Privacy Policy

This Privacy Policy explains how Focuslyne (“we”, “us”, or “our”) collects, uses, stores, and shares personal data when you use the Focuslyne website, the authenticated web application, public booking pages, account features, optional integrations (such as calendars, video conferencing, WhatsApp Business, and Stripe), booking workflows, notifications, and payment-related tooling offered under the trading name Focuslyne.

Our registered address is Lisbon, Portugal. For privacy enquiries, contact info@focuslyne.com.

This policy applies to professionals (account holders who configure and use Focuslyne) and to clients / invitees who interact with public booking pages or otherwise share information to request or manage appointments, even if they do not create a Focuslyne account.

Professionals who use Focuslyne to take bookings may have their own legal obligations toward their clients (including transparency, lawful bases, and retention). This document describes Focuslyne’s practices; it does not replace a professional’s privacy notice or terms for their own services.

Please read this policy together with our Terms of Service where applicable.

Data protection law distinguishes roles such as controller, joint controller, and processor (or equivalent concepts outside the EU/UK). The boundaries depend on the facts, your jurisdiction, and how each feature is used.

In general terms:

• Focuslyne as controller (typical examples): we may act as a controller for data needed to operate the platform, create and secure accounts, bill subscriptions where applicable, maintain service security, handle support requests, run product analytics where implemented, and comply with our own legal obligations.
• Focuslyne as processor / service provider (typical examples): where a professional uses Focuslyne to offer services to their clients, we may process booking data, custom field responses, client contact details, calendar and integration-related data, and notification delivery data on the professional’s instructions to provide the scheduling product. Contractual terms (for example a future Data Processing Addendum) may describe this relationship in more detail once published.
• Professionals as independent controllers (typical examples): a professional may be an independent controller for their client relationships, the services they deliver, their own policies, and their decisions about what to collect via booking forms or communications.

If you are unsure which organization is responsible for a specific processing activity, you can contact us at info@focuslyne.com. Where we act only as a processor, we may need to forward certain requests to the relevant professional.

Depending on how you use Focuslyne, we may process categories such as:

• Account data: name, email address, authentication identifiers (for example managed via Supabase Auth), password or sign-in method metadata as applicable, timezone, profile and settings you save in the app.
• Professional / business data: public booking page configuration, business or display name, services / event types, availability rules, optional business links, contact details you choose to show, and manual payment instructions you enter for clients where the product supports them.
• Booking and client data: client name, email, phone where provided, selected time and service, notes or messages you or the client enter, answers to custom booking fields, and status information such as confirmations, reschedules, or cancellations.
• Payment and billing data: Stripe customer and subscription metadata for SaaS billing, plan and payment status, invoice references as surfaced by Stripe-hosted flows, and booking payment records (such as amounts, currency, payment status, refund and dispute metadata) where online booking payments are enabled. Full card or payment method numbers are processed by Stripe, not stored by Focuslyne as card data.
• Integration data: connection metadata for Google or Microsoft calendars, availability or free-busy signals used to compute slots, OAuth tokens stored with encryption where implemented, video meeting references (for example Zoom, Google Meet, Microsoft Teams) when those features are used, and WhatsApp Business connection, template, delivery, and usage-related records where that integration is enabled.
• Communication data: transactional emails and related delivery metadata, scheduled notification jobs, WhatsApp opt-in snapshots and consent text where collected, suppression or opt-out signals where implemented, and message delivery status events from providers.
• Technical data: IP address, device and browser type, request logs, security-related events, session cookies or similar mechanisms needed for login, and product analytics events sent through our analytics pipeline where enabled (typically event names and minimal metadata rather than free-form client notes).
• Support / contact data: information you send when you contact us through support or contact forms.

Not every category applies to every user or every feature.

• Directly from you when you register, complete onboarding, or change settings.
• From clients or invitees when they submit a public booking form or otherwise interact with a professional’s booking page.
• From third-party services you connect (for example Google, Microsoft, Zoom, Stripe, WhatsApp / Meta) according to the permissions you grant and the provider’s APIs.
• From Stripe and related webhooks when you use subscription billing or booking payments.
• From technical logs, cookies or similar storage, and automated monitoring (including error reporting where configured).
• From email or messaging infrastructure (for example Resend, Meta) including delivery receipts or webhooks needed to operate notifications.

