JIVIQ ("we", "us", "our") provides scheduling, booking, and workspace tooling for service professionals. This policy explains what we collect, why, how we use it, and the rights you have over your data. If anything here is unclear, write to support@jiviq.com.
1. Information we collect
We collect only what we need to run the service:
- Account data — name, email, phone, password hash, business name, locale, timezone.
- Business data you create — services, availability, bookings, client records, notes, payments metadata.
- Usage data — IP address, device type, browser, operating system, pages visited, timestamps. Used for security, rate-limiting, and product analytics.
- Payment data — handled by our PCI-DSS-compliant Merchant of Record, Paddle. We do not receive or store full card numbers on our servers.
- Communications — email or in-app messages you send to support.
IP-derived location. When you visit jiviq.com, your IP address is read transiently and passed through a MaxMind GeoLite2 database held locally on our servers in Mumbai (asia-south1) to derive an approximate country and city. The IP address is never stored, logged, or persisted — only the derived country and city are retained; we store no latitude or longitude and perform no reverse geocoding to a street address. Your IP address is never transmitted to MaxMind or any other third party. We use this derived location for service security, fraud and abuse prevention, and basic aggregate product analytics, on the basis of our legitimate interest under Article 6(1)(f) GDPR (we have carried out a balancing test, available on request); we do not use it for any solely-automated decision producing legal or similarly significant effects about you. Your right to object (Article 21 GDPR): email support@jiviq.com and we will record a suppression preference so your future visits are not geo-stamped, confirming within 30 days. We retain the derived country and city for 12 months from the event date, after which we delete or anonymise them. For individuals in India, see “Data Protection & Grievance Redressal” below.
2. How we use your data
- To operate the service (create accounts, process bookings, send reminders).
- To secure the service (detect fraud, abuse, and unauthorized access).
- To improve the product (aggregated, anonymized analytics).
- To communicate with you about your account, outages, and material changes to the service.
- To comply with legal obligations.
We do not sell your personal data. We do not share your client lists with third parties for their own marketing.
3. Legal bases (GDPR)
Where GDPR applies, we rely on: contract (to deliver the service you signed up for), legitimate interest (to secure and improve the service), consent (for marketing emails, which you can opt out of anytime), and legal obligation (tax, audit, law enforcement requests).
4. Sub-processors
We use a small set of trusted sub-processors to run the service:
- Google Cloud Platform — infrastructure (Cloud Run, Cloud SQL, Firebase Hosting & Auth). Data primarily stored in asia-south1 (Mumbai).
- Paddle.com Market Ltd — Merchant of Record for subscription billing, payment processing, and tax handling.
- ZeptoMail (Zoho Corporation) — transactional email delivery (OTP, team invites, future booking reminders).
- Google Gemini API — AI processing for the in-product assistant features, only when those features are used.
Each sub-processor that processes personal data on our behalf is bound by a data-processing agreement. We will update this list before engaging any new sub-processor; material changes are notified by email or in-product banner. Customers who require a signed DPA with JIVIQ can request one via support@jiviq.com.
Licensed data sources (no personal data shared)
- MaxMind, Inc. (51 Pleasant Street, Suite #1020, Malden, MA 02148, USA) — provides the GeoLite2 City database, a binary lookup file we license and host. Any IP-to-geography lookups are performed locally within our own infrastructure using this file; MaxMind receives no personal data and acts as a data licensor, not a processor. Our relationship is governed by the GeoLite2 End User License Agreement. This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
5. International transfers
Your data may be processed in countries other than the one you reside in. When data leaves the EU/EEA or UK, we rely on Standard Contractual Clauses or equivalent safeguards.
6. Retention
We retain account and business data for as long as your account is active. If you close your account, we delete or anonymize personal data within 90 days, except where law requires longer retention (for example, tax or audit records).
7. Your rights
You have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Most of this can be done directly in the product. For anything else, email support@jiviq.com from your account address and we'll respond within 30 days.
You also have the right to lodge a complaint with a data-protection supervisory authority — in the EU/EEA, the authority in your country of residence, place of work, or where the alleged infringement occurred; in India, the Data Protection Board of India. We'd welcome the chance to address your concern first at support@jiviq.com.
8. Children
JIVIQ is not intended for anyone under 16. We do not knowingly collect personal data from children. If you believe a child has given us their data, contact support and we will delete it.
9. Security
We use encryption in transit (TLS) and at rest, principle-of-least-privilege access controls, and continuous monitoring. No system is perfectly secure — if we learn of a breach that affects you, we will notify you without undue delay.
10. Cookies
We use strictly necessary cookies for authentication and session management, and privacy-respecting analytics cookies. You can clear cookies at any time via your browser.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email or in-product notice at least 30 days before they take effect.
12. Data Protection & Grievance Redressal (India — Digital Personal Data Protection Act, 2023)
For individuals in India, you can raise any question or grievance about how we handle your personal data under the Digital Personal Data Protection Act, 2023, with our Data Protection Officer:
- Data Protection Officer
- Email: support@jiviq.com
We will acknowledge your grievance within 7 working days and respond within the period required under the Act and its rules. Please raise any grievance through this mechanism first; if it is not satisfactorily resolved, you may complain to the Data Protection Board of India established under the Act. Where our processing relies on your consent, you may withdraw it at any time, as easily as you gave it (withdrawal does not affect processing already carried out).
13. Contact
This service is operated by Stratus Labs (registered address: C4 602, Edenn Towers CHS, Pune 411057, India), which is the data controller / Data Fiduciary responsible for your personal data.
Questions, requests, or complaints: support@jiviq.com.