Effective from: February 4, 2026. Last Modified: February 4, 2026.

Privacy Policy

Introduction

This Privacy Policy (“Policy”) describes the privacy practices for XolApp’s websites (including all subdomains, the “Sites”) and the XolApp web application, appointment booking, invoicing, payments, communications, and related services (the “Services”), which are owned and operated by XolApp (“we,” “our,” or “us”). This Policy applies to our collection, use, and disclosure of your information from our Services, including visitors to the Sites and users of the Services. This Policy is incorporated into our Terms of Service.

By accessing or using the Services, you accept the data practices described in this Policy. If you do not agree, please discontinue use immediately. This Policy does not address the privacy practices of third parties; please review their policies before disclosing information to them.

We may revise this Policy from time to time. We will update the “Last Modified” date at the top when we do. By continuing to use the Services after changes take effect, you agree to the revised Policy. We may also provide “just-in-time” notices about data practices for specific features.

Our relationship to you

To understand our data protection obligations and your rights, it helps to know which relationship you have with us.

Users are registered users of the XolApp Services (paid, free, or trial). We have a “data controller” relationship with Users regarding their own personal data.

Clients are individuals who do business with a User through XolApp (e.g. booking appointments, receiving invoices). We collect and process Client data on behalf of Users as a “data processor.” Clients should direct privacy requests (access, correction, deletion) to the User they do business with. We will assist Users in honouring those requests.

Visitors are individuals who access our public Sites or submit data via contact forms, demo sign-up, blog, or similar. We have a “data controller” relationship with Visitors.

We may refer to Users, Clients, and Visitors collectively as “you” where the context applies.

Personal data

“Personal Data” means information that could identify an individual, directly or indirectly, including but not limited to name, email address, phone number, postal address, IP address, notes, and similar data.

We may create anonymous or aggregated records from Personal Data for our business purposes. Once anonymised or aggregated, such information is no longer Personal Data and we may use, share, and retain it as we see fit.

By registering for or using the Services, Users and Visitors acknowledge the collection, transfer, storage, processing, and disclosure of their Personal Data as described in this Policy. By interacting with XolApp Services offered by a User (e.g. booking, invoices), Clients acknowledge that we process their Personal Data on behalf of that User. Users are responsible for protecting Client data and complying with applicable data privacy laws in relation to their Clients.

How we use your information

We may use the information we collect to:

Personalise your experience and respond to your needs
Improve our Sites and Services based on feedback and usage
Provide customer service and support
Process transactions (including via third-party payment and communication providers)
Share with our current or future affiliated entities where relevant to our operations and your use of the Services
Send you service-related and, where permitted, marketing communications
Comply with legal obligations and enforce our Terms of Service

Security

We implement measures designed to protect your Personal Data from accidental loss and from unauthorised access, use, alteration, and disclosure. Data you provide is stored on infrastructure operated by our service providers using industry-standard security controls. Our Sites use SSL for data in transit. We do not directly store, process, or transmit credit or debit card data; payment processing and collection of payment account data are handled by third-party providers (e.g. Stripe) that are required to comply with PCI DSS and applicable rules for electronic funds transfers.

We cannot guarantee the security of information transmitted over the internet. Any transmission is at your own risk. You are responsible for keeping your password confidential and for securing your device. If you believe your account has been accessed without authorisation, please contact us immediately (see Contact us).

Cookies and tracking

We may use cookies, web beacons, pixel tags, and similar technologies to operate, secure, and provide our Services. This can include information such as the page served, time, browser type, referring page, and content viewed. We use strictly necessary and functional cookies as part of our web application. For more detail, see our Cookie Policy.

Email and marketing

We may send billing information, product information, service updates, and service notifications by email. Non-essential marketing emails will include clear instructions to unsubscribe. You may also contact our support team to be removed from marketing lists.

We share Personal Data in accordance with your consent and as described below. By using the Services, Clients consent to their Personal Data being shared with us and with the User they do business with.

We work with third parties who help us provide the Services (e.g. hosting, email and SMS providers, customer support, analytics). We disclose only the information necessary for the purpose of the service and require them to treat Personal Data in accordance with applicable privacy laws. We do not sell your Personal Data for monetary or other valuable consideration.

We may share User or Visitor Personal Data with our current or future affiliated entities. We do not share Client Personal Data with affiliates. In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred subject to confidentiality restrictions. We may disclose Personal Data without notice or consent where required by law, including to public authorities for national security or law enforcement, or to protect our or others’ vital interests or to investigate violations of our Terms of Service.

Data retention

We retain Personal Data for as long as necessary to serve the purposes for which it was collected and for a reasonable time thereafter, or as required by law, to resolve disputes, or to enforce our agreements.

Services usage: We retain Personal Data for as long as a User remains active and for a reasonable period after, or until you request deletion, subject to legal or legitimate business needs (e.g. transaction history, legal claims, audit).

Client data: We store Client data on behalf of Users for as long as there is a valid business reason, which may be indefinite. Users control how long Client data is kept in our systems.

Site activity: We may retain information about your activity on our Sites for as long as we deem necessary or until you request deletion, including for legal, audit, or security purposes.

Marketing: We retain marketing contact information until you unsubscribe or request deletion; we may add unsubscribed contacts to a suppression list.

Cookies: Information collected via cookies and similar technologies may be retained up to one year from expiry or collection, unless a different period applies to specific cookies.

Third-party products and services

We may include or offer third-party products or services (e.g. payment processors, communication providers). If you use them, you agree that we may provide your information to those third parties. They have their own privacy policies; we are not responsible for their content or activities.

Account access for support

To resolve support issues and ensure a good user experience, you consent to us accessing and administering your account when required and where we have a legitimate business purpose. If you do not wish us to access your account, you may notify us in writing; doing so may limit our ability to provide troubleshooting.

