Skhedio Logo
Skhedio

Privacy Policy

Last updated: January 7, 2026

1. Introduction

At Skhedio (referred to as "Skhedio", "we", "us" and "our"), we are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, manage, and protect your personal data.

This Privacy Policy ("Policy") applies to the website www.skhedio.com, and all Skhedio services, including our web applications and mobile applications (together "Services").

This Notice will apply to you if:

  • You visit and browse our Sites and Apps
  • You book appointments with our Partners through us (we'll refer to you as a "Client")
  • You purchase a gift card for use with participating Partners (we'll refer to you as a "Client")
  • You are self-employed and/or you work for a business on the Skhedio platform (we'll refer to you and/or the business as a "Partner")

We will only use the information we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We do not sell or share your phone number with third parties, except where required by law.

2. Contacting Us

If you have any questions, comments, or requests regarding this Notice, you can get in touch with us via our Contact Us page, or via email at:

Privacy Inquiries: info@skhedio.com

Data Protection Officer: info@skhedio.com

You can contact our Data Protection Officer at any time if you have concerns about how we handle your personal data or wish to exercise your data protection rights.

3. What Information We Collect & How We Use It

If You Visit Our Services

We use your information to provide you with our Services. If you visit any of our Services, whether you're just browsing or you have an account, we will automatically collect information from you each time you use our Sites. This includes:

  • Technical information: IP address, login information, browser type and version, time zone setting, operating system, and platform
  • Information about your visit: Pages viewed, links clicked, time spent on pages, and navigation paths
  • Location data: If you opt-in, we may collect your location to show nearby businesses

If You Are a Client

When you book appointments or purchase services through Skhedio, we collect:

  • Identity data: Name, date of birth (if required for services)
  • Contact data: Email address, phone number, address
  • Booking data: Appointment history, service preferences, booking notes
  • Transaction data: Payment details (processed securely by Stripe), purchase history
  • Profile data: Preferences, feedback, reviews, and survey responses
  • Communications: Messages exchanged with businesses through our platform

If You Are a Partner (Business)

When you register your business on Skhedio, we collect:

  • Business identity data: Business name, owner name, business registration number
  • Business contact data: Business address, email, phone number, website
  • Staff data: Staff names, roles, schedules, contact information
  • Service data: Services offered, pricing, duration, categories
  • Financial data: Bank account details for payouts, tax information
  • Business performance data: Booking analytics, revenue, customer metrics

Special Categories of Data

Some services may require collecting sensitive information such as:

  • Health-related information for spa, wellness, or medical aesthetic services
  • Allergy information for beauty or treatment services
  • Physical characteristics relevant to the service (e.g., hair type, skin type)

This information is collected with your explicit consent and is only shared with the specific business providing your service.

5. Who We Share Your Information With

We do not sell your personal data. We may share your information with:

Partner Businesses

When you book an appointment, your relevant booking information (name, contact details, service preferences, booking notes) is shared with the business you're booking with so they can provide the service.

Skhedio Platform Services

To provide our services, Skhedio uses trusted third-party providers to deliver:

  • Subscription payments: Secure payment processing for Partner subscriptions (via Stripe)
  • Email notifications: Booking confirmations, reminders, and communications
  • SMS reminders: Appointment reminders and notifications
  • Maps and location: Business location display and directions
  • Security: Bot protection and spam prevention
  • Image hosting: Business photos and profile images
  • Authentication: Secure sign-in via Google, Facebook, or Apple

Legal & Regulatory

We may disclose information when required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our terms and policies

6. Where We Store Your Information

Your data may be stored and processed in:

  • Cloud Infrastructure: Our primary data is stored on secure cloud servers provided by MongoDB Atlas and Vercel
  • Payment Data: Payment information is processed and stored by Stripe in their PCI-compliant environment
  • Backups: Regular backups are maintained in geographically distributed data centers

We ensure that any international data transfers comply with applicable data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCCs).

