Legal

Privacy Policy

Effective: June 1, 2026 · Last updated: June 2026

1. Who We Are

Xenla (operated by THREE GUYS s. r. o.) is a studio management and booking platform. This Privacy Policy explains how we collect, use, and protect your data when you use xenla.app.

Questions? Contact us at hello@xenla.app

2. Data We Collect

Account data

Email address, password (hashed), business name, business category, billing information (processed by Stripe — we never see your card number).

Business operational data

Client names, emails, phone numbers, appointment history, and booking data that you enter into the platform. This data belongs to you.

Usage data

Pages visited, features used, browser type, IP address, and device type — used to improve the product and diagnose issues.

3. How We Use Your Data

  • To provide and operate the Xenla service
  • To send transactional emails (booking confirmations, reminders, receipts)
  • To provide customer support
  • To improve the product and fix bugs
  • To comply with legal obligations

We do not sell your data to third parties. We do not use your client data for advertising.

4. Data Storage & Security

  • All data is stored on US East servers (AWS us-east-1, Virginia)
  • Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Database backups are taken daily and retained for 30 days
  • Access is restricted to authorized personnel only
  • Payment data is handled exclusively by Stripe (PCI DSS Level 1 certified)

5. Third-Party Services

Stripe Payment processing · privacy policy

Supabase Database & auth · privacy policy

Vercel Hosting & CDN · privacy policy

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can disable non-essential cookies at any time through the cookie banner.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your data in a portable format
  • Opt out of marketing communications at any time

To exercise these rights, email hello@xenla.app. We will respond within 30 days.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data is purged within 30 days, except where retention is required by law.

9. Children's Privacy

Xenla is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email before significant changes take effect.

Terms of ServiceContact← Back to home