Privacy Policy
What we collect
We collect only what's needed to schedule and remind you about appointments:
- Your Telegram identity (user ID, optional username, language preference)
- Optional contact details you choose to share with your provider (name, phone, email)
- Your booking history with the provider you booked with
- Records of consents you've accepted, with the version and the locale they were shown in
- Anonymized usage and performance metrics via Vercel Analytics and Speed Insights — no cookies, no cross-site tracking
We do not collect biometric data, location, financial information, identification document numbers, or any other sensitive personal data.
How we use it
- To run your bookings. Confirmations, reminders 24h and 2h before the appointment, cancellation notices.
- To let your provider see their schedule and contact you about the bookings you've made with them.
- To generate periodic invoices (optional, provider-side feature; weekly by default, schedule configurable) — your service entries appear on their PDF for tax purposes.
- To improve the service — we look at aggregate metrics like page load times and which features are used. We never see your individual booking content in that data.
We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.
Who can see your data
- Your provider — they see the bookings you've made with them, plus any contact info you shared.
- You — via
/privacyin the Telegram bot, you can see what we hold and request export or deletion. - Technical providers strictly required to deliver the service: Telegram (message delivery), Resend (transactional email), Google Calendar (only when you've enabled two-way sync), Railway and Vercel (hosting).
- Nobody else. We do not have a marketing list, advertiser network, or analytics broker.
How long we keep it
- Active bookings — for as long as you have an active account with the provider, plus 3 years after your last booking with them, after which we auto-delete.
- Cancelled or completed bookings — same 3-year retention from the date they ended.
- Consent records — as long as required by applicable law to demonstrate consent (typically 5 years).
- You can request earlier deletion at any time via
/privacyin the bot.
Your rights
You can:
- Access the data we hold about you
- Correct it
- Request export in a portable format
- Request deletion (some records — like consent logs — may be retained for legal compliance, but the personal data is removed)
- Withdraw consent at any time (which means we can no longer process new bookings for you)
To exercise any of these, open /privacy in the bot and tap the relevant action, or email us at the address in Contact.
How we secure it
- Telegram authentication via the official bot API
- TLS everywhere
- Encryption at rest for sensitive fields like Google OAuth refresh tokens
- Role-based access (only the provider sees their clients; admins see only their own data)
- Audit logging of consent and data access events
Contact
For privacy questions, email privacy@zhamly.com. The data controller is Zhamly, based in Yerevan, Armenia.
This policy may be updated as the service evolves. The version + effective date at the top of this page identifies the current edition. We'll re-prompt you for consent inside the Telegram bot when the change is material.