International transfer

We and our service providers may operate in or transfer data to countries outside your jurisdiction (e.g. the United States, Australia, or other hosting locations). Privacy laws there may differ from yours. By using the Services, you consent to the transfer, storage, and processing of your information in those locations. If you do not want your information transferred or processed outside your country, you should not use the Services.

Your rights

Users and Visitors (with whom we have a data controller relationship) may have the following rights, to the extent required by applicable law. Clients should contact the User they do business with to exercise rights over their data; we will assist Users in responding.

Access: You may request a list of Personal Data we process by submitting a written request to the contact below.

Rectification: You may correct Personal Data we hold by contacting us or, where available, by updating your account settings.

Erasure/deletion: You may request that we delete your Personal Data by submitting a written request. Note: deleting your Personal Data may result in loss of access to your account and Services. We may retain certain information for recordkeeping or legal compliance. For complete removal from our systems, a written request is required; in-app deletion may only restrict viewing or use.

Data export: You may request a copy of your Personal Data in a portable format by submitting a written request.

We will process requests within 30 days where practicable. We may need to verify your identity. We reserve the right to retain verification information for compliance purposes.

Your choices

You may access parts of our Sites without providing Personal Data, but some features require it. You have the following choices:

Consent: Where processing is based on consent, you may withdraw consent at any time to the extent required by law.

Deactivation/cancellation: You may deactivate or cancel your account via your account settings or by following the process described in our Terms of Service or support documentation.

Marketing opt-out: You may opt out of marketing communications by using the unsubscribe link in emails or by contacting us. Service-related or transactional communications may not offer opt-out.

Cookies: You can manage or block cookies via your browser settings or our Cookie Policy / cookie preferences where offered.

Children

Our Services are not directed to individuals under 18. You may not use our Services if you are under 18 (or the applicable age in your country). If you are under 18, a parent or guardian may need to consent on your behalf where permitted by law.

California residents (CCPA)

This section applies to California residents with whom we have a data controller relationship. Clients must contact the User they do business with to exercise these rights; we will assist Users.

We do not sell Personal Data for monetary or other valuable consideration. California residents may have the right to: know what Personal Data we collect and process; request correction; request deletion; request a portable copy; and opt out of “sale” or “sharing” (as defined under CCPA) if we engage in such activities in the future. You may submit requests to the contact below. We will not discriminate against you for exercising your privacy rights. We may verify your identity and California residency before fulfilling requests.

Other US state privacy rights

Residents of states with comprehensive privacy laws (e.g. Colorado, Connecticut, Oregon, Texas, Utah, Virginia) may have additional rights, including the right to know, data portability, delete, opt out of sale or targeted advertising, correct, and nondiscrimination. Clients should contact the User they do business with; we will assist Users. To exercise your rights, contact us using the information below. We will respond within the timeframes required by applicable law (e.g. 45 days, with possible extension for complex requests). Where required, we will provide information on how to appeal a decision.

Designated countries (EEA, UK, Switzerland)

This section applies if you are in the European Economic Area, United Kingdom, or Switzerland. We are a data controller for Personal Data we collect directly from Visitors and Users. We are a data processor for Client data processed on behalf of Users; processing is governed by our agreements with Users.

Our legal bases for processing (as controller) include: performance of a contract or steps prior to a contract; legitimate interests (e.g. improving our Services, security); consent where we ask for it; and compliance with legal obligations. You may withdraw consent at any time; you have the right to access, rectification, erasure, restriction of processing, objection, and data portability where applicable. You may lodge a complaint with a supervisory authority in your country (e.g. UK ICO: ico.org.uk/make-a-complaint; EU: see EDPB members). For questions or to exercise your rights, contact us at the details below. We may have appointed a data protection officer or EU/UK representative; contact details will be provided on our Sites or upon request.

Australia

We adhere to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) in relation to the collection, use, disclosure, storage, and security of your Personal Information. “Personal Information” has the meaning given in the Privacy Act. We typically do not collect “sensitive information” as defined there; if we do, we will use it only for the primary purpose or with your consent or as permitted by law. The categories of data we collect, how we use it, and your rights are described elsewhere in this Policy. Your information may be transferred to service providers overseas (e.g. in the United States); we take reasonable steps to ensure they handle your information in accordance with the APPs. If you have a complaint, please contact us first; if you are not satisfied, you may refer the matter to the Office of the Australian Information Commissioner (oaic.gov.au).

Contact us

For privacy requests, questions about this Policy, or to exercise your rights, contact us at: privacy@xolapp.com. You may also contact us at the address or contact details published on our website for the jurisdiction in which XolApp operates. We will respond to valid requests within the timeframes required by applicable law.

Please ensure you provide sufficient information for us to verify your identity and process your request.

Features

Pricing

Payments

Demo

Blog

About Us

Contact

Features

Pricing

Payments

Demo

Blog

About Us

Contact

Table of contents

Privacy Policy

Introduction

Our relationship to you

Personal data

How we use your information

Security

Cookies and tracking

Email and marketing

Data retention

Third-party products and services

Account access for support

International transfer

Your rights

Your choices

Children

California residents (CCPA)

Other US state privacy rights

Designated countries (EEA, UK, Switzerland)

Australia

Contact us

Table of contents

Table of contents

Privacy Policy

Introduction

Our relationship to you

Personal data

How we use your information

Security

Cookies and tracking

Email and marketing

Sharing of personal data

Data retention

Third-party products and services

Account access for support

International transfer

Your rights

Your choices

Children

California residents (CCPA)

Other US state privacy rights

Designated countries (EEA, UK, Switzerland)

Australia

Contact us