GDPR & Privacy Center
Your data, your rights. Learn how we protect your privacy.
Exercise Your Data Rights
Under GDPR and LGPD, you have full control over your personal data. Here's what you can do.
Right to Access
Request a copy of all personal data we hold about you or your clients.
Right to Rectification
Correct any inaccurate personal data we have stored about you.
Right to Erasure
Request deletion of your personal data (right to be forgotten).
Right to Restrict Processing
Limit how we process your data while keeping it stored securely.
Right to Portability
Receive your data in a machine-readable format to transfer elsewhere.
Right to Object
Object to processing of your data for specific purposes.
Data We Process
Full transparency about what data we collect and why.
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Identity Data | Name, email, phone number, profile photo | Account creation and identification | Duration of account + 30 days |
| Booking Data | Appointments, services, preferences | Service delivery and scheduling | 7 years (legal requirement) |
| Payment Data | Transaction history, payment methods | Payment processing and invoicing | 7 years (tax compliance) |
| Usage Data | Login times, feature usage, preferences | Service improvement and support | 2 years |
| Marketing Data | Consent status, preferences | Marketing communications | Until consent withdrawn |
Our Data Partners
Third-party services we use to process your data, with their safeguards.
| Provider | Location | Purpose | Safeguards |
|---|---|---|---|
| Amazon Web Services | USA (EU data centers) | Cloud infrastructure | EU-US DPF, SCCs |
| Stripe | USA (EU processing) | Payment processing | EU-US DPF, PCI-DSS |
| Twilio | USA | SMS notifications | SCCs, encryption |
| Resend | USA | Email delivery | SCCs, encryption |
| Supabase | USA (EU region available) | Database & Auth | SOC 2, encryption |
Privacy Questions
Where is my data stored?
Your data is stored in secure data centers. EU customers can choose EU-based data residency. All data is encrypted at rest and in transit using AES-256 and TLS 1.3.
How long do you keep my data?
We retain data as long as your account is active, plus a 30-day grace period. Some data (like financial records) is kept for 7 years due to legal requirements. You can request deletion at any time.
Do you sell my data?
No. We never sell, rent, or share your personal data with third parties for their marketing purposes. Your data is only processed to provide our services.
How do I exercise my data rights?
Log into your account and go to Settings → Privacy. You can export, delete, or manage your data directly. For complex requests, email privacy@tektrio.com.
Are you LGPD compliant (Brazil)?
Yes. We comply with both GDPR and LGPD (Lei Geral de Proteção de Dados). Brazilian users have the same data rights and protections as EU users.
Legal Documents
Questions About Your Data?
Contact our Data Protection Officer for any privacy-related questions or requests.
We respond to all data rights requests within 30 days as required by GDPR.