1. Introduction
This Privacy Policy explains how Cross Platform (Pty) Ltd ("we", "us", or "our") collects, uses, discloses, and protects personal information when you use Calendar Booking Service (the "Service"), including our marketing website, platform application, and related services operated at calendarbookingservice.com and associated subdomains.
We are committed to protecting your privacy and handling personal information in accordance with applicable data protection laws, including the Protection of Personal Information Act, 2013 (POPIA) in South Africa and, where applicable, the General Data Protection Regulation (GDPR).
By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Service.
2. Roles and responsibilities
Calendar Booking Service is a multi-tenant software platform. Depending on how you interact with the Service, different parties may process your personal information:
- Platform operator: Cross Platform (Pty) Ltd operates the platform, hosts accounts for business users ("Tenants"), processes subscription billing, and provides core infrastructure.
- Tenants: Businesses that use the Service to offer booking pages to their clients. When you book with a Tenant, that Tenant is typically the controller of your booking-related personal information. Their use of your data is governed by their own policies and practices.
- End customers: Individuals who create accounts or book appointments through a Tenant's booking page.
Questions about a specific booking should be directed to the relevant Tenant. Questions about platform-level processing may be sent to us at support@crossplatform.co.za.
3. Information we collect
The information we collect depends on your relationship with the Service.
3.1 Tenant account holders and team members
- Account details such as name, email address, and password (stored in hashed form).
- Business and workspace information, including organisation name, subdomain, branding, and settings.
- Billing and subscription data, including plan selection, trial status, invoices, and payment method metadata processed by Stripe. We do not store full payment card numbers.
- Integration credentials and tokens when you connect third-party services such as Google Calendar, Microsoft Outlook, Zoom, Microsoft Teams, or Stripe Connect.
- Usage, log, and security data, including IP address, browser type, device information, authentication events, and activity within the platform.
3.2 End customers booking through a Tenant
- Contact details provided during booking, such as name and email address.
- Booking details, including selected meeting type, date and time, timezone, location or video preferences, and answers to intake questions configured by the Tenant.
- Payment-related information for paid bookings processed through the Tenant's connected Stripe account, including transaction status and amount. Card details are handled directly by Stripe.
- Account credentials if the Tenant enables customer login on their booking site.
3.3 Marketing website visitors
- Technical data such as IP address, browser type, referring URL, and pages viewed.
- Cookie and similar technology data as described in Section 8.
4. How we use personal information
We use personal information to:
- Provide, operate, maintain, and improve the Service.
- Create and manage accounts, authenticate users, and enforce security measures including optional two-factor authentication.
- Process bookings, availability, calendar synchronisation, notifications, and video meeting links.
- Process subscription payments and manage billing through Stripe.
- Enable Tenants to accept payments from their customers through Stripe Connect.
- Send service-related communications, such as booking confirmations, reminders, account notices, and security alerts.
- Respond to support requests and troubleshoot issues.
- Monitor usage, prevent fraud and abuse, and protect the security and integrity of the Service.
- Comply with legal obligations and enforce our Terms of Service.
We process personal information based on one or more of the following legal bases, as applicable: performance of a contract, legitimate interests, consent, and compliance with legal obligations.
5. How we share personal information
We do not sell personal information. We may share information in the following circumstances:
- With Tenants: When you book through a Tenant, your booking information is made available to that Tenant and their authorised users.
- With service providers: We use trusted third parties to help operate the Service, including hosting providers, email delivery services, and payment processors.
- With integrated third-party services: When you or a Tenant connects external services, relevant data is shared as needed to provide the integration. This may include Google, Microsoft, Zoom, and Stripe.
- For legal reasons: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of users, the public, or our organisation.
- Business transfers: If we are involved in a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards.
6. Third-party services
The Service relies on third-party providers whose privacy practices are governed by their own policies, including:
- Stripe: subscription billing and, for Tenants on Pro plans, customer payment processing via Stripe Connect.
- Google: calendar synchronisation and OAuth authentication where enabled.
- Microsoft: Outlook calendar synchronisation, Teams meeting links, and OAuth authentication where enabled.
- Zoom: video meeting link generation where enabled.
Tenant booking pages may also display third-party content or links controlled by the Tenant. We are not responsible for the privacy practices of Tenants or other third parties outside our platform.
7. Data retention
We retain personal information for as long as necessary to provide the Service, fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements.
When a Tenant account is closed, we may retain or delete data in accordance with our backup, legal, and operational requirements. Tenants are responsible for exporting any data they need before closure.
You may request deletion of your platform account subject to applicable law and legitimate retention needs.
8. Cookies and similar technologies
We use cookies and similar technologies to operate the Service, keep you signed in, remember preferences such as theme settings, maintain security, and understand how the marketing site is used.
Types of cookies we may use include:
- Essential cookies required for authentication, session management, and security.
- Functional cookies that remember preferences and improve usability.
- Analytics cookies, where used, to understand traffic and usage patterns.
You can control cookies through your browser settings. Disabling essential cookies may prevent parts of the Service from functioning correctly.
9. Security
We implement appropriate technical and organisational measures designed to protect personal information, including encryption in transit, access controls, tenant data isolation, and secure credential handling.
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
10. International transfers
Your information may be processed in countries other than your own, including where our service providers operate. Where required, we take steps designed to ensure appropriate safeguards for cross-border transfers.
11. Your rights and choices
Depending on your location and applicable law, you may have rights to:
- Access personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion of personal information, subject to legal exceptions.
- Object to or restrict certain processing activities.
- Withdraw consent where processing is based on consent.
- Request portability of information you provided in a structured, commonly used format.
- Lodge a complaint with a supervisory authority.
To exercise these rights, contact us at support@crossplatform.co.za. We may need to verify your identity before responding. If your request relates to a booking with a Tenant, we may direct you to that Tenant where appropriate.
Account holders can update profile information and security settings within the Service. Marketing emails, where sent, will include an unsubscribe option where required by law.
12. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page and update the "Last updated" date. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.
14. Contact us
If you have questions or requests regarding this Privacy Policy or our data practices, contact:
- Cross Platform (Pty) Ltd
- Email: support@crossplatform.co.za
- Website: https://crossplatform.co.za
Information officer / privacy enquiries: support@crossplatform.co.za
Governing jurisdiction: Republic of South Africa