Arvors
Пријавите се

Privacy Policy

Last updated: March 23, 2026

Arvors ("we", "us", "our") operates the website arvors.org (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Platform and services. By using the Platform you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

1.1 Information you provide directly

  • Account data: full name, email address, phone number, password (hashed with bcrypt — we never store plaintext passwords)
  • Business data (for business owners): business name, address, description, working hours, services, pricing
  • Booking data: client name, email, phone number, appointment date/time, selected service, notes

1.2 Information collected automatically

  • Usage data: IP address, browser type and version, device type, pages visited, referring URL
  • Cookies: session cookies and theme preference only — we do not use tracking or advertising cookies

1.3 Information from third-party services

  • Google Calendar: if you choose to connect your Google account, we receive OAuth 2.0 access and refresh tokens to read and write calendar events on your behalf

2. How We Use Your Information

We use the collected information for the following purposes:

  • To create and manage your account
  • To process and manage appointment bookings
  • To send booking confirmations, reminders, and status updates via email
  • To synchronize appointments with Google Calendar (if connected)
  • To display your business profile and services to potential clients
  • To improve, maintain, and secure the Platform
  • To respond to your inquiries and support requests
  • To comply with legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide our appointment scheduling services to you
  • Consent: for optional features such as Google Calendar integration (you can withdraw consent at any time)
  • Legitimate interest: to improve our Platform, prevent fraud, and ensure security
  • Legal obligation: to comply with applicable laws and regulations

4. Google API Services — Limited Use Disclosure

Arvors's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the minimum Google Calendar scopes necessary to synchronize your appointments
  • We do not use Google user data for advertising or for serving ads
  • We do not allow humans to read your Google data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations
  • We do not transfer Google user data to third parties except as necessary to provide the calendar synchronization feature, as required by law, or as part of a merger/acquisition with notice to users
  • You can revoke Arvors's access to your Google data at any time through your Google Account settings at myaccount.google.com/permissions or through the Platform's settings

5. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

  • Service providers: Convex (database hosting), Resend (transactional email delivery), Google (calendar synchronization) — each bound by their own privacy policies and data processing agreements
  • Between users: appointment details are shared between the client and the business/employee with whom the appointment is booked
  • Legal requirements: if required by law, regulation, legal process, or governmental request
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with prior notice to users

6. Data Retention

  • Account data is retained while your account is active
  • If you delete your account, we will delete your personal data within 30 days, except where longer retention is required by law
  • Appointment records may be retained for up to 12 months after the appointment date for business record-keeping purposes
  • Google OAuth tokens are deleted immediately when you disconnect the integration

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Passwords are hashed using bcrypt before storage
  • All data in transit is encrypted via HTTPS/TLS
  • OAuth tokens are stored securely and encrypted
  • Role-based access control limits data access to authorized users only
  • Password reset tokens are hashed (SHA-256) and expire after use

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Data portability: request your data in a structured, machine-readable format
  • Restriction: request limitation of processing of your data
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: withdraw consent at any time for consent-based processing (e.g., Google Calendar integration)

To exercise any of these rights, contact us at momcilo.bozic@mc-software.org. We will respond within 30 days.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States and the European Union (our database is hosted in the EU — eu-west-1 region). Where data is transferred outside the EU/EEA, we ensure adequate safeguards are in place in accordance with applicable data protection laws.

10. Children's Privacy

The Platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Cookies

We use only essential cookies required for the Platform to function (session management, theme preference). We do not use analytics, tracking, or advertising cookies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at: