What this covers
This policy explains what data Zedule collects, why we collect it, where we store it, and how you and your customers can request deletion or export.
Data we collect from business owners
Account email and name (from Google Sign-In or Supabase Auth), business profile fields you provide (name, address, phone, website), Stripe billing identifiers (we never see your card number; Stripe handles that), and optional Google Calendar OAuth tokens you authorise.
Data your customers provide when booking
Name, email, phone, and any notes they enter on the booking form. This data lives in your business's isolated Cloudflare D1 database — not in a shared table with other businesses' customers.
Where the data lives
On Cloudflare's network. Each business gets its own D1 SQLite database, isolated from other tenants. Operational metadata (pricing, billing, account memberships) lives in Supabase's hosted Postgres.
How long we keep it
Live appointments: until completion + 7 days, then moved to an archive table within your tenant database. Archived appointments: retained for 2 years by default. Customer profile records: retained for the lifetime of your account; deletable on request via your dashboard. Account closure: 60-day grace period, then full purge of your D1 database and KV entries.
How to delete or export
Download CSVs of customers and appointments from your dashboard at any time. To request deletion of an individual customer record, email privacy@zedule.app. To close your account, cancel through Stripe's billing portal — your data is deleted 60 days later unless you reactivate.
Cookies
See our cookie policy.
Contact
Privacy questions: privacy@zedule.app.
EU representative: TBA.