Klendr

Privacy Policy

Last updated: 2026-05-30

This is a working template for the Klendr Privacy Policy, written with GDPR (EU) in mind. Klendr is operated from Estonia. Please review with legal counsel before treating it as final.

1. Who we are

"Klendr" is an online appointment-booking and salon-management service operated from Estonia (European Union). Contact for privacy matters: support@klendr.me.

2. What we collect

  • Account information — email address, name.
  • Business information — salon name, address, phone, working hours, services, branding.
  • Client information you enter — names, phone numbers, emails, language preferences and appointment history of your salon's clients.
  • Usage data — log entries (IP address, user agent, request timestamps) for security and reliability.
  • Billing — handled by Stripe (when active). We never see your card number; Stripe shares only the masked metadata needed to fulfil the subscription.

3. Why we process it

  • To provide and improve the service (calendar, booking page, reminders, analytics).
  • To bill subscriptions and metered usage (e.g. SMS over the included bundle).
  • To detect and prevent fraud or abuse.
  • To send transactional messages (booking confirmations, reminders, account notices).

4. Legal basis (GDPR)

  • Contract — for account, billing and service delivery.
  • Legitimate interest — for security logging, fraud prevention, and aggregated product analytics.
  • Consent — for any optional marketing email (which we may send only with your explicit opt-in).

5. Where data is stored

Data is hosted in the European Union. Standard contractual safeguards apply to any processor we use.

6. Retention

We retain account and salon data while your account is active. After cancellation, we keep data for up to 30 days to allow account recovery, then delete it. Aggregated, non-identifying analytics may be retained longer. Saved client contacts with no booking activity in the past 12 months are deleted automatically and the master is notified.

7. Your rights (GDPR)

You can request access, correction, deletion, restriction, or portability of your personal data, and you can object to processing based on legitimate interest. Write to support@klendr.me and we will respond within 30 days.

8. Cookies

We use three categories of cookies:

  • Necessary — authentication, CSRF protection, language preference. Always on; the site cannot function without them.
  • Statistics — Google Analytics 4 via Google Tag Manager, used only to understand aggregated, anonymized site usage so we can improve it. Set ONLY if you accept via the consent banner.
  • Marketing — reserved for future advertising features. Currently not active; will only fire with explicit consent.

We use Google Consent Mode v2 — until you opt in, Google tags either don't load or send only cookieless aggregated pings (no identifier, no profile). You can change your choice at any time by clicking Cookie preferences.

9. Children

Klendr is intended for business use by adults. We do not knowingly process the personal data of children under 16.

10. Changes

We may update this policy from time to time. Material changes will be announced by email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Complaints

If you believe we are mishandling your data, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EU supervisory authority.

12. Contact

Questions about privacy: support@klendr.me