Legal
Last updated: May 2026 · Effective: May 2026
This Privacy Policy explains how Calendyfy (“we”, “us”, or “our”) collects, uses, shares, and protects information about you when you use our platform. By using Calendyfy, you agree to the practices described in this policy.
When you register as a business owner, we collect your full name, email address, phone number, business name, and country of operation.
When customers make bookings through Calendyfy, we collect the customer's name, email address, phone number, selected service or space, and appointment date and time.
We process payments through Paystack (Nigerian businesses) and Paddle (international businesses). We do not store your full card details. Payment data is handled directly by our payment processors in accordance with their respective security standards.
We collect information about how you interact with the Calendyfy platform, including pages visited, features used, and actions taken within your dashboard.
We store records of notifications sent to you and your customers via email and WhatsApp, including booking confirmations, reminders, and cancellation notices.
We use your information to operate the Calendyfy platform: processing bookings, preventing scheduling conflicts, sending notifications, and facilitating payments between businesses and customers.
We send transactional messages related to your account and bookings, including OTP verification codes, booking confirmations, appointment reminders, payout notifications, and platform updates.
We use aggregated and anonymised usage data to improve the platform, fix bugs, and develop new features. Individual user data is never sold to third parties.
We use transaction data to calculate and apply our 1.4% platform commission on each booking, and to process payout requests from business owners.
Used to process payments for Nigerian businesses. Paystack handles card data under PCI-DSS compliance. Their privacy policy applies to data shared with them during payment processing.
Used to process international payments and subscriptions. Paddle acts as the Merchant of Record for international transactions.
Used to send booking notifications via WhatsApp. Messages are routed through Meta's infrastructure. Meta's data policy applies to WhatsApp communications.
Used to send transactional emails. Email content and recipient data is processed by Mailjet in accordance with their privacy policy.
Used to store and serve business logos, banners, and space photos uploaded by Pro plan users.
Available as an optional integration. If you connect your Google Calendar, we access only your calendar events to sync confirmed bookings. We store your OAuth tokens in encrypted form and never read unrelated calendar data.
Used to power the AI booking assistant. Customer messages and voice inputs processed through these services are used only for the purpose of facilitating bookings and are not retained for training purposes.
When a customer makes a booking through a business's Calendyfy page, the business owner can see the customer's name, contact details, and booking information.
Customers receive confirmation of their booking details. Business contact information is shared to allow customers to reach the business if needed.
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
We may disclose information if required to do so by law or in response to a valid request from a governmental authority.
We retain your account information for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required for legal or financial compliance purposes.
Booking and payment records are retained for a minimum of 5 years for financial and tax compliance purposes.
Records of sent notifications are retained for 12 months.
We use industry-standard security practices including HTTPS encryption in transit, hashed passwords, encrypted OAuth token storage, and access-controlled infrastructure.
While we take reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
You may request a copy of the personal data we hold about you and ask us to correct any inaccuracies.
You may request deletion of your account and associated personal data. Certain data may be retained as required by law.
Where processing is based on consent (e.g. Google Calendar integration), you may withdraw consent at any time by disconnecting the integration from your dashboard.
To exercise any of these rights, contact us at privacy@calendyfy.com.
We use session cookies to maintain your login state. These are essential for the platform to function and cannot be disabled.
We do not use third-party advertising or tracking cookies.
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on the platform. Continued use of Calendyfy after changes become effective constitutes your acceptance of the revised policy.
If you have any questions about this Privacy Policy, please contact us at privacy@calendyfy.com or write to: Calendyfy, Lagos, Nigeria.