7. How We Protect Your Information

We implement comprehensive security measures to protect your personal data:

Technical Measures

  • Encryption in transit: All data transmitted using TLS/SSL with HTTP Strict Transport Security (HSTS)
  • Encryption at rest: Passwords securely hashed, sensitive data encrypted in database
  • Secure authentication: OAuth 2.0 with Google, Facebook, and Apple sign-in options
  • Session protection: HttpOnly, Secure, and SameSite cookie policies
  • CSRF protection: Cross-site request forgery prevention on all forms and API calls
  • Rate limiting: Protection against brute-force attacks on login and signup
  • XSS prevention: Content Security Policy headers and input sanitization
  • Data isolation: Multi-tenant architecture ensures your data is separated from others
  • Input validation: All user inputs validated before processing

Security Headers

  • X-Frame-Options to prevent clickjacking
  • X-Content-Type-Options to prevent MIME sniffing
  • Referrer-Policy to control information leakage
  • Content Security Policy to prevent code injection

Organizational Measures

  • Strict data access policies and audit logging
  • Incident response procedures
  • Regular security assessments
  • Session invalidation when passwords are changed

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

8. Payment Processing

Important: Skhedio does not collect, store, or process payment card information. All payment processing is handled entirely by our third-party payment provider (Stripe).

When you subscribe to Skhedio as a Partner (business):

  • Your payment card details are entered directly on Stripe's secure payment page
  • Skhedio never sees, receives, or stores your card number, CVV, or full card details
  • Stripe is PCI DSS Level 1 certified, the highest level of payment security certification
  • Skhedio only receives confirmation of successful payment and a reference ID for billing records

Payments Between Clients and Partners

Skhedio does not process payments between Clients (end users) and Partner businesses. Payment for services booked through Skhedio is handled directly between the Client and the Partner business at the time of the appointment (in-person, cash, card, or other payment methods accepted by the business). Skhedio is not involved in these transactions.

9. External Sites & Services

Our Services may contain links to external websites or integrate with third-party services:

  • Social Media: Links to business social media profiles
  • Maps: Integration with Google Maps for business locations
  • Authentication: Sign-in options via Google, Facebook, or Apple
  • Reviews: Links to external review platforms

These external services have their own privacy policies, and we encourage you to read them. We are not responsible for the privacy practices of external websites or services.

10. How Long We Keep Your Information

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active accounts: Data is retained while your account is active
  • Booking records: Retained for 5 years after the appointment for legal and tax purposes
  • Transaction records: Retained for 5 years as required by New Zealand financial regulations
  • Marketing data: Until you withdraw consent or request deletion
  • Analytics data: Aggregated data may be retained indefinitely

After Account Deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we're required to retain it for legal, tax, or audit purposes. Some information may persist in backups for a limited period.

11. Aggregated Data

We may aggregate and anonymize your data for statistical analysis and research purposes. Aggregated data cannot be used to identify you and may be used for:

  • Industry benchmarking and trends
  • Service improvement and feature development
  • Research and statistical analysis
  • Marketing materials and case studies (without identifying information)

This aggregated, anonymized data is not considered personal data under data protection laws and may be used without restriction.

12. Your Rights

Under applicable data protection laws, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances

Right to Restrict Processing

Request that we limit how we use your data

Right to Data Portability

Request your data in a structured, commonly used format

Right to Object

Object to processing based on legitimate interests or for marketing

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@skhedio.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

13. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

Essential Cookies

Required for the website to function properly. These cannot be disabled.

  • Authentication and session management
  • Security features
  • Load balancing

Analytics Cookies

Help us understand how visitors interact with our website.

  • Page views and navigation patterns
  • Device and browser information
  • Performance monitoring

Functional Cookies

Enable enhanced functionality and personalization.

  • Remembering your preferences
  • Language settings
  • Recently viewed businesses

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

14. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@skhedio.com. We will take steps to delete such information.

For bookings involving minors (under 18), a parent or guardian must create the account and make bookings on their behalf.

15. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Certifications: Service providers with relevant certifications

By using our Services, you consent to the transfer of your data to these countries with appropriate safeguards in place.

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.

When we make material changes:

  • We will update the "Last updated" date at the top of this Policy
  • We will notify you via email or through a prominent notice on our Services
  • For significant changes, we will provide at least 30 days' notice before they take effect

We encourage you to review this Policy periodically to stay informed about how we protect your information.

Questions About Your Privacy?

If you have any questions about this Privacy Policy or how we handle your personal data, please don't hesitate to contact us.

Email: info@skhedio.com

Data Protection Officer: info@skhedio.com

By using Skhedio, you acknowledge that you have read and understood this Privacy Policy. For our Terms of Service, please visit our Terms of Service page.