We use personal data as needed to:

• Provide booking pages, scheduling, and related workflows.
• Manage accounts, authentication, onboarding, and settings.
• Generate availability and help prevent double bookings.
• Create, update, reschedule, or cancel bookings and related records.
• Send transactional emails, reminders, and other notifications you or the product configuration enable.
• Operate integrations such as calendars, video conferencing, WhatsApp Business, and Stripe (subscriptions, booking payments, Connect where enabled).
• Process subscriptions, booking payments, refunds, disputes, and related payment records in line with the implemented product.
• Provide customer support and respond to enquiries.
• Improve, secure, monitor, debug, and protect the service.
• Meet legal, accounting, tax, or regulatory obligations that apply to us.
• Communicate important service or policy updates where appropriate.
• Detect, investigate, and help prevent fraud, abuse, spam, and unauthorized access.

Where EU/UK GDPR concepts apply, we may rely on one or more of the following, depending on the activity:

• Performance of a contract — for example to provide the Focuslyne service you signed up for, or to process booking steps you request.
• Legitimate interests — for example to secure the platform, understand aggregate product usage where we run analytics, prevent abuse, and improve reliability, balanced against your rights.
• Consent — where required for certain communications, cookies (if non-essential cookies are used in future), WhatsApp opt-in, or other optional features presented as consent-based in the product.
• Legal obligation — where we must retain or disclose information to comply with law or competent authority requests, subject to applicable safeguards.

We do not generally rely on “vital interests” or “public task” bases for Focuslyne’s core scheduling product; if that ever changes, this policy will be updated.

Legal bases are contextual. The same type of data may be processed on different grounds for different features or roles (for example platform security vs client reminders).

We use cookies and similar technologies that are essential for the site and app to function — for example to keep you signed in, protect against cross-site request forgery where implemented, and maintain session security.

Where the product emits analytics or measurement events, those flows are designed to use a limited allow-listed shape (not arbitrary page scrapes of booking content). The exact cookies or storage keys can change as the product evolves.

A dedicated Cookie Policy will describe categories, retention, and choices in more detail once published. Until then, this section is a high-level summary only.

We do not claim that a specific cookie consent banner or preference center is live for all visitors unless and until the product implements one consistently; your browser may still store essential cookies when you use the service.

We use industry service providers to host and operate Focuslyne. Categories and examples relevant to the current codebase and deployment model include:

• Supabase — authentication, database, and related infrastructure for application data.
• Vercel — hosting and serverless execution of the web application and APIs.
• Stripe — SaaS subscription billing, optional booking payments, Stripe Connect where enabled, invoices and payment records as presented in Stripe-hosted surfaces.
• Resend — delivery of transactional emails.
• Google / Microsoft / Zoom — calendar, free-busy, and video meeting features when you connect those providers.
• Meta / WhatsApp Business — WhatsApp messaging features when you connect a WhatsApp Business account and the product sends template or operational messages in line with Meta rules.
• Upstash Redis — optional distributed rate limiting, locks, or similar controls when configured via environment variables.
• Sentry — optional error monitoring and crash reporting when DSN environment configuration is present, subject to minimization rules in our implementation.

Providers process data under their own terms and privacy policies. Our current main subprocessors and service providers are listed in this section. We may update this list as our infrastructure and integrations evolve.

We do not describe every sub-subprocessor inside a vendor stack; your counsel may request supplementary schedules.

Focuslyne and our service providers may process and store personal data in countries other than your own, including outside the European Economic Area (EEA) or the UK, depending on how services are deployed and which integrations you enable.

Where transfers require safeguards under applicable law, we rely on mechanisms such as European Commission standard contractual clauses, adequacy decisions where applicable, and contractual safeguards included in our service providers’ data processing terms.

You may request more information about transfers when contacting us (see Section 20).

We retain personal data for as long as reasonably necessary to provide Focuslyne, maintain accounts, operate bookings, comply with legal, accounting, tax, security, and dispute-resolution obligations, and protect our legitimate interests.

In general:

• account and profile data is kept while the account remains active;
• booking and client data is kept while needed by the professional’s account and booking history, unless deletion is requested and legally permitted;
• billing, subscription, payment, refund, and dispute records may be kept for longer where required for accounting, tax, fraud prevention, chargeback, or legal reasons;
• integration tokens and connection data are kept while the integration remains connected, unless disconnected or deleted earlier;
• consent, opt-in, notification, and delivery records may be kept while needed to prove preferences, deliver transactional messages, or respect opt-outs;
• technical logs, security events, and diagnostic data are usually kept for limited operational periods and then deleted, rotated, or aggregated;
• backup copies may remain for a limited period until overwritten through normal backup cycles.

When we no longer need personal data, we delete, anonymize, or aggregate it where reasonably possible.

