Sendaluna

Privacy policy

Back to home

This privacy policy applies to the Sendaluna appointment booking service at appointments.responsibletravelsa.com. It describes how we collect, use, and disclose information, including data obtained through Google sign-in and Google Calendar.

Information we collect

  • Booking data: When you make a booking, we collect your name, email, phone (optional), and the appointment details you submit.
  • Google user data (administrators only): When you sign in as an administrator with Google, we receive your email address, name, and profile picture. If you use Google Calendar sync, we store refresh tokens to create and manage calendar events for your bookings. We use Google's APIs only to provide the booking and calendar features of this service.

Sharing, transfer, and disclosure of data — including Google user data

We do not sell your personal data or Google user data. We do not share, transfer, or disclose Google user data to third parties for their advertising or marketing.

We share, transfer, or disclose data (including Google user data) only as follows:

  • Cloudflare: Our app is hosted on Cloudflare. Booking data and, for administrators, Google account identifiers and calendar tokens are stored in Cloudflare D1 (database) and processed on Cloudflare Workers. Cloudflare acts as a service provider to host and run the application.
  • Mailjet (or our email provider): We use an email service to send booking confirmations and notifications. Recipient email addresses and booking details included in those messages are processed by the provider to deliver the emails.
  • Google: When you use "Sign in with Google" or Google Calendar sync, we use Google's OAuth and Calendar APIs. Data is sent to and from Google in accordance with Google's APIs and their privacy policy. We do not share Google user data with any other parties beyond what is necessary to operate this service.

We do not disclose Google user data to any other third parties. We do not use Google user data for purposes unrelated to this appointment booking and calendar service.

Data protection mechanisms for sensitive data

We implement security procedures and technical measures to protect the confidentiality and integrity of your data, including Google user data and other sensitive information:

  • Encryption in transit: All data is transmitted over HTTPS (TLS) so that information between your browser and our servers is encrypted.
  • Secure storage: Booking data and administrator credentials (including Google OAuth tokens) are stored in a managed database (Cloudflare D1) with access restricted to the application and authorized operators only. We do not store passwords; Google sign-in is handled via OAuth.
  • Access controls: Access to backend systems and stored data is limited to personnel who need it to operate the service. Administrator (Google) data is used only to provide sign-in and calendar sync for that administrator.
  • Confidentiality: We do not use your data for advertising, and we do not sell or share Google user data with third parties for their marketing or other purposes. Security procedures are in place to protect the confidentiality of your data.

We retain booking and administrator data only for as long as needed to operate the service and comply with legal obligations. When the retention period ends or you request deletion, we delete or anonymize the data. You may request deletion of your data by contacting us (see Contact below).

Contact

For questions about this policy or your data, contact Sendaluna via the main site at responsibletravelsa.com.