Privacy Policy & Data Processing Agreement (DPA)
Effective date: May 26, 2026
Data Privacy Framework for the Transit of Personally Identifiable Information (PII). Bratislava, Slovakia.
1. INTRODUCTION AND SCOPE
1.1. This Privacy Policy and Data Processing Agreement details the stringent compliance parameters, cryptography rules, and technical data handlings executed by the Keep-Them automation architecture (hereinafter "The Processor") when handling electronic data elements submitted by the corporate user (hereinafter "The Controller") and their underlying consumer base (hereinafter "Data Subjects").
1.2. Acceptance of this document is established when the Controller completes account registration or accesses the cloud dashboard. The registration screen presents a notice — "By creating an account you agree to our Terms and Privacy Policy" — linking this document. The Processor's handling of the Controller's account data rests on performance of the service agreement, not on separate consent, so no consent checkbox is used. By accepting, the Controller confirms it holds the consumer permissions (opt-in consents) required under applicable data-privacy laws for the communications it initiates.
2. JURISDICTIONAL STATUS (DATA PROCESSING ROLES)
2.1. The Customer as the Data Controller: The Customer exercises exclusive administrative ownership over their client directories, retains full discretion regarding calendar scheduling parameters via Altegio, and independently manages the initialization of outbound communication streams.
2.2. Keep-Them as the Data Processor: The Processor acts strictly as a programmatic conduit and translation layout layer. The Processor does not harvest, permanently aggregate, index, lease, or monetize data fields routed through its server systems, executing operations exclusively under the explicit directives and automation configurations deployed by the Controller.
2.3. The Controller warrants, covers, and indemnifies the Processor against any compliance enforcement actions or user legal actions stemming from missing opt-in consents regarding transactional mobile communication channels.
3. CATEGORIZATION OF PROCESSED DATA FIELDS
3.1. Administrative Operator Elements: Data structures required to manage the platform subscription, including identity strings, e-mail addresses, verification mobile lines, subscription logs, and tokenized payment identifiers.
3.2. Volatile Consumer Payload Data: Information structures transferred via dynamic API webhooks to process scheduled events: target consumer names, mobile lines, master assignments, precise booking timestamps, category identifiers, and active confirmation state flags.
3.3. Crypto Authentication Session Files: Encrypted token strings and authorization containers needed to securely hold the Telegram Telethon runtime state and WhatsApp Web local container bindings.
4. DATA STORAGE & RETENTION
4.1. The Processor adopts a data minimization design standard. Consumer payload data is processed solely to deliver the notifications configured by the Controller and is never used for advertising, profiling, or resale.
4.2. Storage Engine: Incoming booking payloads (consumer names, mobile lines, appointment timestamps, booking states) are stored in an access-restricted PostgreSQL cluster hosted in the European Union (Germany). Sensitive artifacts — messenger session files, API tokens, and message bodies — are additionally encrypted at rest. Records are retained while the Controller's account remains active; complete erasure can be requested at any time and is executed via a dedicated erasure routine (see Section 6).
4.3. System logging layers store only operational metadata (timestamps, transmission state codes, masked identifiers) — personally identifiable information is redacted from logs and error monitoring.
5. INFRASTRUCTURE SUB-PROCESSORS
5.1. The Processor engages the following infrastructure sub-processors to operate the Service. The Controller provides general authorization for their use and will be notified before a new sub-processor is added, with a reasonable opportunity to object.
| Sub-processor | Purpose | Data processed | Location / transfer |
|---|---|---|---|
| Hetzner Online GmbH | Cloud hosting & PostgreSQL database | All stored Service data | Germany (EU) |
| Cloudflare, Inc. | CDN, static-site delivery & WAF | Site request data, IP addresses | EU + US edge (SCCs + EU-US DPF) |
| Resend | Transactional email (verification, password reset, contact form) | Recipient email address, message content | United States (SCCs + EU-US DPF) |
| Sentry | Application error monitoring | Operational metadata, IP (PII redacted before transmission) | US / EU region (EU-US DPF + SCCs) |
| BulkGate | SMS delivery — only when the SMS channel is enabled | Recipient phone number, message text | Czech Republic (EU) |
5.2. All digital communications passing between the Controller's systems, the CRM webhooks, and the platform clusters are locked using standard TLS 1.3 encryption layers. Administrative passwords undergo modern salted hashing routines.
5.3. Messaging channels you connect. Reminders are delivered through the messaging accounts the Controller connects with its own credentials — Telegram (the salon's own account, over MTProto) and WhatsApp (the salon's own connected number). Personal data is transmitted through these platforms to reach the intended recipients; they operate under their own terms as the destination channels chosen by the Controller, not as sub-processors engaged by the Processor (see Section 7.1 of the Terms).
5.4. Optional sign-in. If the Controller chooses to sign in with Google, Google processes the authentication data necessary to complete that sign-in. This applies only when Google sign-in is used and is disabled by default.
6. CONTROLLER GUARANTEES & USER RIGHTS
6.1. The Controller retains the permanent right to instantly terminate all background sessions, revoke Altegio API connections, and purge saved layout profiles directly via the account management panels.
6.2. Complete account termination, database deletion requests, and systemic data purges can be triggered by submitting an authorized electronic mail request to the centralized compliance officer desk: info@keep-them.com. All non-billing records will be completely removed from production server clusters within 3 (three) business days.
7. MODIFICATIONS
7.1. The Processor preserves the right to revise this privacy framework to accommodate changes in cloud architecture, data protection legislation, or security protocols.
7.2. Continued utilization of the Keep-Them software environment following the standard 10-day public notice window of an upgraded policy iteration signifies automatic acceptance of the revised data management rules.