We may share personal data:

• With the relevant professional and, where necessary for a booking, with the client / invitee (for example confirmation details).
• With service providers and subprocessors who assist us in operating the platform, subject to contracts and confidentiality obligations.
• With payment processors (primarily Stripe) to charge, refund, or reconcile payments.
• With integration providers you connect (for example Google, Microsoft, Zoom, Meta) according to your configuration and their APIs.
• When required by law, regulation, court order, or to protect the safety, rights, or security of users, the public, or Focuslyne.
• In connection with a business transaction (for example a merger or asset sale) subject to confidentiality and continued protection of personal data as required by law.

We do not sell personal data in the sense of exchanging contact lists for money to unrelated data brokers.

We implement reasonable technical and organizational measures designed to protect personal data, including access controls, encryption in transit for modern browser sessions, and encryption for certain stored tokens where the product implements token encryption.

No method of transmission or storage is completely secure. If you believe your account has been compromised, reset credentials promptly and contact info@focuslyne.com.

You are responsible for safeguarding passwords and devices you use to access Focuslyne.

Depending on your location, you may have rights such as to access, rectify, erase, restrict, or object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority.

To exercise rights against Focuslyne, email info@focuslyne.com. We may need to verify your identity before fulfilling a request.

For practical steps on requesting deletion or disconnection of account, booking, integration, and WhatsApp-related data, you can also review our Data Deletion Instructions.

Where Focuslyne processes data solely as a processor for a professional, we may need to refer your request to that professional, who is responsible for their relationship with their clients.

Rights are not absolute; exemptions (for example for legal claims or regulatory retention) may apply under local law.

Focuslyne is intended for adults and businesses providing professional services. It is not directed at children for their independent use.

Focuslyne is not directed at children. Professionals should not use booking forms to knowingly collect data from children unless they have an appropriate lawful basis, provide any required notices, and obtain parental or legal representative consent where required by applicable law.

If you believe a child has provided personal data inappropriately through our service, contact info@focuslyne.com so we can investigate and take appropriate steps.

If you use Focuslyne as a professional, you agree to:

• Use Focuslyne in compliance with applicable data protection and electronic communications laws.
• Provide your own privacy notices, consent, or other transparency to clients where required for your activities.
• Avoid collecting unnecessary sensitive or special-category data through custom booking fields or free-text notes unless you have a lawful basis and appropriate safeguards.
• Remain responsible for your services, policies, pricing, cancellations, refunds, and how you configure communications or payments.

Public booking pages display information the professional configures (such as names, services, duration, and optional business details). Clients may submit personal data required by the form (for example name, email, phone, custom field answers, optional WhatsApp opt-in where shown).

Booking details are available to the hosting professional in the Focuslyne dashboard and related notifications. Transactional messages may be sent to confirm, remind, or update a booking according to product settings and provider rules.

Where online booking payments are enabled for an event type, payment details are collected by Stripe on checkout; Focuslyne stores operational payment metadata as described elsewhere in this policy.

For questions about the underlying appointment or service, clients should contact the professional directly.

We send transactional emails (for example booking confirmations to clients and professionals) and may send scheduled reminders where the product and user preferences allow.

WhatsApp messages are sent only where the professional has connected WhatsApp Business, templates are approved as required by Meta, and any applicable opt-in or consent has been collected in the product (for example the optional booking form opt-in where implemented). Users may have in-app toggles for certain notification categories; availability depends on the current product surface—check Settings.

Delivery providers may return status events (delivered, failed, read where available) that we process to show operational status and to respect suppressions or opt-outs where implemented.

Stripe processes card and payment method entry for SaaS subscriptions and, where enabled, for booking payments. Focuslyne does not store full card numbers on its own systems.

We store metadata and status fields needed to operate billing, booking payments, refunds, disputes, and internal reconciliation (for example identifiers and amounts as implemented in our database layer), consistent with the product you see in the app and host dashboards.

SaaS subscription billing (your Focuslyne plan) and booking payments (money for a specific appointment) are separate contexts with different checkout flows and Stripe objects, though the same Stripe business may power both where configured.

If you use Stripe Connect, your connected account is also subject to Stripe’s agreements, verification, and privacy notices for account holders.

We may update this Privacy Policy from time to time to reflect product, legal, or operational changes. The “Last updated” date at the top of this page will change when we publish a revision.

If a change is material, we may provide additional notice (for example through the product, website, or email) where appropriate and required by law.

Continued use of Focuslyne after an update may constitute acknowledgment of the revised policy where permitted by applicable law.

Questions about this Privacy Policy or requests to exercise privacy rights should be sent to info@focuslyne.com.

Postal / registered contact: Focuslyne, Lisbon, Portugal.

We have not appointed a Data Protection Officer at this stage.

EU representative: Not applicable because Focuslyne is established in the European Union.

UK representative: We have not appointed a UK representative at this stage.

For general enquiries that are not privacy-specific, you may also use our contact page.