Privacy Policy

Key points

• Account and workspace data such as name, email, organization, users, roles, timezone, currency, language preferences, and authentication details
• Operational data entered in the app, including client profiles, visit history, notes, photos, services, products, payments, balances, analytics inputs, and related records
• Technical, support, and security data such as IP address, browser and device information, logs, error reports, session events, and integration metadata

Key points

• Provide access, authentication, workspace setup, and core product functionality
• Operate client management, agenda, visit tracking, services, products, payments, business analytics, and enabled integrations
• Provide support, backups, abuse prevention, security monitoring, incident response, product improvement, and legal compliance

Key points

• Performance of a contract to provide the application and its enabled features
• Legitimate interest to secure, operate, improve, and defend the platform
• Consent where required, and compliance with applicable legal obligations

Key points

• Account, workspace, and operational records are retained while the service is active and for as long as needed to support continuity, support, and security
• Some logs, audit trails, and financial or transaction-related records may be kept longer when required by law, tax, accounting, audit, or fraud-prevention obligations
• When data is no longer needed, it is deleted, de-identified, or restricted according to internal retention rules

Key points

• Authorized providers may process data for hosting, infrastructure, communications, analytics, backup, or integrations under contractual safeguards
• External integrations, such as Google Calendar or MCP-enabled tools, may involve separate processing governed by third-party terms
• Data may be disclosed when legally required or reasonably necessary to protect rights, security, users, or platform integrity

Key points

• Access control through authentication, role-based permissions, and workspace-level restrictions
• Protection of sessions and credentials, plus monitoring of incidents, logs, and suspicious activity
• Backup, recovery, and continuity measures proportionate to service risk and architecture

Key points

• Data subjects may request access, rectification, erasure, restriction, objection, or portability where applicable
• For customer-entered client data, requests should generally be directed to the organization or professional acting as controller
• When fichero.io acts as processor, requests are handled according to controller instructions and legal duties

Key points

• If personal data is transferred outside the EEA or UK, appropriate safeguards are implemented where required
• Safeguards may include Standard Contractual Clauses or equivalent legal mechanisms
• Transfer and localization practices may vary by infrastructure and enabled integrations

Key points

• The version published on this page is the effective version from the stated update date
• Continued use of the platform after the effective date may constitute acceptance to the extent permitted by law
• Material changes may be communicated through in-product, email, or account channels where appropriate