PRIVACY POLICY

Effective Date: August 2025

Tomuto.app ("Tomuto", "we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and what rights you have.

1. What Data We Collect

We may collect the following categories of data:

Information You Provide to Us Directly

• First and last name
• Email address
• Phone number
• Company/salon name
• Payment information (if applicable)
• Other data you voluntarily provide through your account or forms

Service Usage Data

• Date and time of bookings
• Interface interactions (log files, clicks, navigation)
• IP address, browser type, device settings

Data from Third Parties

If you integrate Tomuto with calendars, CRM systems, or payment systems, we may receive necessary data to provide services.

2. How We Use Data

We process your personal data to:

• Provide, maintain, and improve our service
• Process bookings and manage appointments
• Process payments and billing
• Send service messages and updates
• Ensure account security
• Fulfill legal obligations

3. Legal Basis for Processing

We process your data on the following grounds:

• Contract performance (service provision)
• Your consent (e.g., for marketing communications)
• Legitimate interests (fraud protection, service improvement)
• Legal requirements compliance

4. How We Share Data

We may share your data with:

• Service providers (hosting, payment gateways, email services)
• Integration partners (at your initiative)
• Government authorities — if required by law

We do not sell your personal data to third parties.

5. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, or as long as required by law. After this period, data will be securely deleted or anonymized.

6. Data Protection

We apply technical and organizational measures (SSL encryption, access control, backup) to protect your data from unauthorized access, loss, or alteration.

7. Your Rights

Under data protection legislation (particularly GDPR), you have the right to:

• Access your personal data
• Correct inaccurate or outdated data
• Delete data ("right to be forgotten")
• Restrict or object to processing
• Receive a copy of data in a portable format
• Withdraw consent (if processing is based on consent)

To exercise your rights, contact us at privacy@tomuto.app.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• User authentication
• Remembering preferences
• Website usage analytics

You can manage cookie settings in your browser.

9. International Data Transfers

If we transfer your data outside the EEA, we do so in compliance with GDPR requirements, using standard contractual clauses or other protection mechanisms.

10. Policy Changes

We may update this Policy. The new version takes effect from the date of publication on our website, unless otherwise specified.

11. Contact Information

If you have questions or complaints, contact us:

Email: privacy@tomuto.app