Privacy Policy
Last updated: June 8, 2026. We believe legal policies should be readable. Here is a clear, human breakdown of how we handle data.
1. The Golden Rule: You own your data
Your business listings, staff rosters, services, appointment history, and client records belong entirely to you. We do not sell, rent, share, or monetize your database in any way. Our job is simply to provide the software that helps you run your business.
2. Who is who in this agreement
When you use Rozx, we handle data in two different ways:
- Your account data: We act as the Data Controller for the information you give us to run your account (like your login email, business name, and billing details).
- Your clients' data: You act as the Data Controller for all data you upload about your clients, staff, and bookings. We act strictly as a Data Processor. We host this data and process it only to make your schedules, checkouts, and CRM work.
3. What we collect and why
We collect only what is necessary to run the platform and keep your account secure:
- Account Information: Your name, email, phone number, and business details. We use this to set up your workspace, contact you about updates, and verify your identity.
- Billing Details: Payment card details are sent directly to our payment processors (Stripe or Razorpay). We do not store raw card numbers on our servers.
- Client Booking Records: When your clients book an appointment, we save their name, phone, email, and booking time. We only use this to update your calendars, send them confirmations, and keep your business records organized.
- Usage Data & Logs: We track anonymous interface actions (like which buttons are clicked) to debug errors and improve layout navigation.
4. Vetted third parties we share data with
We use a few trusted infrastructure providers to power Rozx. Here is the list of who they are and what they do:
| Service | What they handle | Compliance & Location |
|---|---|---|
| Supabase / AWS | Database hosting, storage, and encrypted backups. | Mumbai (India) / US East, SOC 2 |
| Stripe / Razorpay | Processing your subscription billing securely. | Global / India, PCI-DSS Level 1 |
| Twilio | Sending SMS notifications and reminders to your clients. | Global network, HIPAA-compliant pipeline |
| PostHog & Clarity | Anonymized usage analytics to trace UI bottlenecks and load speeds. | EU/US hosted, IP masking enabled |
5. How we keep your databases secure
We design our infrastructure around data isolation:
- Schema Isolation: Every business account runs inside separate database environments. This prevents cross-tenant data leaks.
- Encryption: All database data is encrypted at rest using AES-256 standards, and all web connection traffic is encrypted in transit via SSL/TLS 1.3.
- Regular Backups: Automated database snapshots are taken every 24 hours, encrypted, and saved across multiple servers to prevent data loss.
6. What happens when you leave us
You are free to leave at any time. If you decide to cancel your subscription:
- You can download a complete CSV or SQL export of all your client profiles, services, and appointment histories directly from your dashboard settings.
- We retain your database for exactly 14 days after cancellation so you can retrieve your records. After that, your workspace is permanently deleted from our live servers.
- If you sign up for a free trial and do not upgrade, we delete your database 30 days after the trial expires.
- System backup copies of your data are completely overwritten and purged within 90 days.
7. Compliance & Rights
We respect user rights globally, matching requirements from Europe's GDPR, California's CCPA, and India's Digital Personal Data Protection Act (DPDPA 2023). You and your clients can request to view, edit, or delete any personal details we hold.
If you have any questions or want to request data deletion, email us at legal@rozx.in. If you are a client of a business using Rozx, please contact that business directly, as we cannot access or delete your records without their authorization.