we take reasonable measures to protect your data, no system is 100% secure. Use strong passwords and enable two-factor authentication when available.

6. Data Retention

We retain your information:

  • Active Accounts: As long as your account is active
  • Closed Accounts: Up to 90 days after account closure for backup and recovery
  • Legal Requirements: Longer if required by law (e.g., financial records for 7 years)
  • Booking History: Service providers retain their booking records; clients can request deletion

7. Your Rights and Choices

7.1 Access and Updates

You can access and update your account information anytime through your dashboard settings.

7.2 Data Portability

Request a copy of your data in a structured, machine-readable format (CSV/JSON).

7.3 Deletion Rights

Request deletion of your account and personal data. Note: Some information may be retained for legal/accounting purposes.

7.4 Marketing Opt-Out

Unsubscribe from marketing emails via the link in any promotional email. You'll still receive transactional emails (booking confirmations, etc.).

7.5 Cookie Management

Control cookies through your browser settings. See our Cookie Policy for details.

7.6 Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals.

8. Regional Privacy Rights

8.1 GDPR (European Union)

If you're in the EU, you have additional rights:

  • Right to access, rectify, or erase your data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal basis for processing: Contract performance, legitimate interests, legal compliance, consent.

8.2 CCPA (California)

California residents can request:

  • Categories of personal information collected
  • Specific pieces of personal information
  • Deletion of personal information
  • Opt-out of sale (we don't sell data)

Contact us at [email protected] to exercise these rights.

9. Children's Privacy

Citaspace is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us information, contact us immediately at [email protected] and we'll delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We use standard contractual clauses and ensure adequate safeguards are in place for international transfers.

11. Changes to This Policy

We may update this policy periodically. We'll notify you of material changes via email or a notice on our website. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions, requests, or concerns:

Email: [email protected]

Support: [email protected]

Response Time: Within 30 days

By using Citaspace, you acknowledge that you have read and understood this Privacy Policy.