Privacy Policy

FlexBook India Pvt. Ltd. ("FlexBook", "we", "us", or "our") is committed to protecting the privacy and security of all personal data processed through our platform. This Privacy Policy explains how we collect, use, store, and protect information when you use FlexBook's scheduling, billing, and marketing automation services (collectively, the "Services").

By accessing or using the Services, you agree to the terms of this Privacy Policy. If you are using FlexBook on behalf of a business, you represent that you have the authority to bind that business to these terms.

We collect several categories of information to provide and improve the Services:

Account and business information: When you register, we collect your name, email address, phone number, business name, GST identification number (if applicable), and billing address.

Booking and appointment data: We collect details about appointments made through the platform, including service type, duration, assigned staff member, room or equipment used, and booking timestamps.

Customer records: Business owners may input or import their customer data, including names, contact information, visit history, treatment records, and payment history. For clinic users, this may include clinical notes and prescription data entered by authorised medical professionals.

Payment information: We collect transaction amounts, payment method types (UPI, card, cash), and GST-compliant invoice data. Full card details are processed by PCI-DSS compliant payment processors; FlexBook does not store raw card numbers.

Device and usage data: We automatically collect IP addresses, browser types, operating system information, pages visited, features used, and performance data to improve the platform and diagnose issues.

WhatsApp communication data: When you use FlexBook's WhatsApp automation features, we store message templates, campaign send logs, and delivery status information. We do not store the content of incoming customer WhatsApp replies on our servers.

FlexBook uses collected data for the following purposes:

• ·Service delivery: To operate the booking calendar, POS system, commission tracking, and clinical records features as configured by you.
• ·Communications: To send transactional emails and WhatsApp notifications including booking confirmations, appointment reminders, and payment receipts.
• ·Platform improvement: To analyse usage patterns, identify bugs, and prioritise new features based on how the platform is used in practice.
• ·Billing and compliance: To generate GST-compliant invoices, process subscription payments, and maintain records required by Indian tax and financial regulations.
• ·Security and fraud prevention: To detect and prevent unauthorised access, suspicious activity, or misuse of the platform.

We do not sell your data or your customers' data to third parties for advertising purposes.

FlexBook integrates with third-party payment processors including Razorpay and Stripe to handle subscription billing and in-app payment collection. These processors are PCI-DSS Level 1 certified and governed by their own privacy policies.

When you process a customer payment through FlexBook's POS, the transaction data is sent directly to the payment processor over an encrypted connection. FlexBook stores only the transaction result (success/failure), transaction reference number, amount, and payment method category — not the underlying card or bank account details.

Subscription fees for FlexBook plans are billed monthly or annually. Invoices are generated automatically and emailed to the billing email on your account. All prices are inclusive of applicable GST unless otherwise stated.

FlexBook uses the WhatsApp Business API, provided by Meta Platforms Inc., to deliver appointment reminders, birthday campaigns, and bulk marketing messages on your behalf.

Template messages: All WhatsApp messages sent through FlexBook must use pre-approved message templates that comply with Meta's Business Messaging Policy. You are responsible for ensuring the content of your templates is accurate and does not violate applicable consumer protection laws.

Opt-in and opt-out: You must obtain valid consent from your customers before sending them WhatsApp marketing messages. FlexBook provides tools to record and manage customer consent. Customers can opt out of marketing messages at any time; FlexBook will automatically honour opt-out requests within 24 hours.

Data residency: Message logs (template name, recipient phone number, send timestamp, delivery status) are stored on servers located within India or within the European Economic Area in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

Prohibited use: You may not use FlexBook's WhatsApp features to send spam, unsolicited commercial communications, or messages that violate Meta's terms of service or Indian telecommunications regulations.

All data processed by FlexBook is stored on cloud infrastructure hosted in Mumbai (AWS ap-south-1 region). Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.

We implement role-based access controls to ensure that staff members of a business can only access data they are authorised to view. For example, front-desk staff cannot access clinical notes or prescription histories stored by medical professionals.

We retain business and customer data for the duration of your subscription and for 24 months thereafter, to allow for account recovery and legal compliance. You may request earlier deletion of your data as described in the "Your Rights" section below.

We conduct annual third-party security audits and maintain a responsible disclosure programme for security researchers.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), and applicable data protection laws, you have the following rights with respect to personal data we process:

• ·Right to access: You may request a copy of the personal data we hold about you.
• ·Right to correction: You may request correction of inaccurate or incomplete personal data.
• ·Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
• ·Right to portability: You may request an export of your data in a machine-readable format.
• ·Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@flexbook.in. We will respond to verified requests within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (to the address on your account) and by placing a prominent notice in the FlexBook dashboard at least 14 days before the changes take effect.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy, please contact us at privacy@flexbook.in.